How to configure Windows 7 for Kaspersky Thin Client
Kaspersky Thin Client works on Windows 7 if the KB3080079 update is installed, and certain configuration steps are performed.
To install this update and configure Windows 7 for Kaspersky Thin Client, follow the steps below.
Step 1. Check whether the KB3080079 update is installed
To check whether the KB3080079 update is installed, run the command:
Step 2. Download the update
- Download the Windows6.1-KB3080079-x64.msu file from the Microsoft website and run it.
- If the file fails to install and an error message appears, do the following:
- Extract the .CAB file using the command:
expand -f:* "C:\Temp\Windows6.1-KB3080079-x64.msu" C:\Temp\KB3080079
- Install the .CAB file using the command:
DISM.exe /Online/Add-Package/PackagePath:c:\Temp\KB3080079\Windows6.1-KB3080079-x64.cab
- Extract the .CAB file using the command:
Step 3. Create and install an RDP certificate with the SHA256 encryption.
- Create a .TXT file and add to it the following parameters:
[NewRequest]
Subject="CN=<device name>"
Exportable=TRUE
KeyAlgorithm=RSA
KeyLength=2048
KeyUsage=0x80
MachineKeySet=TRUE
Hashalgorithm=Sha256
- Open the folder containing the created file using the command prompt as administrator and run the following command:
certreq -new <file name>.txt certrequest.req
- Add snap-in for the certificates:
- Open the Microsoft Management Console (MMC).
Press +R on the keyboard, type mmc and click OK. - In the Console window, click File → Add/Remove Snap-in.
- Select Certificates from the list of available snap-ins and click Add.
- Select Computer account and click Next.
- Select Local computer: (the computer this console is running on) and click Finish.
- Open the Microsoft Management Console (MMC).
- Export the certificate:
- In the console tree, expand Certificates and select Certificate Enrollment Requests.
- Right-click Certificate Enrollment Requests and select All Tasks → Export.
- Click Next.
- Select Yes, export the private key and click Next.
- Select Personal Information Exchange – PKCS #12 (.PFX) and select the check box Include all certificates in the certification path if possible. Click Next.
- Set a password for your certificate and click Next.
- Specify the name and the location for the certificate file. Click Next.
- Check the specified parameters and click Finish.
- Wait until the certificate is successfully exported and click OK.
The certificate (private key) will be exported to the System32 folder in the PFX format.
- Import the certificate:
Run the commands below in PowerShell.
- Run the following command:
certutil.exe -importPFX <private key name>.pfx noExport - Enter the password that was set earlier to your certificate.
Information about the certificate you are adding will be displayed:
# Certificate "<Common Name of the imported certificate>" added to store
# CertUtil: -importPFX command completed successfully - Insert the certificate thumbprint into the tp variable:
$tp = (ls Cert:\LocalMachine\my | WHERE {$_.Subject -match "CN="<Common Name of the imported certificate>" } | Select -First 1).ThumbprintThe thumbprint ID will appear on the screen. It will be generated individually on each device.
- Allow using the certificate for the RDP service via the command:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$tp"The screen will display a message indicating that the RDP service certificate is updated:
# Updating property(s) of '\\server\\root\\CIMV2\TerminalServices:Win32_TSGeneralSetting.TerminalName="RDP-Tcp" '
# Property(s) update successful
- Run the following command:
Step 4. Connect to Windows 7 via RDP
- Open Control Panel → System → Advanced system settings.
- Click Remote → Remote Desktop.
- Select Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure).
- Restart your computer for the updated system settings to take effect, and Kaspersky Thin Client start working with Windows 7.