Configure Security Settings for Remote Desktop(RDP) Services Connections
catalogue
. Configure Server Authentication and Encryption Levels
. Configure Network Level Authentication for Remote Desktop Services Connections
. Configure Client Logon Information for Remote Desktop Services Connections
. Configure Permissions for Remote Desktop Services Connections
. SSL模式下记录RDP来源IP
1. Configure Server Authentication and Encryption Levels
此策略设置指定是否需要使用一个特定的安全层在远程桌面协议(RDP)连接期间保护的客户端和 RD 会话主机服务器之间的通信吗,如果启用此策略设置,客户端和 RD 会话主机服务器的远程连接期间的所有通信都必须都使用此设置中指定的安全方法。可用的是下列安全方法
. 协商(默认设置): 协商方法强制执行的客户端程序支持的最安全方法
) 如果客户端支持传输层安全(TLS)版本 1.0,它用于 RD 会话主机服务器验证身份(这种情况下system event log里未记录登录失败者的来源IP)
) 如果客户端不支持 TLS,将采用RDP安全层进行加密
. RDP security: RDP 方法使用本机 RDP 加密安全客户端和 RD 会话主机服务器之间的通信,在这个模式下,system event log里正常记录登录失败者的来源IP,我们可以通过syslogevent事件回调实时获取登录失败事件
. SSL: SSL 方法要求使用 TLS 1.0 对会话主机服务器进行身份验证。如果不支持 TLS,则连接将失败
对应注册表项如下
RDP security
Registry Hive HKEY_LOCAL_MACHINE
Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value Name SecurityLayer
Value Type REG_DWORD
Value 协商
Registry Hive HKEY_LOCAL_MACHINE
Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value Name SecurityLayer
Value Type REG_DWORD
Value SSL
Registry Hive HKEY_LOCAL_MACHINE
Registry Path SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value Name SecurityLayer
Value Type REG_DWORD
Value
By default, Remote Desktop Services connections are encrypted at the highest level of security available. However, some older versions of the Remote Desktop Connection client do not support this high level of encryption. If your network contains such legacy clients, you can set the encryption level of the connection to send and receive data at the highest encryption level supported by the client.
Four encryption levels are available.
. FIPS Compliant: This level encrypts and decrypts data sent from the client to the server and from the server to the client by using Federal Information Process Standard (FIPS) - validated encryption methods. Clients that do not support this level of encryption cannot connect.
. High: This level encrypts data sent from the client to the server and from the server to the client by using -bit encryption. Use this level when the RD Session Host server is running in an environment containing -bit clients only (such as Remote Desktop Connection clients). Clients that do not support this level of encryption will not be able to connect.
. Client Compatible(默认设置): This is the default setting. This level encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this level when the RD Session Host server is running in an environment containing mixed or legacy clients.
. Low: This level encrypts data sent from the client to the server by using -bit encryption. Data sent from the server to the client is not encrypted.
在默认情况下,在未配置的情况下由server和client协商使用最安全的通讯协议进行rdp登陆(协商模式),而协商的结果和client和server的os版本有关
gpedit.msc 打开 计算机配置->管理模板->windows组件->远程桌面服务->远程桌面会话主机->安全
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlIAAAEMCAIAAACA0c8+AAAgAElEQVR4nO29z2srW5qm6z/iwBn0oLmj27MzaMicXMjBHVwoCO4qyCSbpqgqEKIGTTtNDTIxht5saDigdmMMbdy4BGU86QQb0lIXdt9Eygw5oUIcSzgtlcthnNLBtXBLgVDoqEJq9crI4LuD+KFPy9KWtnPb2tr7ffgGtiyHwk8sxeu1VoTW2hpYKf41AACAP4Jln8XBe7LsBgMAAKvN+HxqCgP10RYOE6+k+S59Tz6Ggg3YgJD3EoLYW43CYeKFdzJswAaEPFsIYm81CoeJF97JsAEbEPJsIYi91SgcJl54J8MGbEDIs4Ug9lajcJh44Z0MG7ABIc8WgthbjcJh4oV3MmzABoQ8WwhibzUKh4kX3smwARsQ8mwhrxJ7+QYREclW+G26MCQiIlXNmMIwxWbHISIaFg1pKyIalTOLbfmgNyAir5d9OUepu4uGGlBIMJDO/nr0o3RG1tu+Sn5Ua7zkoULs8cI7GTZgA0KeLeRVYi9dGhEReb19wxSGeWIHYVbIgikMUxz3FRG1O1sfW+yl7use6Xi9bMoUKdlUk4/Hof4yhdjjhXcybMAGhDxbyOsMcma6LhHR6CJlCmOcJcp+EIa5XVFENKjdv/dmXzj2dithsvn146u0YW0d98Jun1u5Fbnwb1DljCUMa+vAkTZi79UK