Re: Security problem in Terminal Server Windows 2003
- From: HAL <nospam@xxxxxxxxx>
- Date: Sat, 17 Feb 2007 12:31:35 +0100
TP wrote:
The current way to avoid this behavior is to disable automatic reconnect. You can disable it for all TS users of the server via group policy, or on each client on a per connection basis.
On the client, uncheck "Reconnect if connection is dropped" on the Experience tab.
-TP
HAL wrote:I've set password protect after 6 minutes in Display Properties/Screen
Saver. I use the Blank screen saver. The system is running Windows
2003 Server Standard SP1. I use the latest mstsc from Vista (Ive also
seen this problem on older mstsc).
I've found that if I go away from my client computer running mstsc and
the connection is lost to the server (unfortunately the server link is
not 100% stable), and I then come back, I can go straight back to the
session WITHOUT entering any password.
All I see is the reconnecting session... Try 1 of 20.. Try 2 of 20..
and then bang I'm back into the session without any password entered..
I've even done this the next day (at least 12h after), as it seem that
the reconnect is not triggered before one hoover the mouse over the
mstsc window.
This seem quite shocking to me, as I'm sure this could somehow be
abused.
Well. It's quite scary that this is NOT the default. Microsoft should really look into this issue.
--
IT/MsC/ITAdm
Engineering Services
.
- References:
- Prev by Date: Re: Security problem in Terminal Server Windows 2003
- Next by Date: Re: error logging into Terminal server with Vista
- Previous by thread: Re: Security problem in Terminal Server Windows 2003
- Next by thread: Re: error logging into Terminal server with Vista
- Index(es):
Relevant Pages
|
