• State Verified Answer
  • Replies 3 replies
  • Subscribers 29 subscribers
  • Views 790 views
  • Users 0 members are here
Options
Related

Disable the Fetch RDP Details feature

Mahmoud Emad
11 months ago

Hello,

I appreciate your valuable support.

And i have a question please regarding RDP application request, user can download RDP file and start an application session normally.

Where he can copy RDP username, and then be able to make RDP session to RDS server instead of initializing an application session.

So, Can we disable the Fetch RDP Details feature? to prevent users from RDS server access?  

Parents
  • 0 11 months ago

    Hi,

    There is no current option to disable the Fetch RDP details, this would require an enhancement request that can be raised via a support service request for consideration by the product team.

    Thanks!

  • 0 4 months ago in reply to Tawfiq.Ahmad

    Hello,

    I have the same issue.

    We implement RDS server and configure Safeguard RemoteApp in order to allow automatic login in Web console via Safeguard. The goal is to monitoring the web console access, isolate the session and provide only the necessary access to each user.

    What I though is that "Fetch RDP details" allow user to use his own RDP tools to start automatic login of web console but in our case, fetching the RDP detail allow the user to connect to RDS server with the service account without start the web console (as a normale RDP connection).

    So, currently, with "Fetch RDP details" a user can access the RDS server via RDP using the service account configured to start the web session in the RDS server.

    Is this a normal behavior?

    If not possible to disable "Fetch RDP details", how can we mitigate this security lack? 

Reply
  • 0 4 months ago in reply to Tawfiq.Ahmad

    Hello,

    I have the same issue.

    We implement RDS server and configure Safeguard RemoteApp in order to allow automatic login in Web console via Safeguard. The goal is to monitoring the web console access, isolate the session and provide only the necessary access to each user.

    What I though is that "Fetch RDP details" allow user to use his own RDP tools to start automatic login of web console but in our case, fetching the RDP detail allow the user to connect to RDS server with the service account without start the web console (as a normale RDP connection).

    So, currently, with "Fetch RDP details" a user can access the RDS server via RDP using the service account configured to start the web session in the RDS server.

    Is this a normal behavior?

    If not possible to disable "Fetch RDP details", how can we mitigate this security lack? 

Children