72TYgA0IebaQV5rbe7AVEfn1g3hIsz1yicjtbhtmURIRNXOmMFoyGu0cR1r+zBsQEQWydCsMUxjX+dpIhY/UPB576T1HelE/UnnDiz0rHj718oYpUo4TZthe/EJeL2tc52ujZAyzecb3+S6MZ7dymzyYrfkU7na4exQ41v1W6hUOFWKPF97JsAEbEPJsIa91SUuYbY51FU7sOaVG3QsTLkyXsCP4JPZUwIYSvbxhvrVGU0YdDVO8CROOobx8NErp1/fMuH9GTskKN67sh+TBaJyywPc53Bm/fsAejGYlvbxxW3aT3/Nl6W7jZQ8VYo8X3smwARsQ8mwhrxV7W2FcNeSJHYQXs+QbRBTYxy0Zd/umxB759uFlOtNxowS6qbpERINaY8OwtuMpw2w8Ukpud3/dFOsN24tiLJxHlAUzW/PJ88O0C+caZcGKYkwNy8e3G/o+z4491T8xTJG6yVeGcU+RBrX79AsKROzxwjsZNmADQp4t5NVuYAhjzPWaXhQbYRC6DW8QT/JNHeTMGmY8HejXD5Iv2Da9XjYefkwmCI/sgIgGtbuwPzeoPVZdoka37hG53fOaTzQqb5oidV9POm1qVD2w2D7fPx3k3I3DdTt5Wuomb/uU7PZLFWKPF97JsAEbEPJsIa93396DreJBy/Cix71e0lWKRxcXjD1ySjdp43I/DCHe22t3did7e9GUnjtyiGTByjeIaOS0eXRZWzsP1XZApF+NGWYnKVWdvKTFKV2JvY5de9zdtIRhbZ15CrH3qoV3MmzABoQ8W8jrxZ4VTu8RkWNdCcMUhmxGD4zKm+Fz5sZeHEWcmXN7/ZOUKYxoXDQcWY1upUj6hdFcXfwb9uS9d1NvYHC72WT3OG1n6wXtIfZ44Z0MG7ABIc8W8nqxF3fIxrNl1kU7yq396DnzY0+k7qOemRpVSxM3MGwcdpIrOQftXj4TjVhGl1+GT4u6mIF9bArDFFFHjaJb0Z9ek7l+dyGTe9J9pya3w+dsStv1if/u+jO1LFaIPV54J8MGbEDIs4W8Yuyh/ojCYeKFdzJswAaEPFsIYm81CoeJF97JsAEbEPJsIYi91SgcJl54J8MGbEDIs4Ug9lajcJh44Z0MG7ABIc8WgthbjcJh4oV3MmzABoQ8WwhibzUKh4kX3smwARsQ8mwhiL3VqLmH6XK/NBzEd1oob3iRMYVhbrCP5ybly9LNxN0g0zYVriMYb8c7z1hPnmPtl+JPZQs/8vu1bcx9J38wG9sFL9nO9FtcPnIbT28wjW4imv6HT1M0ucHU1e5xp+lGn/k35RXfyHp4ixEFTk2+/cxtzH3C5yWEvzF9p9LYWI4QxN5q1JzDFK+RxBuuKXa67uSjg9r93BN9dJtjgtvdnXxCOudNvJjqH722jTmx93I29A80+PhtvNd5bbqiiQ0mHzpB089rt9XJTTilq8/YxvwnfGZCWnJyC82zpfybiNhbjXr3YYo+iUY15IZhivXb85pXPog/H0B5+XVTGJe7Z72mtcCJ3vLqZ7cbhhl/Arj2oWtX5TYRkWPdpNcfJdH43v/Xq3fH3oe0EZe1bSmip4sJf/w24sM6+aG1U//wGYomtlOUNGj3mu6M81q4ZLTy8uvWfi36vMCX/PSij9vGAk/4zIS0bOlkNy1hXOYbwdTgfBUhiL3VqHcfpuTzbvrnO5fJ4/Ensfn2GV9fYsETfbJCoRZ74f9r0efJ5RtERG7lyVjHy9a738kvYCN1dWL7NKW39/HbiGqR89oMRVMq/Kf+6XltvxZaehBGsri0l/9cbSz+hM9NCHvFu2UIQeytRs05THyoTSUfzJaSzfGjo3ruJm2YC8fedVEGYZ9pckEl9gFyU94tr1Nz3skf1Mb4c1lVu5vV5/ZWwIaYvm/T/vDpiqbUrPPa5KtMyPkMbSz+hM9NSDoaXFXVnaUIQeytRs0/TBt7TjiTTESkhsU3pjBMsX530VDJ547KwvVCsbfeqIabcnsreqL/cDb4x5H7zbPrVbQxbd9m/OFTFE3Z2mcRe3+0jcWf8DkJsbbPvME7f/3lhXyUsRcOFsWL8I2PCjUen7OUa6bjEJHqv+5gy4etRQ/Txl7HUUTa6MH6XTm8uM7r7c890b95bHpERIPG4/aUCxejYb2L1PhIxUtqvFot9E7+MDaiutyN3qvakN3K2Fj0vDZF0ZQnLBR74SBnuCbzZ2lj8Sd8NkKsbEUpIlKj6uHlO/bnhYV8lLGXPvNCp9nokegiBVl41mU/n0HsndeGF4fXG4Yp1m/jBejvxVlPlhpvw/nn8dqE7z7RW8lU84z/MKJj4Vg36Tfh5N8C04QfuOa8kz+cjbGWreP+YErfZQVshLXQeW26oilbm3ley3lE0SUt0b+qsvWcf1U/DRsLP+FzERJdCzq6eLMUFYmQjzL2RCr8J1pVM6YwTLHZia6tmNL5+ExqzmHi1w2H4w/2ob6aIEVXZDxZRHDi6sQHW7v4n4bFZLbM7ew+vT3gyR0OL19z3skfzob+UyVbW6tmI6wZ57XJP3y6opmGo/PaTsclIuXlU5PTP0REQTP3yleof0w2pj7hM24eW9ZI2wKu5OQVrUkbjReFutvOlmGmx/dLBvEoXDSFUC4MFZEsmG9zPSe5DKHxOLl0n8XulxyvsRcfdXne8ImI1PBiCXOt76g5hyk7cXd2PNt8MHFvabxY4LtP9PqNNU9jTxjX+doofDXV7uWX8I/bnHfyh7Nxw1ZbHLeW1bIROVnkvDZd0ZR6x4k+vefIaMu+LN29blfvo7Mx5QmfsRD9nmDEnlbR/wWylTbMEzugMAI3W1I9tRaeqYNwplUWkkXbk6M1jr23T/7dCK9UDI+HUmzp9oZcugRWH+lhWlItOrf3eRRswAaEvJeQjzX24oFNLx/93zEqb8b3S7ad7ZS5Ef7H7fX24w6KW7lLG5cb61EKSuthN1zxfBx70UyMW7nbMMyNw/FsTbwCe/9oPb4xecaw9ZLqYz1Myym8k2EDNiDk2UI+2tiLIiqwC12XiNzu9tPPzYrCaeJqOmFY2VrSJQycyn16HHvaPG3DVkTk1/cm+/gTg6IfSX20h2kphXcybMAGhDxbyMcbe1HfbuD5FH/yRfgZENR2om5cVFNuD0pv3p5UwhmXYfFJb8+xbjem9fYQeytSeCfDBmxAyLOFfMSxxz75NL6k88lnocqC+ST2Ji/KUP2jd8/t2Q9pxN6KFd7JsAEbEPJsIR9z7CVXE7GLwvlVmuSp6qH5JPYem+Or+IYXe9ZkjF0eWWzli/hiJMTeShXeybABGxDybCEfdeyhksJh4oV3MmzABoQ8WwhibzUKh4kX3smwARsQ8mwhiL3VKBwmXngnwwZsQMizhSD2VqNwmHjhnQwbsAEhzxaC2FuNwmHihXcybMAGhDxbCGJvNQqHiRfeybABGxDybCGIvdUoHCZeeCfDBmxAyLOFIPZWo3CYeOGdDBuwASHPFoLYW43CYeKFdzJswAaEPFsIYm81CoeJF97JsAEbEPJsIYi91SgcJl54J8MGbEDIs4Ug9lajcJh44Z0MG7ABIc8WgthbjcJh4oV3MmzABoQ8WwhibzUKh4kX3smwARsQ8mwhiL3VKBwmXngnwwZsQMizhayB1eJfAwAA+CNY9lkcvCfLbjAAALDaLPssDt6TZTcYAABYbcan0aUPuaLeUclhsoFtwwYHNjiwoQEhGoi9lSm0XQ5scGCDAxsaEKKB2FuZQtvlwAYHNjiwoQEhGoi9lSm0XQ5scGCDAxsaEKKB2FuZQtvlwAYHNjiwoQEhGoi9lSm0XQ5scGCDAxsaEKKB2FuZQtvlwAYHNjiwoQEhGh8s9u7rHsmzxZ/s1w+WHiSrVWi7HNjgwAYHNjQgRGNu7KVaknhE3VRdGtTukyfkGxPfLjP23nQc8usHVrznsqmCZs4SB70BxSi/eXaTnvJn3lfbARERBU7lfsoTll9ouxzY4MAGBzY0IERjfm/v6qJNbuUm+naz4xCR292Ofvpgq8A+ft8z+Ev19nYritzurmEKw8rWfCVbW4YpDnoDr5c1TGFc7p71B6SqO/ovblcUtZ3tlJnOdBwaFpcfcoi9dwMbHNjgwIYGhGjMjz1zyxpRu7OVfN3wJI3Km6YIE4W8vGEKI+kUtiT59VLXUURESrbeRtu5ztdGioiIXLvTjGMvnXlsemE3iwbS2U+F/ct4+5muS6qaMYVhiuO+crvbbDvUeJwWqIFTuhYHvYEaXbyJdzKKPVMY1kWbZGFK7KmGTBumeNNxlJfXf+tjKLRdDmxwYIMDGxoQorFA7IlM16VhMWUKwypKkoXrcptkwYo6SbKV1mOPVLuzv26mM45D1MyZwjC3SiPy+vmMJVJXJzVF4ZNTD7Yit/awlTLTm/flNim7IYyrZPtb1kipwClZwjCzNX9Quxc5j7z+0frMeEgf9AZqKNuBU7qOHpwIsHDjT34xdV/3aOCqgTe82LOe/NbHUGi7HNjgwAYHNjQgRGOR2DPu616YXrJJo/KmuV1R1JBhCjrWldBjbzyAGc/83VTdKMmEYQrjwVZ+/cAUOY94tBz0Bqp/YvDt+/XaUDWkMK7K7cA+NsVhX9GovHc5Ox6uyy6R6h/xzYavkrraLQ2VGhY39V85b/iDdr9s9R1Fri3fGma6EL7u0tMOsTcV2ODABgc2NCBEY6HYM7M1X9kP8TBjkk+ymYxAzoi9qIumT+bF3xaGJFvshVoynFeLgko2vf7JZsdR/ZNUS4Zjj4a1XxoOiCjplk3WVmGoPK/pklu5HcdeckXLtN/aKo1U24kGY8NuX+2x6vr24dKjDrE3C9jgwAYHNjQgRGOx2BPHfeX1LuwgzpL7uufXrb4a99XeHXt3dY+aZ8k1lo9Nint70RUocT6p/olhCuPBVqpa6Lv2gzBuqq6qFvoqGk0N63LfGk106cLabEkV2Mfh1Zuj8pS5vSl1ZAcTF6O+aUlF1Hj8yK7nRNvlwAYHNjiwoQEhGgvGniGbFCg1zrMTO1AqUPZD/IR3x56Zrfnk9U42LZG6ydtKRXN7sqkCt5LM7Y3jJ98IBp4K5wWzNX/g+fFoalQbh/34apqkrooyiK5MMawTO6CwDzcv9rZKI1LDi51LYZjpzdvz2kipQKnhRcYSKeujCT+0XQ5scGCDAxsaEKKxaOyZ+QZR1BUzhWGKnEfEb12YE3sidVeW0Y1x0npMxjzTe470KLphribjyz7NdGFI0XU0pjjuq2Q09cyLLuNUo3rumu/hVmFy3i4lm4qiqzrnXJxyna+N4oFQ3204++tWtjJSROT19pcfeIi9p8AGBzY4sKEBIRoLxx5q2YW2y4ENDmxwYEMDQjQQeytTaLsc2ODABgc2NCBEA7G3MoW2y4ENDmxwYEMDQjQQeytTaLsc2ODABmcRG4/FYmvGj1pnxX96id1aHhCigdhbmXrOqe3GOip8vfnLrzd//asXa0LLATY4sMGZZ+Ob/ub/TWtr9Cf/2dF/dN39+k9obS1IH83KgFUEQjQQeytT739qu/r5//iztVOxdvpnm9YLtqGlABsc2ODMs3H93V9/RWtrtLZGf/pfnInHv0dra7T2RfDXP/+U+jcQooHYW5l631Pb9d9//dWpWDsVX/3yly/ahpYCbHBgg7OAjfGJPvjx3zi2bdvf/HP6q0/yFG9DyBMQeytT73dq+8eLr/Ni7VSs5b7+xT+8cCNaBrDBgQ3OYjbYiT799f/68Sd7irch5AmIvZWp9zq1XZf+wxenYu30h39eunrpNrQUYIMDG5yFbbDBvU/3FG9DyBMQeytTc9vu9fXVN7+9uv5H27bjf+fz2eIrNqbXBDY4sMFZ/J+Af/rFZjA+y/9fo19cv8LuvT4QooHYW5ma03a/+a/fOxVrp+KL/35Y/Pv/9K9OxdrpD9MX9ddtTq8HbHBgg7PgWf6ffrH5hy/WaG2NvvpeEH7xxad5oocQDcTeytTctlss/vsvwrPb6Q8/7X/n7QXeybDBgQ2N8Sn+X/zpsGj/rvhf/H/xyZ7oIUTjg8Xefd0jebb4k/nye6hFaoG2e/Xz83+zdirC+tNfX75eO3p1YIMDG5y5Nsan+C/+ZBjn/+++Ofr9V5/miR5CNObGXmpiRYVwnXS+Ol28fvp7ncFfKvbSe07T9aMVGtqdd6668CFfdNoiEtf52ihcLELJzn5q9oM7rfjXfadyP3udo4VGKuq5dC48tf30b377Wo1oGcAGBzY4c2xc/2L0Pf0UH//o5//7e1/Q2hr9H3/93Sd0nocQjfm9vauLNrmVm+jbzY5DROEa64YpjAdb8eWHlht7sqkCWbrdMEyxfnte6+Q/8PanV9by6me3G4aZzjhSUbhG4FZhSJ6Xz1hivVH3oqXepz4ozrp27iZtmBuHvcF4tfpnxp5t2/9w9c1vr65vXqX5LA/Y4MAGZwEbv/nnv/5z/RQfcn32v/58s//NS+3bUoAQjfmxZ25ZI2p3tpKvG56kUTlc1u6gF6/1OrneXqnrqLBP03ra+3HtTjNZby/z2PTCdfhoIJ39VNi/jLef6bpJEhz3ldvdZtuhxuPkrrYkjS5S+v6nM49Nb3KJvsKQPK/a8In8Vjughoyf/GBHS+leHlWiV4n2Klwpt92rtgOiYXFGBBYlDWp3wrCKkpJ1cdNnHnm9/ekPLv7fwKKnts8D2ODABgc2NCBEY4HYE5muG634ahUlycJ1uU2yYAnD3K4okq20Hnuk2p39dTOdcRyKez+lEXn9fMYSqauTmqJodfUHW5FbS1ZXJ2U3hHGVbH/LGikVOCVLJCvW5jzy+kfrU3f1uigD5fbOdy7Zgw1bBY51t2FY2zlvoLx8yhSFIVEgSzdpwxSHfZWs0n7cV253l+/t+l25HYTdsmzNJ/Lrh5czYin8cwL78EmA7fUGNCxOfzD59cvdM++dy+Gi7XJggwMbHNjQgBCNRWLPuK97YXrJJo3Km+Z2RVFDTvZppq+uHs/83VTdKMkmOlU5j/iJ/qA3UP0Tg2/fr9eGqiGFcVVuB/ZxmFKj8t6s7LnOV4YDItXu5TOWMEyR88jt7o7/kMA+NkVhyFaKjx80zBM7cCs34d42z+K9LQzDzm625ie93mmZd3Mhg0Hj8a2hSxBGS9KwOP3BSG/YGS0fzM5UxN4EsMGBDQ5saECIxkKxZ2ZrvrIf4mHGJJ9kczwXNT32oi6aPnwXf1sYkmyxF4qT4KA38HpZQza9/slmx1H9k1RLqrBPZu2XhgMi8oYXe9b0HU7d5GtKqWHxTdixm0AWwkHOcdzuVpSyH5JQH+dQgtfLhrE3sbfjSmcem57vWHcbWq5PdOymPphsxNo66DgqaOZm/FGIvQlggwMbHNjQgBCNxWJPHPeV17uwo+G+KLesvhqHx7tj767usf5T6rFJcW9v3BUb9/aE8WArVS30XftBGDdVV1ULfRWNpoZ1uW+NSPWPZvaNrIt2nHBPu2iTsSd2uq7qn+Q81Xa2DFMYd0n/T8v+6bH3piW9UXkigyd6t+kzj9zu9vQH9ZeYfVks2i4HNjiwwYENDQjRWDD2DNmkQLHOyokdKBUo+4F11N4Re2a25pPXO9m0ROombysVze3JpgrcSjK3FyQn/XwjGHgqnBfM1vyB5ycXg4S1cdgfJHNyUWp2ZaN19OZSGObGjiNV0MxFLxFd3jkr9ozbqus77SDJpN2KivZ2fuxZRUnh7COvrdIo2sJ6o+6RU7qa9eB5pR9ORsb7jN7eIsAGBzY4sKEBIRqLxp6ZbxCbDzNFziPiXaI5sSdSd2UZXrEZSOsxGfOccdObmS4MKbqOxhTHfZWMpp550WWcyWWZSaXuLqQf/9SXpbuwd5g+iC4rDW/m254Se+Z2RRF55+OrQK/PG378O74dp++02Js+Isq2MHEz39MHs9bo6T4j9uYBGxzY4MCGBoRoLBx7qGUX2i4HNjiwwYENDQjRQOytTKHtcmCDAxsc2NCAEA3E3soU2i4HNjiwwYENDQjRQOytTKHtcmCDAxsc2NCAEA3E3soU2i4HNjiwwYENDQjRmIg9AAAA4JMHsQcAAOAzArEHAADgMwJze6tRyWEiQAQbHNjgwIYGhGgg9lam0HY5sMGBDQ5saECIBmJvZQptlwMbHNjgwIYGhGgg9lam0HY5sMGBDQ5saECIBmJvZQptlwMbHNjgwIYGhGgg9lam0HY5sMGBDQ5saECIBmJvZQptlwMbHNjgwIYGhGh8sNi7r3skzxZ/8nhNvpevalFSvC786hbaLgc2OLDBgQ0NCNGYG3upiWVjhXFTdSlZA10YZr4x8e0SY+/IDki2JpZpPewrbQX2J5W3fXfx/X/z2IwWlfWbZ9eL/hZi78MDGxzY4MCGBoRozO/tXV20ya3cRN9udhwicrvb0U8fbMXXWF9m7ImD3iBZkN0whWGe2IGyG+/+raJ8j9jON2hgNzYMcyPnKa+3j9hbGrDBgQ0ObGhAiMb82DO3rBG1O1vJ1w1P0qi8mSRN2J1KOoUtSX691HUUEZGSrbfRdq7ztZEiIiLX7jTj2EtnHpteEO7LQDr7qbB/GW8/03VJVTOmMExx3Fdud5tthxqPk7t6W3XJKV3F38pmtEv3dY9kwRSGtV8aDsLfdbv7xn3dS0QMi4a5W/DccNNqVD2wpsaea10Lw0wf9wduZ9swRWFIsoXYe3VggwMbHNjQgBCNBWJPZLpu1IuyipJk4brcJlmwhGFuV1Q8rshjj1S7s79upjOOQ9TMmcIwt0oj8vr5jCVSVyc1ReGTUw+2Irf2sJUy05v35TYpuyGMq2T7W9ZIqcApWcIwszV/ULsXOY+8/tH69F3drihqO2FCp888cru7Bou9TNel0UVmIs94b69oDy8OrtLG5ZHtsx4tqzeOowLX9QftXv6NKRB7SwM2OLDBgQ0NCNFYJPaM+7oXppds0qi8aW5XFDVkmIKOFfauJnt78QBmPPN3U3WjJBOGKYwHW/n1A1PkPPJ62eSFDnoD1T8x+Pb9em2oGlIYV+V2YB+H03Wj8t7l9F3d7DhRT9E6byRjs3HsbToO+c3cDZ//mz7IedAb8B0LK3VfbfsD2b2oDAcUONZd2jCzNX88AozYez1ggwMbHNjQgBCNhWLPzNZ8ZT/Ew4xJPslmMgI5I/aiLpo+mRd/q3eVWpKGxXHqyKbXP9nsOKp/kmpJFY6mxgOV3vBi7+k4ZDwTuek4NLrYHMe2LJjCMN/meo4iUqN67vpp7L3NdaXrKxUQET2JvSM7GNTuo8h805IqkCWnqZJXQey9JrDBgQ0ObGhAiMZisSeO+8rrXdhBfBvAfd3z61ZfjbPh3bF3V/eoeRanVOoxmnXLJeOQcR9L9U8MUxgPtlLVQt+1H4RxU3VVtdBXE1dpXu5bI1L9oye7mi4Mye1mS6NktJPHnjBMYVjbOW8Qh+I49jJdl0bV47vtzPXGlN5e9aLNN2KmD3oDes37ItB2ObDBgQ0ObGhAiMaCsWfIJgVKjfPsxA6UCpT9ED/h3bFnZms+eb2TTUukbvK2UtHcnmyqwK0kc3tB0vHKN4KBp8J5wWzNH3h+PJoa1cZhfzD15oTUY5P8AU9ZPfbCSceon5pvkGrItGGKnEfKy6+bYv323Pan9vaiP8EwN940LqSvVEBe72jdTKemXP+C2HtJYIMDGxzY0IAQjUVjz8w3iKKumCnCkCB+68Kc2BOpu7IMr9gMpPWYjHmm9xwZXU4ZODUZX/ZppgtDSu5GOO6rZDT1zIsu42QDlZNlnTeIJhIxjr29rhv92b4s3aXjTptLRDQsGrcX0R6qutWfNrd3dyH9+NV9WZHbqevzhk9Er3JVC9ouBzY4sMGBDQ0I0Vg49lDLLrRdDmxwYIMDGxoQooHYW5lC2+XABgc2OLChASEaiL2VKbRdDmxwYIMDGxoQooHYW5lC2+XABgc2OAvZ+PbbmT+6nf2j1QRCNBB7K1PPObX93vl1eX/nN/s71eaLNaHlABucjzD2WjcnO7/Z3/lN8fb3r/3S82z0aOf/pbU1+vF/e/KjEf3tj2ltjX726xfdw1cGQjQQeytT739qG1ilv1w7FWunf7nzqZ3nn3Gih43XY3S3//1TsXYqvv8b+/VffZ6NEX39fVpbo7U1+otfTD7+A1pbo7Uv6WvrNXb0tYAQDcTeytT7ntpGv1vmqeelgQ3OxxV7o/rXebF2Ktby2as/LOH1F7DBTvR/dU5ERD362fc/yVM8QcgTEHsrU+93avuD/Nu/C089+1ejF25EywA2OB9V7H1b/vSiwm0AACAASURBVHdhr/rr36ml7MBiNtiJ/md/S3/1yZ7iCUKegNhbmXqvU9uotv3lqVg7/dFPaoOXbkNLATY4H1HsDcs/ORVrp+LLQnlZ/2AsbIOd6D/dUzxByBMQeytTc9vu6J8Hve8Goz8QUdy5+bv8t6/Xll4V2OAsOfZGg953g96IaNzV+3d/+z+Xsy/0XjaudthZ/v+hT3IoAEKegNhbmZrTduXJD8L/ss/Pv/1d9qtTsXb6o5/dLGeU6RWADc5SY6+5H/5XcfrT//Y/6zt5sXYqvvzV0rp6tLiNqx36co3W1uj7P4i++PLTPNFDiAZib2Vqbtv99vKnX4bn+tMffdqdG1rgnQwbr0f7/MenYfL96Mtld/VoQRvJKf5f/gV9S/TtL+hffrInegjR+GCxd1/3SJ4t/mS+/B5qkVqg7Q6sX/3btegEJP6i6s5+5soDG5wlxx7R6G73q1j12v9X7C1rP4hoERvJKf7LH9O38YO9X9P3P80TPYRozI291MSKCuE66Xw58nj99Pc6g79U7KX3nKbrh3+Zanf0JRRepmYsInGdr43CQTUlO/updz0YLeNANGg8vp35Qgud2obVn4XXjp++Pf/uZZrMxwFscJYee/yfjL/67ZKvG5pjY3RFP3hyio9+ZNEPvqS1Nfo/v6ZP6DwPIRrze3vxeuXht5sdh4jCNdYNUxgPtuLLDy039mRTBbJ0u2GYYv32vNaZshrfC1TW8upntxuGmc44UlG4RuBWYUiel89YYr1R96LVaKc/WBqR1z/ZtNIZ2fTIKV3NeKFFT22jQe+7wejVPxrjlYENzkcQe0R/