I am wondering if certificate based authentication is available for the remote desktop service on Windows 2003/2008 server. Actually, I am not talking about the remote desktop\terminal service role, but just the out of the box feature of remote desktop on these servers. Thanks

Yes, certificate based authentication for interactive sessions using Smart Cards is supported on any Remote Desktop flavor including remote administration mode. /Hasain

Can you explain how Smart cards play a role on the RD certificate based authentication? The user is sitting remotely and will not have physical access to the computer.

The Remote Destop Client will pass the local attached (on the client computer) smart card to the RDP server using a virtual smart card reader within the RDP session. At this point the RDP server session will behave the very same way a normal client does with locally attached smart card and smart card logon is possible. /Hasain

Can I do this without smart card? I can install the certificate to the end users' laptop.

No, you need the smart card to perform and interactive remote desktop logon /Hasain

Then this might not be our option. Thank anyware.

There are two facets of your question that come to mind. Both of which are available out of the box. 1) replacing the standard certificate on the destination. http://technet.microsoft.com/en-us/library/cc782610%28WS.10%29.aspx http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx 2) using smart card to achieve RFC 4556 PKINT authentication. http://msdn.microsoft.com/en-us/library/bb905527.aspx There are group policy options to only allow smart card based logons, but I can't seem to remember them off the top of my head.

Thanks Pjhanson, I will give that a try.