Configure RDP Access to Windows VM on Compute Engine

D.

To log in to a Windows virtual machine (VM) on Google Cloud Platform (GCP) Compute Engine via Remote Desktop Protocol (RDP), you need to follow the steps below:

1. Create a Windows VM on Compute Engine: You can create a Windows VM on Compute Engine using the GCP Console, the gcloud command-line tool, or the Compute Engine API. Ensure that you have the necessary permissions to create VMs.

2. Allow RDP traffic: By default, Compute Engine VMs do not allow RDP traffic. You need to create a firewall rule to allow RDP traffic to the VM. You can create the rule using the GCP Console or the gcloud command-line tool.

For example, to create a firewall rule that allows RDP traffic from any IP address to the VM, run the following command:

gcloud compute firewall-rules create allow-rdp --allow tcp:3389 --description "Allow RDP traffic" --direction INGRESS --target-tags=rdp

The command creates a firewall rule named "allow-rdp" that allows TCP traffic on port 3389 and applies to VMs with the tag "rdp."

3. Retrieve the login credentials for the VM: To log in to a Windows VM on Compute Engine, you need the login credentials. You can retrieve the credentials in one of the following ways:

• Option A: Use your Google Account credentials: If you used your Google Account to create the VM, you can use those credentials to log in to the VM. However, it is recommended that you use a separate user account for security reasons.

• Option B: Use gcloud compute reset-windows-password: If you do not have the login credentials for the VM, you can use the gcloud compute reset-windows-password command to reset the password. The command generates a new password and displays it in the command output. You can then use the new password to log in to the VM.

For example, to reset the password for a VM named "my-vm" in the "us-central1" zone, run the following command:

gcloud compute reset-windows-password my-vm --zone us-central1

The command resets the password for the default user account and displays the new password in the command output.

• Option C: Add metadata to the instance: When creating the VM, you can add metadata to the instance using the "windows-password" key and a password as the value. The password is encrypted and stored securely. You can then use the password to log in to the VM.

For example, to create a VM named "my-vm" with a password of "MyPassword123" in the "us-central1" zone, you can use the following gcloud command:

gcloud compute instances create my-vm --image-family=windows-server-2019-core --image-project=windows-cloud --metadata windows-password=MyPassword123 --zone us-central1

• Option D: Use the default Compute Engine service account: If you downloaded the JSON private key for the default Compute Engine service account, you can use the credentials in the JSON file to log in to the VM. However, it is not recommended to use the default service account for security reasons.

After you have retrieved the login credentials for the VM, you can use an RDP client to connect to the VM. The RDP client is built into Windows and is also available for other operating systems. You need to specify the IP address of the VM, the username, and the password to log in to the VM.

Note that after you log in to the VM, you should follow the security best practices for Windows VMs, such as applying security updates, installing anti-virus software, and configuring firewall rules.