UL3vBr3hMnchZAEbLfr6J/opPmR0Sz/ZoeV2Vz80EKIxP/bMLWtE7c5W8nXDkzQqb5rCMMVBL17rdXK9vVLXUURESrae9n5cu9NM1tvLPDa9cJU7GkhnPxX2L+PtZ7pustLecV+53W22HWo8Tu5qS9LoIqXvfzrz2Ax7Y8kSfYUheV614RP5rXZADRk/+cGOltK9PKpErxLtVbhSbrtXbQdEw+KMCCxKGtTuhGEVJSXr4qbPPPJ6+9MfZEsSTn797Nj7PIANDmxwYEMDQjQWiD2R6brRiq9WUZIsXJfbJAuWMMztiiLZSuuxR6rd2V8PFzGPez+lEXn9fMYSqauTmqJodfUHW5FbS1ZXJ2U3hHGVbH/LGikVOCVrHAk5j7z+0frUXb0uykC5vfOdS/Zgw1aBY91tGNZ2zhsoL58yRWFIFMjSTdowxWFfJWvSHveV293le7t+V24HYbcsW/OJ/Prh5YxYCv+cwD409e7sXm9Aw+L0B810zlOel8+Evb2gmZu1UDvaLgc2OLDBgQ0NCNFYJPaM+7oXppds0qi8aW5XFDXkZJ9m+urq8czfTdWNkmyiU5XziC9iftAbqP6Jwbfv12tD1ZDCuCq3A/s4TKlReW9W9lznK8MBkWr38hlLGKbIeeR2d8d/SGAfm6IwZCvFxw8a5okduJWbcG+bZ/HeFoZhZzdb85Ne77TMu7mQQTw5p02ItiQNi9MfNIVxcy7juT35uD1r+4i9CWCDAxsc2NCAEI2FYs/M1nxlP8TDjEk+yWYyAjkj9uJRO20yL/62MCTZYi8UJ8FBb+D1soZsev2TzY6j+iepllRhn8zaLw0HROQNL/ZmdIxSN/maUmpYfBN27CaQhXCQcxy3uxWl7Ick1MOYn8DrZcPYm9jbcaUzj03Pd6y7DS3XJzp2Ux+08o1g0HjcXTfF+u15w1cNmUbszQc2OLDBgQ0NCNFYLPbEcV95vQs7Gu6Lcsvqq3F4vDv27uoe6z+lHpsU9/bGXbFxb08YD7ZS1ULftR+EcVN1VbXQV9FoaliX+9aIVP9oZt/IumjHCfe0izYZe2Kn66r+Sc5TbWfLMIVxl/T/tOyfHntvWtIblScyeKJ3mz7zyO1uT39QNnkXcDxXith7N7DBgQ0ObGhAiMaCsWfIJgWKdVZO7ECpQNkPrKP2jtgzszWfvN7JpiVSN3lbqWhuTzZV4FaSub0guaAj3wgGngrnBbM1f+D5ycUgYW0c9vWEOOjKRuvozaUwzI0dR6qgmYteIrq8c1bsGbdV13faQZJJuxUV7e382LOKksLZR15bpVG0hfVGPb4+c9qDN2WXeG+P3M6McU60XQ5scGCDAxsaEKKxaOyZ+Qax+TBT5Dwi3iWaE3sidVeW4RWbgbQekzHPGTe9menCkKLraExx3FfJaOqZF13GmVyWmVTq7kL68U99WboLe4fpg+iyUiJS7c72lNgztyuKyDsfXwU6vpeOlG/H6Tst9qaPiLItTNzMN+XBN7Lejuf22r38m1mHAG2XAxsc2ODAhgaEaCwce6hlF9ouBzY4sMGBDQ0I0UDsrUyh7XJggwMbHNjQgBANxN7KFNouBzY4sMGBDQ0I0UDsrUyh7XJggwMbHNjQgBANxN7KFNouBzY4sMGBDQ0I0ZiIPQAAAOCTB7EHAADgMwKxBwAA4DMCc3urUclhsoFtwwYHNjiwoQEhGoi9lSm0XQ5scGCDAxsaEKKB2FuZQtvlwAYHNjiwoQEhGoi9lSm0XQ5scGCDAxsaEKKB2FuZQtvlwAYHNjiwoQEhGoi9lSm0XQ5scGCDAxsaEKKB2FuZQtvlwAYHNjiwoQEhGh8s9u7rHsmzxZ/MlhRHLVRouxzY4MAGBzY0IERjbuylJpaNFcZN1aVkDXRhmPnGxLfLjL2D3kD76LWGfPLn3Ffb0Wq3TuU+vfwwQ+w9D9jgwAYHNjQgRGN+b+/qok1u5Sb6drPjEJHb3Y5++mArvsb6UmNvIt5kU6nqjv74dkVR29lOmelMx6Fhcflhhth7HrDBgQ0ObGhAiMb82DO3rBG1O1vJ1w1P0qi8aQoj7GB5ecMURtIpbEny66Wuo4iIlGy9jbZzna+NFBERuXanGcdeOvPY9MLuFw2ks58K+5fx9jNdl1Q1YwrDFMd95Xa32Xao8TgrJHYramA/PO3MbVeUasi0YYo3HUd5+fBP8HrZ5acaYu+9gA0ObHBgQwNCNBaIPZHpujQspkxhWEVJsnBdbpMsWGGKkGyl9dgj1e7sr5vpjOMQNXOmMMyt0oi8fj5jidTVSU1R+OTUg63IrT1spcz05n25TcpuCOMq2f6WNVIqcEqWMMxszR/U7kXOI69/tP7OhEg9NtWo/Gbqj+7rHg1cNfCGF3uWQOytKrDBgQ0ObGhAiMYisWfc170wvWSTRuVNc7uiqCHDFHSsK6HH3ngAM575u6m6UZIJwxTGg638+oEpch7xyDnoDVT/xODb9+u1oWpIYVyV24F9bIrDvqJRee/yHQmxW1Gq8Tht3u76vOEP2v2y1XcUubZ8a5jpQrj9pacaYu+9gA0ObHBgQwNCNBaKPTNb85X9EA8zJvkkm8kI5IzYi7po+mRe/G1hSLLFXqglw/m2qAcmm17/ZLPjqP5JqiXDMUnD2i8NB0SUdNf0atgqsA+n/BVbpZFqO9Gga9jtqz1WXX/qkz++QtvlwAYHNjiwoQEhGovFnjjuK693YQdu5XacW1Zfjftq7469u7pHzbM4pVKPTYp7e253N3mVuLcnjAdbqWqh79oPwripuqpa6KtoNDWsy31rRKp/9HRXD/leTdSRHUxcdPqmJRXR9H7hR1houxzY4MAGBzY0IERjwdgzZJMCpcZ5dmIHSgXKfoif8O7YM7M1n7zeyaYlUjd5W6lobk82VeBWkrm9cSzlG8HAU+G8YLbmDzw/Hk2NauOwH19NM1HJKz6trdKI1PBi51IYZnrz9rw2UipQaniRsUTK+ujDD22XAxsc2ODAhgaEaCwae2a+QRR1xUxhmCLnEfFbF+bEnkjdlWV0w5y0HpMxz/SeIz2KbqSryfiyTzNdGFJ0HY0pjvsqGU0986LLONWonrt+sp/hJOKsv+I6XxvF9/b5bsPZX7eylZEiIq+3v/xgQ+wtDmxwYIMDGxoQorFw7KGWXWi7HNjgwAYHNjQgRAOxtzKFtsuBDQ5scGBDA0I0EHsrU2i7HNjgwAYHNjQgRAOxtzKFtsuBDQ5scGBDA0I0EHsrU2i7HNjgwAYHNjQgRAOxtzKFtsuBDQ5scGBDA0I0EHsrU2i7HNjgwAYHNjQgRAOxtzKFtsuBDQ5scGBDA0I0EHsrU2i7HNjgwAYHNjQgRAOxtzKFtsuBDQ5scGBDA0I0EHsrU2i7HNjgwAYHNjQgRAOxtzKFtsuBDQ5scGBDA0I0Pljs3dc9kmeLP5kvv4dapNB2ObDBgQ0ObGhAiMbc2EtNrKgQLnHAV/aJ109/rzP4S8Vees9pun60QkO7M3XVvZd40WmLSFzna6NwsQglO/updz143oj2edB4fDvzhdB2ObDBgQ0ObGhAiMb83t7VRZvcyk307WbHIaJwjXXDFMaDrfjyQ8uNPdlUgSzdbhimWL89r3Wersb3EpW1vPrZ7YZhpjOOVBSuEbhVGJLn5TOWWG/UPQqX553+YGlEXv9k00pnZNMjp3Q144XQdjmwwYENDmxoQIjG/Ngzt6wRtTtbydcNT9KovGkKwxQHvXit18n19kpdR4V9mtbT3o9rd5rJenuZx6YXRH0d6eynwv5lvP1M101W2jvuK7e7zbZDjcfJXW1JGl2k9P1PZx6b3uQSfYUheV614RP5rXZADRk/+cGOltK9PKpErxLtVbhSbrtXbQdEw+KMCCxKGtTuhGEVJSXr4qbPPPJ6+9MfnFgX9x1r5D4v9m6so8LXm7/8evPXv3qxJrQcYIMDGxzY0IAQjQViT2S6brTiq1WUJAvX5TbJgiUMc7uiSLbSeuyRanf21810xnEo7v2URuT18xlLpK5Oaoqi1dUfbEVuLVldnZTdEMZVsv0ta6RU4JSscSTkPPL6R+tTd/W6KAPl9s53LtmDDVsFjnW3YVjbOW+gvHzKFIUhUSBLN2nDFId9lazSftxXbneX7+36XbkdhN2ybM0n8uuHlzNiKfxzAvvQ1Luze70BDYvTHzTTOU95Xj4T9vaCZs76YLF39fP/8Wdrp2Lt9M82rRdsQ0sBNjiwwYENDQjRWCT2jPu6F6aXbNKovGluVxQ15GSfZvrq6vHMX7joeXJCjztVOY+83ngG7qA3UP0Tg2/fr9eGqiGFcVVuB/ZxmFKj8t6s7LnOV4YDItXu5TOWMEyR88jt7o7/kMA+NkVhyFaKjx80zBM7cCs34d42z+K9LQzDzm625ie93mmZd3Mhg3hyTpsQbUkaFqc/aArj5lzGc3vycXvW9t879q7//uuvTsXaqfjql7980Ta0FGCDAxsc2NCAEI2FYs/M1nxlP8TDjEk+yWYyAjkj9uJRO20yL/62MCTZYi8UJ8FBb+D1soZsev2TzY6j+iepllRhn8zaLw0HROQNL/ZmdIxSN/maUmpYfBN27CaQhXCQcxy3uxWl7Ick1MOYn8DrZcPYm9jbcaUzj03Pd6y7DS3XJzp2Ux+08o1g0HjcXTfF+u15w1cNmf4QsfePF1/nxdqpWMt9/Yt/eOFGtAxggwMbHNjQgBCNxWJPHPeV17uwo+G+KLesvhqHx7tj767usf5T6rFJcW9v3BUb9/aE8WArVS30XftBGDdVV1ULfRWNpoZ1uW+NSPWPZvaNrIt2nHBPu2iTsSd2uq7qn+Q81Xa2DFMYd0n/T8v+6bH3piW9UXkigyd6t+kzj9zu9vQHZZN3AcdzpX9k7F2X/sMXp2Lt9Id/Xrp66Ta0FGCDAxsc2NCAEI0FY8+QTQoU66yc2IFSgbIfWEftHbFnZms+eb2TTUukbvK2UtHcnmyqwK0kc3tBckFHvhEMPBXOC2Zr/sDzk4tBwto47OsJcdCVjdbRm0thmBs7jlRBMxe9RHR556zYM26rru+0gySTdisq2tv5sWcVJYWzj7y2SqNoC+uNenx95rQHb8ou8d4euZ0Z45xz2+719dU3v726/kfbtuP/1/LZ4is2ptcENjiwwYENDQjRWDT2zHyD2HyYKXIeEe8SzYk9kbory/CKzUBaj8mY54yb3sx0YUjRdTSmOO6rZDT1zIsu40wuy0wqdXch/finvizdhb3D9EF0WWl4M9/2lNgztyuKyDsfXwU6vpeOlG/H6Tst9qaPiLItTNzMN+XBN7Lejuf22r38m1mHYE7b/ea/fu9UrJ2KL/77YfHv/9O/OhVrpz9MX9Rftzm9HrDBgQ0ObGhAiMbCsYdads39l61Y/PdfhM339Iefw/9rsJEAGxzY0IAQDcTeytTctmvbVz8//zdrpyKsP/315eu1o1cHNjiwwYENDQjRQOytTC3Qdm27nkvnwrb707/57Ws1omUAGxzY4MCGBoRoIPZWphZqu7Zt/8PVN7+9ur55leazPGCDAxsc2NCAEA3E3srUom338wA2OLDBgQ0NCNFA7K1Moe1yYIMDGxzY0IAQDcTeyhTaLgc2OLDBgQ0NCNFA7K1Moe1yYIMDGxzY0IAQDcTeyhTaLgc2OLDBgQ0NCNFA7K1Moe1yYIMDGxzY0IAQDcTeyhTaLgc2OLDBgQ0NCNFA7K1Moe1yYIMDGxzY0IAQDcTeyhTaLgc2OLDBgQ0NCNFYJPYOeoPx+gK+U7mPVjaYsXgCCrH38sAGBzY4sKEBIRoLxl60mI61ddBxKLAPTWGYWcurn91uGGY640hF4dp4KMTeqwAbHNjgwIYGhGi8X+yZ41XLJ59TlDSo3S07GD7tQtvlwAYHNjiwoQEhGu/b2zvuDdSwuDn5hNSDraIuIAqx9yrABgc2OLChASEaC8ZePLOn2t2TjDWZeTcXMhg0HjG3h9h7RWCDAxsc2NCAEI336e1t7DhSBbJwlfwonXlser5j3W0sPxU++ULb5cAGBzY4sKEBIRrvE3vCMNM5T6n+ScoUhinetKQ3Ku9ZH+i0jkLsLQ5scGCDAxsaEKLxnrEnjOtymwa1+7RhFSU5JWTeqxXaLgc2OLDBgQ0NCNF479gLp/pUdee+7tEE/DkoxN7LAhsc2ODAhgaEaCwSe6iPotB2ObDBgQ0ObGhAiAZib2UKbZcDGxzY4MCGBoRoIPZWptB2ObDBgQ0ObGhAiAZib2UKbZcDGxzY4MCGBoRoIPZWptB2ObDBgQ0ObGhAiMZE7AEAAACfPIg9AAAAnxGIPQAAAJ8RmNtbjUoOEwEi2ODABgc2NCBEA7G3MoW2y4ENDmxwYEMDQjQQeytTaLsc2ODABgc2NCBEA7G3MoW2y4ENDmxwYEMDQjQQeytTaLsc2ODABgc2NCBEA7G3MoW2y4ENDmxwYEMDQjQQeytTaLsc2ODABgc2NCBE44PF3n3dI3m2+JP9+sHSg2S1Cm2XAxsc2ODAhgaEaMyNvVRLEo+om6pLg9p98oR8Y+LbJcfem8dmtPit3zy7nvbn3FfbARERBU7lPr38MEPsPQ/Y4MAGBzY0IERjfm/v6qJNbuUm+naz4xCR292Ofvpgq8A+ft8z+AvF3tVFmwb2w1bK2s55AxpdbOrP2a4oajvbKTOd6Tg0LC4/zBB7zwM2OLDBgQ0NCNGYH3vmljWidmcr+brhSRqVw0Q56A3IyxumMJJOYUuSXy91HUVEpGTrbbSd63xtpIiIyLU7zTj20pnHphd2v2ggnf1U2L+Mt5/puqSqGVMYpjjuK7e7zbZDjcfZaTo9WbcrSjVk2jDFm46jvHz4J3i97PJTDbH3XsAGBzY4sKEBIRoLxJ7IdF0aFlOmMKyiJFm4LrdJFqwwRUi20nrskWp39tfNdMZxiJo5UxjmVmlEXj+fsUTq6qSmKHxy6sFW5NYetlJmevO+3CZlN4RxlWx/yxopFTglSxhmtuYPavci55HXP1qfuqtWvhEMGnI77O0pL5968pzUfd2jgasG3vBizxKIvVUFNjiwwYENDQjRWCT2jPu6F6aXbNKovGluVxQ1ZJiCjnUl9Ngbd7Pimb+bqhslmTBMYTzYyq8fmCLnEY+cg95A9U8Mvn2/XhuqhhTGVbkd2MemOOwrGpX3Lmck9KOM5/bk2c2TJ1yfN/xBu1+2+o4i15ZvDTNdCLe/9FRD7L0XsMGBDQ5saECIxkKxZ2ZrvrIf4mHGJJ9kMxmBnBF7URdNH3KMvy0MSbbYC7VkON8W9cBk0+ufbHYc1T9JtWQ4JmlY+6XhgIiS7lpSKdlUfvPsdsMwN3Yem17QzE08Yas0Um0nGnQNu321x6rr24dLjzTE3vsCGxzY4MCGBoRoLBZ74rivvN6FHbiV23FuWX017qu9O/bu6h41z+IQSj02Ke7tud3d5FXi3p4wHmylqoW+az8I46bqqmqhr6LR1LAu960Rqf4R38nJvmO25tNkN+7IDiYuOn3Tkoqo8bgi13Oi7XJggwMbHNjQgBCNBWPPkE0KlBrn2YkdKBUo+yF+wrtjz8zWfPJ6J5uWSN3kbaWiuT3ZVIFbSeb2xrGUbwQDT4XzgtmaP/D8eDQ1qo3Dfnw1TVyZjku8t0euNTHOuVUakRpe7FwKw0xv3p7XRkoFSg0vMpZIWR99+KHtcmCDAxsc2NCAEI1FY8/MN4iirpgpDFPkPCJ+68Kc2BOpu7KMbpiT1mMy5pnec+LZuMCpyfiyTzNdGFJ0HY0pjvsqGU0986LLONWontPvzHub6znx3B7fWlzX+dpoEP3lvttw9tetbGWkiMjr7S8/2BB7iwMbHNjgwIYGhGgsHHuoZRfaLgc2OLDBgQ0NCNFA7K1Moe1yYIMDGxzY0IAQDcTeyhTaLgc2OLDBgQ0NCNFA7K1Moe1yYIMDGxzY0IAQDcTeytRz2u7vnV+X93d+s79Tbb5YE1oOsMGBDQ5saECIBmJvZer92+7AKv3l2qlYO/3LnU+u6cIGBzY4sKEBIRqIvZWp9227o9/tf/9UrJ2K7//GftE2tBRggwMbHNjQgBANxN7K1Pu13T/Iv/07sXYq1vL7V6MXbkTLADY4sMGBDQ0I0UDsrUy9V9sd1ba/PBVrpz/6SW0w/9krCGxwYIMDGxoQooHYW5ma23ZH/zzofTcY/YGI4v/X/i7/7eu1pVcFNjiwwYENDQjRQOytTM1pu/LkB6di7VR8eX7+7e+yX52KtdMf/exGvW5zej1ggwMbHNjQgBANxN7K1Nx/2b69/OmXYfM9/dHn8P8abCTABgc2NCBE44PF3n3dI3m2+JP58nuoRWpu2yUaWL/6t2unIqy/qLqv145eHdjgwAYHNjQgRGNu7KUmVlQI10nnq9bF66e/1xn8pWIvvec0XT/8y1S7k/3Q25/1otMWkbjO10bhOIGSnf1wKQnD2vqPjWJtOGBKZ61B8ZzYIxpWf5YP2+7b8+9erNV8BMAGBzY4sKEBIRrze3tXF21yK/HCdZsdh4jCNdYNUxgPtuLLDy039mRTBbJ0u2GYYv32vNbJf+DtT6+s5dXPbjcMM51xpKJwjcCtwpA8L5+xxHqj7lG8PG9LqlE913H42kzTfv3ZsUdEo0Hvu8Ho96/RepYIbHBggwMbGhCiMT/2zC1rRO3OVvJ1w5M0Km+awjDFQS9e63Vyvb1S11FEREq2nvZ+XLvTTNbbyzw2vXAdPhpIZz8V9i/j7We6brLS3nFfud1tth1qPE7uakvS6CKl738689gMu1PJEn2FIXleteET+a12wBZhf7CjpXQvjyrRq0R7Fa6U2+5V2wHRsDgjAouSBrU7YVhFScm6uOkzb3I9P60D/fTX/6jY+zyADQ5scGBDA0I0Fog9kem60YqvVlGSLFyX2yQLljDM7Yoi2UrrsUeq3dlfN9MZx6G491MakdfPZyyRujqpKYpWV3+wFbm1ZHV1UnZDGFfJ9reskVKBU7JEsmJtziOvf7Q+dVevizJQbu9855I92LBV4Fh3G4a1nfMGysunTFEYEgWydJM2THHYV8kq7cd95XZ3+d6u35XbQdhXy9Z8Ir9+eDkjlsI/J7APTb07u9cbTCTljNgb/zpiby6wwYENDmxoQIjGIrFn3Ne9ML1kk0blTXO7oqghJ/s001dXj2f+bqpulGQTnaqcR15vPAN30Buo/onBt+/Xa0PVkMK4KrcD+zhMqVF5b1b2XOcrwwGRavfyGUsYpsh55HZ3x39IYB+bojBkK8XHDxrmiR24lZtwb5tn8d4WhmFnN1vzk17vtMy7uZDBoPH4dkqwteTc2Jv4dcTeXGCDAxsc2NCAEI2FYs/M1nxlP8TDjEk+yWYyAjkj9qIumj6ZF39bGJJsiYk8GBbD7Xu9rCGbXv9ks+Oo/kmqJVXYJ7P2S8MBEXnDiz1r+g6nbvI1pdSw+Cbs2E0gC+Eg5zhudytK2Q9JqIcxP4HXy4axN7G340pnHpue71h3G1quL9bbe/LriL25wAYHNjiwoQEhGovFnjjuK693YQfxpRn3dc+vW301Do93x95d3WP9p9Rjk+Le3rgrNu7tCePBVqpa6Lv2gzBuqq6qFvoqGk0N63LfGpHqH80MCeuiHSfc0y7aZOyJna6r+ic5T7WdLcMUxl3S/9Oyf3rsvWlJb1SeyOCJ3m36zGMXAT2JvSm/jtibC2xwYIMDGxoQorFg7BmySYFiPZgTO1AqUPbDk1P51NgzszWfvN7JpiVSN3lbqWhuTzZV4FaSub0guRci3wgGngrnBbM1f+D5yRUiYW0c9gfJnFyUml3ZaB29uRSGubHjSBU0c9FLRJd3zoo947bq+k47SIJqt6KivZ0fe1ZRUjj7yGurNIq2sN6oe+SU+M5zRdN/HbE3D9jgwAYHNjQgRGPR2DPzDWLzYabIeUS8SzQn9kTqrizDKzYDaT0mY56z7lpLF4YUXUdjiuO+SkZTz7zoMs7kssykUncX0o9/6svSXdg7TB9El5USkWp3tqfEnrldUUTe+fgq0Ovzhh//jm/H6Tst9qaPiLItPL0bjyua9euIvXcDGxzY4MCGBoRoLBx7qGUX2i4HNjiwwYENDQjRQOytTKHtbDNkGQAAAFJJREFUcmCDAxsc2NCAEA3E3soU2i4HNjiwwYENDQjRQOytTKHtcmCDAxsc2NCAEA3E3soU2i4HNjiwwYENDQjRmIg9AAAA4JMHsQcAAOAz4v8HkcFhbVw+HGIAAAAASUVORK5CYII=" alt="" />
若Client操作系统是Vista/Win7+,Server系统是Server2008以上,那么默认情况下都将会采用SSL方式验证
Relevant Link:
https://technet.microsoft.com/en-us/library/cc770833(v=ws.11).aspx
http://winintro.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_SECURITY_LAYER_POLICY&Language=zh-cn
https://rdpguard.com/windows-server-how-to-catch-failed-logons.aspx
https://technet.microsoft.com/en-us/library/cc770833(v=ws.11).aspx
https://technet.microsoft.com/en-us/magazine/ff458357.aspx
2. Configure Network Level Authentication for Remote Desktop Services Connections
3. Configure Client Logon Information for Remote Desktop Services Connections
4. Configure Permissions for Remote Desktop Services Connections
5. SSL模式下记录RDP来源IP
google上很多这种相似的问题,当用户配置SSL模式进行RDP验证,windows system eventlog就无法正常记录来源IP,这是因为
This is because client authenticating via network logon.
