Locking down RDP for security

Well, it seems after these last ransomware attacks (which I have been a part of the reconstruction crew) I have learnend about other methods of connecting to remote systems. But RDP is a pretty lightweight protocol for remote connection – it works and it works well except for its vulnerability last quarter. So … if we limit HOW we get to the point that RDP is available (VPN w. certs, username, SSL, limiting firewall scope) then we can still use RDP.

But how to we secure RDP down even further? Ideally I would like it where if the certificates match – boom your in only from certain machines. SSH works like this on Unix. Here are some links to peruse that might answer this question. I will augment this article once I have cracked what I wish to accomplish (this sentence will be removed).  Oh – and please do not email certificates or passwords. HUGE pet peave of mine when websites or people do this.