This section contains instructions for setting up a connection to the terminal upon presentation of a token.

To configure it, you need a computer with the Windows 2019 Server Rus operating system and Rutoken drivers installed.

The operating system must be configured as the Domain controller. The Certification services and Terminal Services (Remote Desktop Services) must be installed and configured in the system, and users should have been issued certificates of User with a smart card or Login with a smart card types.

All the actions described below are performed with administrative rights in the system.

The Admin account is used as an example.

Stages of setting up a connection to a terminal server upon presentation of a token:

Stage 1: Configuring the Terminal Server.

Stage 2: Configuring domain controller security policies.

Configuring the Terminal Server

You need to install on the server the role Remote Desktop Services with the service Remote desktop session host.

If the server is a domain controller, it is not recommended to install the service Intermediary for remote desktop connections.

To configure the Terminal Server:

1. Press the Windows+X combination and select the System menu item.
2. On the left side of the window System click on the link Setting up remote access.
3. In the system properties window, go to the tab Remote access.
4. Set the switch to Allow remote connections to this computer.
5. Check the box Allow connection only to...
6. Click on Select users.
   If you need to allow access to remote desktops from computers outside the domain, or from domain computers running Windows XP, you need to uncheck the option Allow connections only from computers running remote desktop with network-level authentication (recommended).
7. In the window called Remote Desktop User click on the button Add.
8. In the field Enter the names of the selected objects enter the name of the user or user group that you want to allow access to remote desktops.
9. Click on Check the names.
10. Click on the OK button.
11. Add other users of the group in the same way.

Configuring domain controller security policies

To configure domain controller security policies:

1. Open the Control panel.
2. Enter the word "administration" in the search box.
3. Double-click on the name of the Administration item.
4. Double-click on the snap-in name Group policy management.
5. Click on the arrow on the left side of the window Group Policy Management next to Group Policy Objects.
6. Right-click on the name of the Default Domain Controllers Policy subitem and select Change...
7. On the left side of the window Group Policy Management Editor click on the arrow next to Computer configuration item.
8. Click on the arrow next to the Policies item.
9. Click on the arrow next to the item Windows Configurations.
10. Click on the arrow next to the Security settings item.
11. Click on the arrow next to the Local policies item.
12. Click on the Assigning user rights subitem name.
13. Double-click on the policy name Allow login in the system via the remote workstation service.
    
14. Check the box Define the following policy settings.
15. Click on the button Add user or group....
    
16. In the window called Add user or group click on the Overview.
17. In the window Selection in the field Enter the names of the selected objects enter the name of the user or group of users who will be allowed to connect to this server via Remote Desktop Services.
18. Click on Check the names.
19. Click on the OK button. The name of the user or group will be displayed in the window Add user or group.
20. Click on the OK button.
21. Click on the OK button.
22. Close the snap-in window Group Policy Management and the window Administration.

After restarting the computer, the configuration of Remote Desktop Services and the Domain controller security policies will be completed.

See next configuring the client operating system.