====== Windows - Secure Windows Remote Desktop Services ======

secpol.msc > Local Policies > User Rights Assignments > double-click "Allow Log on through Remote Desktop Services" > remove Administrators and Remote Desktop Users > Add a customized group and/or users

gpedit.msc > Computer Configuration > Adminstrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session host > security > change these settings:

  * Set client encryption level = High
  * Require secure RPC communication = Enabled
  * Require use of specific security layer for remote (RDP) connections = SSL
  * Require user authentication for remote connections by using Network Level Authentication = Enabled