How to configure Windows 7 for Kaspersky Thin Client
Show applications and versions that this article concerns
- Kaspersky Thin Client 1.6.1
- Kaspersky Thin Client 1.6
- Kaspersky Thin Client 1.5.1
- Kaspersky Thin Client 1.5
For Kaspersky Thin Client to work on Windows 7, install the KB3080079 update and configure it on Windows 7 according to the instructions below.
Step 1. Check whether the KB3080079 update is installed
To check whether the KB3080079 update is installed, run the command:
If this update is already installed, proceed to step 3. Otherwise, proceed to step 2.
Step 2. Download and install the update
Download the Windows6.1-KB3080079-x64.msu file from the Microsoft website and run it.
If the file fails to install and an error message appears, do the following:
- Extract the .CAB file using the command:
expand -f:* "C:\Temp\Windows6.1-KB3080079-x64.msu" C:\Temp\KB3080079
- Install the .CAB file using the command:
DISM.exe /Online/Add-Package/PackagePath:c:\Temp\KB3080079\Windows6.1-KB3080079-x64.cab
Step 3. Create and install an RDP certificate with the SHA256 encryption
- Create a .TXT file and add to it the following parameters:
[NewRequest]
Subject="Cn=<device name>"
Exportable=TRUE
KeyAlgorithm=RSA
KeyLength=2048
KeyUsage=0x80
MachineKeySet=TRUE
Hashalgorithm=Sha256
- Open the command prompt as an administrator. Go to the folder with the created file and run the command:
certreq -new <file name>.txt certrequest.req
- Add snap-in for the certificates:
- Open the Microsoft Management Console (MMC).
To do so, press + R on the keyboard, type mmc and click OK. - In the Console window, click File → Add/Remove Snap-in.
- Select Certificates from the list of available snap-ins and click Add.
- Select Computer account and click Next.
- Select Local computer: (the computer this console is running on) and click Finish.
- Open the Microsoft Management Console (MMC).
- Export the certificate:
- In the console tree, expand Certificates and select Certificate Enrollment Requests.
- Right-click Certificate Enrollment Requests and select All Tasks → Export.
- Click Next.
- Select Yes, export the private key and click Next.
- Select Personal Information Exchange – PKCS #12 (.PFX) and select the Include all certificates in the certification path if possible check box. Click Next.
- Set a password for your certificate and click Next.
- Specify the name and the location for the certificate file. Click Next.
- Check the specified parameters and click Finish.
- Wait until the certificate is successfully exported and click OK.
The certificate (private key) will be exported to the System32 folder in the .pfx format.
- Import the certificate:
Run the commands below in PowerShell.
- Run the command:
certutil.exe -importPFX <private key name>.pfx noExport
- Enter the password that was set earlier for your certificate.
Information about the certificate you are adding will be displayed:
# Certificate "<Common Name of the imported certificate>" added to store
# CertUtil: -importPFX command completed successfully - Insert the certificate blueprint into the tp variable:
$tp = (ls Cert:\LocalMachine\my | WHERE {$_.Subject -match "CN="<Common Name of the imported certificate>" } | Select -First 1).Thumbprint
The blueprint id will appear on the screen. It will be generated individually for each device.
- Allow using the certificate for the RDP service via the command:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$tp"
The screen will display a message indicating that the RDP service certificate was updated:
# Updating property(s) of '\\server\\root\\CIMV2\TerminalServices:Win32_TSGeneralSetting.TerminalName="RDP-Tcp" '
# Property(s) update successful
- Run the command:
Step 4. Connect to Windows 7 via RDP
- Open Control Panel → System → Advanced system settings.
- Click Remote → Remote Desktop.
- Select Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure).
- Restart your computer for the updated system settings to take effect and for Kaspersky Thin Client to start working with Windows 7.
Kaspersky Thin Client is ready to work with Windows 7, but the image on the screen may contain artifacts. To fix this issue, follow the steps below.
Step 5. Upgrade RDP to version 8.0
- Download the KB2574819 update from the Microsoft website and run it.
- Download the Remote Desktop Protocol (RDP) 8.0 update from the Microsoft website and run it.
Step 6. Change the Windows 7 group policy
- Press +R to open the Run window.
- Type gpedit.msc and click OK.
The Local Group Policy Editor window opens.
- Go to Computer configuration → Administrative Templates → Windows Components.
- Select Remote Desktop Services → Remote Desktop Session Host.
- Select Remote Session Environment and click Enable Remote Desktop Protocol 8.0.
- Select Enabled and click OK.
- Press +R to open the Run window again.
- Type cmd and click OK.
The Command line opens.
- Run the gpupdate /force command and press Enter.