RDP: remote desktop issues

I have been having some difficulty in getting a request to modify our group
policy to enable RDP on our XPSP2 workstations past IT security. In
researching potential issues, the only ones I have found are some DoS
vulnerabilies for which patches have been available for some time. In any
case, our internal network is heavily firewalled against access from the
outside.

We are already using SMS remote control, but it is configured to require the
remote user's acceptance of our request to remote control their workstation,
so not of much use when nobody is there. Also, if we log the user out and
logon to an account with administrator access, the user could potentially
close the remote control session and remain logged on with privileges.

I would see RDP as a useful addition to our arsenal of tools, with SMS
remote control for user support, and RDP for workstation support.

I believe that one of the concerns we are seeming to work against is privacy
of the user's session, including any files they mave have created locally,
such as on the desktop. Of course, we can already browse remotely to the
local hard drive, seeminly with even less accountability than if we were to
logon remotely. And we have the authority to take a workstation out of
service and examine it directly - without having to inform the dozens of
users that have profiles there.

Basically, I am looking for comments, either for or against. Does anyone out
there have information (or better yet, actual experience) to indicate that
the benefits of using RDP for workstation management are either outweighed,
or not outweighed, by any other factors that we have perhaps not considered?
If there are security, privacy, or other issues, has anyone found ways to
mitigate them?

Any and all comments will be greatly appreciated.


/Al


.

Relevant Pages

  • Re: remote desktop issues
    ... Also, with RDP, having the user accept the remote control session could ... We are already using SMS remote control, but it is configured to require ... and RDP for workstation support. ...
    (microsoft.public.windows.server.security)
  • Re: Preventing logon to local accounts
    ... Just to go over it from the beginning, you have created a new gpo with the ... you have created a security group and added the ... this works because RDP is enabled and greyed out on the remote tab is system ... then, add another workstation to the domain, don’t add this workstation in to ...
    (microsoft.public.windows.server.active_directory)
  • RE: Domain Name Conflict : RWW "Connect to My Computer at Work" Problem
    ... On an internal workstation, log on a problematic account, click ... RDP a workstation directly. ... Microsoft Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: RDP Problems
    ... What happens if you RDP ... from say your workstation to another workstation on the LAN? ... and my home server all with no luck. ... Remote desktop ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services Domain?
    ... Remote control of the console session is only possible from another RDP session to same machine. ... I'm not sure what you mean when mention redirecting the user or the desktop as they log in - If you want a user to autmatically open an RDP session upon a desktop login you can run the RDP client from the login script with an RDP file as a parameter that will automatically run the specific application upon successful authentication. ... If your goal is to provide centralized application access to 25 users/machines without having to deploy the applications to each workstation, then installing a terminal server in application mode with the application you require and providing users an RDP file that launches the application is a very good solution. ...
    (microsoft.public.windows.terminal_services)