An interesting issue that was discovered after deploying security certificates for Remote Desktop Authentication into the TPM of desktop computers and some (physical) servers, after go live with the security certificate clients could no longer connect with the error below being displayed in the Remote Desktop Services log on the server.
The server security layer detected an error (0x80090304) in the protocol stream and the client (Client IP: <IP ADDRESS>) has been disconnected.
After chasing many red herrings around cryptography, schannel implementation, and the likes the root cause seems to be an issue with the storage within the TPM itself – as a workaround the certificate can be stored in the ‘traditional manner’ instead. An ideal fix would probably involve a firmware upgrade on the TPM.
Encryption still seems to be a bit of a dirty word in the world of IT – all to often we hear about a notebook PC being stolen and that it had unencrypted data on it. Luckily the Microsoft Surface RT comes with encryption built in right out of the box and to make things even better it
- Uses the same Bitlocker Encryption that you will find and trust in Windows 7/8
- Uses a v2.0 TPM chip that is built into Surface RT (which keeps the encryption keys safe)
- The fact that Encryption is enabled is highly visible through My Computer and also the Bitlocker management tool
- Is turned on right out of the box without having to wait for any additional setup or ‘encryption time’ – just take it out of the box and you are already protected from data loss
Naturally encryption is only one part of any decent security policy and users should be using strong password to help protect your PC.
One of the new features included in Windows 8 that helps with security is Picture Password more details of which can be found at this link here.