步驟 1: 安裝 RDS-Knight 在您的電腦
安裝 RDS-Knight 非常簡單。
"C:\Program Files (x86)\RDS-Tools\RDS-Knight"資料夾 (只支援 64 位元作業系統)
免費試用版提供 14 天的完整功能試用。
步驟 2: 使用 RDS-Knight
您現在可以啟動 RDS-Knight 主程式 和開始設定 RDS-Knight 安全性功能，保護您的伺服器遠離來自內外的威脅。
RDS-Knight 只支援 64 位元的作業系統，只要能正常執行系統的硬體皆可。
RDS-Knight 與以下 OS 相容:
- Windows Server 2008 / 2008 R2
- Windows Server 2012 / 2012 R2
- Windows Server 2016
執行 RDS-Knight 安裝程式，接著遵循以下安裝步驟。
請注意，您必須以系統管理員身分執行這個安裝程式，預設 Windows 將自動顯示提示。
按一下 [Next] 接受授權合約。
安裝程式現在準備好安裝 RDS-Knight 在您的電腦。
按一下 [Install] 開始進行安裝。
免費試用版提供 14 天的完整功能試用。
按兩下桌面的「RDS-Knight」圖示來開啟 RDS-Knight，接著按一下 「設定和授權」 方塊。
按一下上圖中 [Activate License] 按鈕，並選取平穩或經銷商所提供或從我們的 Licensing Web Portal 所下載的 licenseXXX.lic 檔案。 授權啟用時，將顯示以下確認訊息:
若要啟動 RDS-Knight 介面，只要按兩下桌面的 RDS-Knight 圖示。
On this tile, you can allow access for users connecting from all countries, or decide to restrict the access to only specific countries.
Select the second button “Allow connections only from this list of countries”, and select the country/countries of your choice on the drop-down menu, they will be added to the list of allowed countries. Then, click on the “A pply now” button.
在這個範例，您將只允許來自台灣的使用者連線 (查詢 IP 網址: http://software77.net/geo-ip )。
當 IP 位址遭到封鎖時會顯示在右側清單，您可以視需要解除封鎖。
警告: please triple-check that you have at least included the country where you are currently connected from. Otherwise, your IP address will be blocked quite quickly after applying the settings, more precisely as soon as a new user session will be opened on the server, thus disconnecting you without any hope of connecting back again from the same IP. If you get blocked, we recommend that you try connecting from any country you allowed on RDS-Knight, for instance by connecting from another remote server. You can also use your console session to fix the settings, as this connection is not using Remote Desktop Services or any non-local network and will not be blocked by RDS-Knight.
這個軟體包含 MaxMind 建立的 GeoLite ，網址: http://www.maxmind.com。 如果您發現某些 IP 位址未登錄在正確國家，請直接連絡 MaxMind。
1) if this user has Working Hours Restrictions directly defined for himself, then these rules are enforced.
2) if this user does not have Working Hours Restrictions directly defined for himself, then RDS-Knight will load any existing Working Hours Restrictions for all the groups of this user, and keep the more permissive rules. For instance if a first group has a rule to block the connection on Monday, a second group has a rule to authorize the connection on Monday from 9 AM to 5 PM and a third group has a rule to authorize the connection on Monday from 8AM to 3PM, then the user will be able to open a connection on Monday from 8AM to 5PM.
Warning: This feature uses server’s time. Using the user’s workstation time and/or time-zone would be pointless, as all the user would only have to change its time-zone to open a session outside his authorized hours.
Brute-Force Attacks Defender
The brute-force attack defender enables you to protect your public server from hackers, network scanners and brute-force robots that try to guess your Administrator login and password. Using current logins and password dictionaries, they will automatically try to login to your server hundreds to thousands times every minute. With this RDP Defender, you can monitor Windows failed login attempts and automatically blacklist the offending IP addresses after several failures.
You can of course configure it to match your needs, for example by adding your own workstation IP address, so this tool never blocks you. Click on the “Tools” menu, then click on “Options and Whitelist”. You can add as many IP addresses as you want in the whitelist. These addresses will never be blocked by the brute-force attacks defender:
You can also set the maximum failed logon attempts from a single IP address (by default, it is 10). And the time of reset for failed logon attempts counters (by default it is 2 hours).
You can start, stop, restart, enable or disable the service by clicking on the service tab.
您可以為每個使用者或群組設定安全性等級。 有 3 個安全性等級:
- Windows 模式, where the user has access to a default Windows session.
- 安全桌面模式, where the user has no access to the Control Panel, programs, disks, browser, no right-click…: no access to the server resources. He just has access to documents, printers, Windows key and can disconnect his session.
- Kiosk 模式 is the most secure one, where the user has very limited actions in his session.
1) If this user has a Security Level directly defined for himself, then this Security Level is enforced.
2) If this user does not have a Security Level directly defined for himself, then RDS-Knight will load any existing Security Level settings for all the groups of this user, and keep the more permissive rules.
For instance if a first group has a rule to remove the Recycle Bin icon from the desktop, but this rule is disabled for a second group, then the user will have the Recycle Bin icon on his desktop. The same priority rules will apply on every custom rule (Desktop Security, Disks Control and Applications Control) as well as for the principal Security Level (the Windows Mode being considered more permissive than the Secured Desktop Mode, which is considered more permissive than the Kiosk Mode).
The endpoint protection and device control allows you to control users device by allowing each user to use only a specific device, which will be checked on any incoming session. A logon from any invalid device name will be blocked.
在這個範例，User2 將必須使用裝置名稱 PC-453 進行連線。
Auto-fill of device name field
You might notice that the Device Name field is already filled with a device name for some users. In order to help the administrator, RDS-Knight will automatically save the name of the latest device used to connect to the server by any user who does not have the Endpoint Protection and Device Control feature enabled. After one working day, the device name of most users will be known by RDS-Knight, thus allowing you to quickly enable the Endpoint Protection feature without having to check every user’s workstation name.
On this tile, you can see if you activated security features by looking at the Protection Status ticks.
On this example, all security features are activated:
Below, you can see your server information, with:
- your server name
- your serial number
- if you have a trial license or an activated one
- the end of your support date
At the right of this window, you can activate your license, see this page.
You can check for update by clicking on the button below it, where you will see your installed version, the latest version available and download it:
有任何疑問? 請查看 RDS-Knight FAQ
這個試用版本包含 RDS-Knight 的所有功能，14 天的免費試用。