配置了SSL模式后,系统的验证将由网络验证模块完成,而不再通过RDP模块
0x1: 解决方法1
secpol.msc open Local Policies | Security Options set Network security: Restrict NTLM: Incoming NTLM traffic to Deny all accounts
0x2: 解决方法2
用ntlmssp api直接抓网络行为,因为RDP SSL是通过NTLM进行的网络层(4层)验证,并没有到应用层的RDP Services
0x3: 解决方法3
gpedit.msc 打开 计算机配置->管理模板->windows组件->远程桌面服务->远程桌面会话主机->安全
将远程(RDP)连接要求使用指定的安全层显式地修改为"RDP安全层"
0x4: wmi方式修改组策略
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetSecurityLayer(0)
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'")
0x5: 修改注册表
1. 导入注册表配置
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"SecurityLayer"=dword: //0代表RDP security
2. 用powershell修改注册表
Set-ItemProperty HKCU:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services SecurityLayer -type REG_Dword
Relevant Link:
http://serverfault.com/questions/399878/security-log-in-event-viewer-does-not-store-ips
http://wutils.com/wmi/root/cimv2/terminalservices/win32_tsgeneralsetting/#setsecuritylayer_methods
http://wutils.com/wmi/root/cimv2/terminalservices/win32_tsgeneralsetting/#setsecuritylayer_methods
http://www.2cto.com/Article/201505/402965.html
https://msdn.microsoft.com/en-us/library/aa383640(v=vs.85).aspx
http://wutils.com/wmi/root/cimv2/terminalservices/win32_tsaccount/vbscript-samples.html
http://www.gszadc.com/6509226.html
http://www.chipa.org/2015/11/remote-desktop-certificates-with-internal-enterprise-ca/
http://www.dotnetspider.com/attachments/Resources/16540-15624-wmi_terminalserver_scripts.htm
http://www.cnblackhat.com/Article/201512/132400.html
http://www.activexperts.com/admin/scripts/wmi/vbscript/0648/
https://gallery.technet.microsoft.com/Powershell-script-to-9d66257a
http://www.lazywinadmin.com/2014/04/powershell-getset-network-level.html
http://www.serhatakinci.com/index.php/windows-rdp-guvenligi.html
Copyright (c) 2016 LittleHann All rights reserved
Configure Security Settings for Remote Desktop(RDP) Services Connections的更多相关文章
- [官网]Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) ★★★★★ https://blogs.technet.micro ...
- Windows组件:打开MSDTC,恢复Windows TaskBar,查看windows日志,打开Remote Desktop,打开Services,资源监控
一,Win10 打开 MSDTC 1,Win+R 打开运行窗口,输入 dcomcnfg,打开组件服务窗口 2,在组件服务 catalog下找到 Distributed Transaction Coor ...
- win7:Remote Desktop Services 启动失败
背景: 其他PC使用mstsc远程某win7 pro sp1,一直失败. 分析: 影响远程桌面应用的设置有两个: 1. 计算机远程设置中,启用“允许远程协助连接这台计算机”,且远程桌面设置正确.如选择 ...
- Microsoft Remote Desktop 通过 .rdp 文件登录
最近在淘宝上买了「市场洞察」子账号,说是子账号,其实是需要登录到他们的 Windows 服务器上才能用的.并且子账号也是 5-6 个人共用的,且不说远程服务器很老又有延迟,经常是我想添加一个监控店铺或 ...
- Azure Remote Desktop: "An error occurred while loading from file *.rdp"
Tonight I deployed a new cloud service where I needed remote desktop to check on some things. After ...
- Remote Desktop File Format
转自:http://engrmosaic.uncc.edu/mosaic-anywhere/remote-desktop-file-format The new Terminal Services c ...
- Running a Remote Desktop on a Windows Azure Linux VM (远程桌面到Windows Azure Linux )-摘自网络(试了,没成功 - -!)
A complete click-by-click, step-by-step video of this article is available ...
- remote desktop connect btw Mac, Windows, Linux(Ubuntu) Mac,Windows,Linux之间的远程桌面连接
目录 I. 预备 II. Mac连接Windows III. Windows连接Mac IV. Windows连接Ubuntu V. Mac连接Ubuntu VI. Ubuntu连接Mac VII, ...
- Connect to a Windows PC from Ubuntu via Remote Desktop Connection
http://www.7tutorials.com/connecting-windows-remote-desktop-ubuntu A useful feature of Windows is be ...
随机推荐
- 敏捷遇上UML——软创基地马年大会(深圳站 2014-3-15)
邀请函: 尊敬的阁下: 我们将在深圳为您奉献高端知识大餐,当敏捷遇上UML,会发生怎样的化学作用呢?首席专家张老师将会为您分享需求分析及软件设计方面的最佳实践,帮助您掌握敏捷.UML及两者相结合的实战 ...
- [转]CTO、技术总监、首席架构师的区别
经常有创业公司老板来拜访我,常常会拜托给我一句话:帮我找一个CTO. 我解释的多了,所以想把这个写下来,看看你到底需要的应该是啥. 一.高级程序员 如果你是一个刚刚创业的公司,公司没有专职产品经理和项 ...
- 从零自学Hadoop(04):Linux准备下
阅读目录 序 搭建环境 系列索引 本文版权归mephisto和博客园共有,欢迎转载,但须保留此段声明,并给出原文链接,谢谢合作. 文章是哥(mephisto)写的,SourceLink 序 我们已经准 ...
- W3School-CSS 伪类 (Pseudo-classes) 实例
CSS 伪类 (Pseudo-classes) 实例 CSS 实例 CSS 背景实例 CSS 文本实例 CSS 字体(font)实例 CSS 边框(border)实例 CSS 外边距 (margin) ...
- iOS实现用控制器作为弹框效果(modalPresentationStyle)
如图: 中间模块其实为一个正常vc控制器,一般我们present,都是采用默认style 但如果要实现这种,写法如下: navigationC.modalPresentationStyle = UIM ...
- C# DESC加密
DESC加密方法 直接上代码: 1.加密 /// <summary> /// 加密 /// </summary> /// <param name="obj&qu ...
- 报表软件JS开发引用HTML DOM的location和document对象
上一次提到,在报表软件FineReport的JavaScript开发中,可以访问并处理的HTML DOM对象有windows.location.document三种.这次就继续介绍后两种,locati ...
- 【读书笔记《Bootstrap 实战》】5.电子商务网站
构建了公司网站之后,接下来就可以考虑设计一个在线商店了. 此次的设计以上一章的设计为基础, 只是添加了一个包含如下元素的新页面: □ 包含商品小图.标题和说明的产品网格: □ 位于左侧的变懒,用于按类 ...
- px,em,rem
px:像素是相对于显示器屏幕分辨率而言的相对长度单位.pc端使用px倒也无所谓,可是在移动端,因为手机分辨率种类颇多,不可能一个个去适配,这时px就显得非常无力,所以就要考虑em和rem. em:继承 ...
- HDU 1848 Fibonacci again and again【SG函数】
对于Nim博弈,任何奇异局势(a,b,c)都有a^b^c=0. 延伸: 任何奇异局势(a1, a2,… an)都满足 a1^a2^…^an=0 首先定义mex(minimal excludant)运算 ...