Versions Compared

Old Version 2

changes.mady.by.user Glenn Huang

Saved on

compared with

New Version Current

changes.mady.by.user Matt Wilkinson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

DAC can normally be installed without administrator access to the default location on a Microsoft Windows server platform. The application does need write access to the installation directory and its sub-directories.

...

Prerequisites for the DAC Agent

Installing the DAC Client involves:

1. Downloading the Installer (Windows Only)

2. Changing the Permissions for Network Service

3. Change the RDP Server Certificate path

A. Private Key - NETWORK SERVICE Permissions

The Remote Desktop Host Services runs under the NETWORK SERVICE account. Therefore, you have to set the system access control list (SACL) of the key file that is used by RDS to include NETWORK SERVICE together with the "Read" permissions.

To change the permissions, follow these Windows Server-specific steps on the Certificates snap-in for the local computer:

Step

Screenshot

Click Start, click Run, type mmc.exe, and then click OK.

Image Modified

On the File menu, click Add/Remove Snap-in.

Image Removed
Image Added

In the Add or Remove Snap-ins dialog box, on the Available snap-ins list, click Certificates, and then click Add.

Image Modified

In the Certificates snap-in dialog box, click Computer account, and then click Next.

Image Modified

In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.

Image Modified

In the Add or Remove Snap-ins dialog box, click OK.

Image Modified

In the Certificates snap-in, on the console tree, expand Certificates (Local Computer), expand Personal, and then select the SSL certificate that you want to use.

Image Modified

Right-click the certificate, select All Tasks, and then select Manage Private Keys.

Image Modified

In the Permissions dialog box, click Add. In the Select Users or Groups dialog, in the Enter the Object Names to select type ‘NETWORK SERVICE’, and click Check Names to validate the entry, and click OK to add the User. Then, you will see the NETWORK SERVICE.

Check to ensure the Read permission for Network Service is checked to Allow checkbox, and then click OK.

Image ModifiedImage Modified

While here double-click at the Certificate click on details, scroll down, and extract the Thumbprint of the certificate.

Image Modified

B. Change RDP Server Certificate

Set the RDP Server Certificate with the hash/thumbprint of the certificate that you extracted in the prior step.

Step

Screenshot

Click Start, click Run, type

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT OF CERTIFICATE"

Image Modified