MSTSC security "log in to" drop down list

ASE001 · 1 Mar 2013 at 15:07

I have windows machine that I RDP to from the internet using port forwarding and I want to beef up security. I’ve amended the registry to hide the users from the logon screen but I can’t seem to remove the domain/server names in the "log in to" drop down list on the login page. I would like to hide the option button too on this page!

I've tried setting ‘ShowLogOption’ to 0 in the registry but that only hides the list until the Option button is clicked. I've also deleted the Domain list in the registry but it gets recreated automatically.

I have a VPN server for general access but need a backdoor just in case my VPN server crashes or the kids switch it off.

KIA · 1 Mar 2013 at 18:41

RDP listening on the Internet? notsureifserious.

TeamViewer would be a better option if you must have some form of "direct" access without using a VPN.

tribz · 1 Mar 2013 at 19:39

At the very least, change its listening port in the registry. As Kia mentions, I'd rather rely on Team viewer for my back up method. I've got a customer with an RDP port internet facing and they get login attempts every few moments. Looking forward to getting that behind an RD gateway shortly.

smargh · 2 Mar 2013 at 12:38

Internet RDP access is #7 on the globally accepted list of Things Never To Do.

Use LogMeIn Free.

quackers · 3 Mar 2013 at 21:14

I did the same as an experiment to a XP vm, I got a lot of hits. I had a smoothwall firewall in front of it, I was blocking tons of IP's. I noticed most of the hits would be for a second or so, then disconnect, some sort of recon bot?

Anwyays, if you really do need to have an rdp machine open on the internet. Some of the points in this link are good to follow

http://www.mobydisk.com/techres/securing_remote_desktop.html

ASE001 · 4 Mar 2013 at 12:22

Thanks for the feedback and will heed your advice. So I've decide to look at using a Raspberry Pi as a VPN server to provide a backdoor to my network (openVPN seems to have been ported to this platform). I can tuck one of these babies out of the way and it only consumes about 2watts. With my main VPN server that gives me two paths into my network.

I also have seen reports that the Raspberry Pi can be used as LDAP server and setup to provide SAMBA/Windows authentication?