Friday, June 12, 2009

RDP Autologon; talk about a security issue

Recently I have been doing server admin work and discovered numerous servers at a facility had Terminal Services configured such that it automatically used credentials that were saved on the server for all Remote Desktop/Terminal Services clients.

I understand this might be ok on a real Terminal Server that provides user access to some limited applications but in this case it was an application server that had terminal services setup for remote administration.

The settings are in Terminal Services Configuration, then right click on the RDP-TCP and select properties. You will see a Logon Settings tab that defaults to "Use client-provided logon information" but you can select "Always use the following logon information" and then proceed to enter in a username/domain/password.

What more can I say "You should never enter in an Administrative user account into this section of the terminal services configuration!" If you have seen a legitimate reason for doing so I would love to hear your story...just post a comment.