Remote desktop, limiting access?

Edward78

Edward78

Edward78

Soldato
Joined
19 Oct 2002
Posts
5,780
So I downloaded a public test of a game, game says not installed correctly, tried all advice given & still no luck... A dev. want to RD my sys., I am prob. a bit too not trusting, can I limit places they can go on system?
 
Last edited:
Not really as they all generally take over your session so have your permissions.

Just disconnect your p0rn drive.
 
With all the tools now a days, they shouldn't be using RDP..
We don't tend to use it at work unless there's no one logged into the machine.

TeamViewer, remote assistant, goto assist.. Are just a few off the top of my head, for them to suggest RDP; I would have to question their tech level.
 
slinxy said:
With all the tools now a days, they shouldn't be using RDP..
We don't tend to use it at work unless there's no one logged into the machine.

TeamViewer, remote assistant, goto assist.. Are just a few off the top of my head, for them to suggest RDP; I would have to question their tech level.
Click to expand...

RDP has far, far better performance than things like Teamviewer as you are making a direct connection to the machine, and is very commonly used in enterprises, it has other major advantages such as being integrated with AD and is considerably more secure, for one thing it is not susceptible to password breaches as recently happened to Teamviewer. I would always choose RDP where possible for remoting into a system. And would only choose assistance programs whereby I need to actually show a user how to do something as opposed to doing it myself.

RDP allows for a very fine grained control over access to directories and install permissions etc but to solve a technical problem like this admin privileges will be desired so it's not really possible to restrict access.
 
Last edited:
It will likely be teamviewer or similar, very easy to control the session. RDP wouldn't be practical for offering support over the Internet.

Worst case disconnect your PC from the router :p
 
Energize said:
RDP has far, far better performance than things like Teamviewer as you are making a direct connection to the machine, and is very commonly used in enterprises, it has other major advantages such as being integrated with AD and is considerably more secure, for one thing it is not susceptible to password breaches as recently happened to Teamviewer. I would always choose RDP where possible for remoting into a system. And would only choose assistance programs whereby I need to actually show a user how to do something as opposed to doing it myself.

RDP allows for a very fine grained control over access to directories and install permissions etc but to solve a technical problem like this admin privileges will be desired so it's not really possible to restrict access.
Click to expand...

We have sccm, therefore we would tend to use remote control and be able to more likely see and replicate the issue in the user profile. I've used RDP/Terminal services since the days of Windows NT and not really needed it since Windows 7. On some domains, admin account are disabled from logging via GPO and even logging with a domain admin account, you will still have to right click and run as admin, to ensure that you doing it on purpose.

Yeah I have RDP setup to work over the Internet on one of my home machines, but it's on the non standard port and only used as rare backup. Like said with all the other remote tools out there at the moment, why would you give a stranger remote admin access to your machine; where you can't see what they are doing.
 
Energize said:
RDP has far, far better performance than things like Teamviewer as you are making a direct connection to the machine, and is very commonly used in enterprises, it has other major advantages such as being integrated with AD and is considerably more secure, for one thing it is not susceptible to password breaches as recently happened to Teamviewer. I would always choose RDP where possible for remoting into a system. And would only choose assistance programs whereby I need to actually show a user how to do something as opposed to doing it myself.

RDP allows for a very fine grained control over access to directories and install permissions etc but to solve a technical problem like this admin privileges will be desired so it's not really possible to restrict access.
Click to expand...

Have you tried getting RDP to work over a broadband link, without first using a VPN or something? It's painful.
 
Edward78 said:
So I downloaded a public test of a game, game says not installed correctly, tried all advice given & still no luck... A dev. want to RD my sys., I am prob. a bit too not trusting, can I limit places they can go on system?
Click to expand...

Not really since you are presumably trying to diagnose an installation issue, so they would want to check system level issues.

Honestly though, I would procmon their process, dump eventlog, any app logs if there are any, and tell them to look through that first before coming anywhere near my system.

You could maliciously comply, and present your desktop in Skype, all they can do there is watch (in not great quality either). :D
 
FoxEye said:
Have you tried getting RDP to work over a broadband link, without first using a VPN or something? It's painful.
Click to expand...

Yup, we can rdp to our work sites or the telecity datacentre without issue without needing a vpn.

slinxy said:
We have sccm, therefore we would tend to use remote control and be able to more likely see and replicate the issue in the user profile. I've used RDP/Terminal services since the days of Windows NT and not really needed it since Windows 7. On some domains, admin account are disabled from logging via GPO and even logging with a domain admin account, you will still have to right click and run as admin, to ensure that you doing it on purpose.
Click to expand...

That would be a right pain for us, virtually everything we do on the web and db servers requires admin rights.
 
Last edited:
Energize said:
That would be a right pain for us, virtually everything we do on the web and db servers requires admin rights.
Click to expand...

That's where the difference is.. I would RDP into my own, work or a server that I'm responsible for.. Having any other remote tool on the server would cause security issues..

It's still debatable if I would RDP into a client server.. Most times when friend call, I would only need to say.. Have a look in there or a particular set of settings.. On the rare times, I have team viewer across into a friends server to have a look, but tell them the settings they need and why.. They should be technical enough as a server admin to need to understand the issue and the solution in case it occurs again.. I know I would want to know what someone is doing on a server that I was looking after, what the problem was and how to fix it in future.

It's been a long time since I've been the third party support engineer, having to remote in to dozens of clients servers per day, but surely team viewer enterprise would be ideal for situations like that.
 
If they can remote in to your PC they don't even need RDP to see all the prawn. They can simply browse the disk directly without you knowing :D
 
FoxEye said:
Have you tried getting RDP to work over a broadband link, without first using a VPN or something? It's painful.
Click to expand...

yarp. do it all the time to my home server using dynamic dns and port forward.

(although i realise not all people will have this set up, so as said it'll probably be teamviewer etc)
 
I doubt they'll actually use RDP probably just uses the term for dialing in with some software i.e Teamviewer so you can watch what they do on screen.
 
I'd imagine they'll not be using RDP as it's not open over the WAN, you'd have to port forward for that in your router which I certainly wouldn't be doing. We very rarely use RDP these days, our RMM solution comes with ScreenConnect which is superior in every single way.
 
You must log in or register to reply here.
Back
Top Bottom