1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MSTSC security "log in to" drop down list

Discussion in 'Servers and Enterprise Solutions' started by ASE001, Mar 1, 2013.

  1. ASE001

    Gangster

    Joined: Jan 2, 2007

    Posts: 277

    Location: Stoke-on-trent

    I have windows machine that I RDP to from the internet using port forwarding and I want to beef up security. I’ve amended the registry to hide the users from the logon screen but I can’t seem to remove the domain/server names in the "log in to" drop down list on the login page. I would like to hide the option button too on this page!

    I've tried setting ‘ShowLogOption’ to 0 in the registry but that only hides the list until the Option button is clicked. I've also deleted the Domain list in the registry but it gets recreated automatically.

    I have a VPN server for general access but need a backdoor just in case my VPN server crashes or the kids switch it off.
     
  2. KIA

    Man of Honour

    Joined: Nov 14, 2004

    Posts: 13,540

    RDP listening on the Internet? notsureifserious.

    TeamViewer would be a better option if you must have some form of "direct" access without using a VPN.
     
  3. tribz

    Wise Guy

    Joined: Mar 4, 2008

    Posts: 2,399

    At the very least, change its listening port in the registry. As Kia mentions, I'd rather rely on Team viewer for my back up method. I've got a customer with an RDP port internet facing and they get login attempts every few moments. Looking forward to getting that behind an RD gateway shortly.
     
  4. smargh

    Associate

    Joined: Dec 29, 2010

    Posts: 74

    Internet RDP access is #7 on the globally accepted list of Things Never To Do.

    Use LogMeIn Free.
     
  5. quackers

    Soldato

    Joined: Oct 18, 2002

    Posts: 5,708

    Location: Liverpool :-)

    I did the same as an experiment to a XP vm, I got a lot of hits. I had a smoothwall firewall in front of it, I was blocking tons of IP's. I noticed most of the hits would be for a second or so, then disconnect, some sort of recon bot?

    Anwyays, if you really do need to have an rdp machine open on the internet. Some of the points in this link are good to follow

    http://www.mobydisk.com/techres/securing_remote_desktop.html
     
  6. ASE001

    Gangster

    Joined: Jan 2, 2007

    Posts: 277

    Location: Stoke-on-trent

    Thanks for the feedback and will heed your advice. So I've decide to look at using a Raspberry Pi as a VPN server to provide a backdoor to my network (openVPN seems to have been ported to this platform). I can tuck one of these babies out of the way and it only consumes about 2watts. With my main VPN server that gives me two paths into my network.

    I also have seen reports that the Raspberry Pi can be used as LDAP server and setup to provide SAMBA/Windows authentication?