We strongly recommend trying our companion product, TSplus Advanced Security, which will enable you to further secure the published remote desktop / remote session, as well as add geographic filtering and brute force protection: https://tsplus.net/advanced-security
Additionally, our 2FA Add-On will add an extra layer of protection: https://tsplus.net/two-factor-authentication
Recommended Steps
5. Disable "Remember last login" in AdminTool > Web > Web Portal > Web Portal Customization > Credentials
6. To prevent username disclosure, you can disable the existing web sessions listing from the AdminTool > ADVANCED > Security tab. Please note that this setting is required for sticky sessions.
9. In a TSplus Remote Access farm, to prevent a user from logging in to the gateway server, change the setting AdminTool > Advanced > Security > "Only Users With Applications" to "Yes" on your gateway. Please note that you should assign the AdminTool > Applications > "Microsoft Remote Desktop" application (even if it is only "Full Desktop") to Administrators who need to connect to the Gateway server before making this change.
10. By default, the RDP ports are forwarded to the Tsplus Remote Access web ports. If your users and administrators exclusively use the TSplus web ports for the HTML5 client, you can disable the RDP forwarding to the web ports by setting AdminTool > Advanced > Security > "Disable RDP Forwarding" to "Yes." If you instead require that RemoteApp be used on the TSplus web ports and also do not wish to forward the RDP protocol to the web ports, consider using our Remote Desktop Gateway feature and perform the steps in the following guide:
- https://support.tsplus.net/en/support/solutions/articles/44002610364-disable-rdp-forwarding-and-still-allow-rdp-remoteapp