motiv8dMemberFeb 05, 2008 at 6:38 pm #130196
We operate a W2003 TS 32 bit and have a user created for an external company (lets call her ‘ABCD’) to support their POS software product. They access the system as rdp over the internet.
They have two computers at their site (not controllable by our company in any way) that they will rdp in from using the same user, ABCD. When one of the computers logs in, the session can be shadowed by our admin user. However, when the other logs in (their senior user), the ABCD session cannot be shadowed which makes me think that senior user does something to prevent shadowing.
The Group Policy for “Sets rules for remote control of Terminal Services user sessions” in – Computer Configuration – Administrative Templates – Windows Components – Terminal Services, is as follows:
Local Computer Policy (computer and user): Not Configured
Default Domain Policy (computer and user): Not Configured
xxxxx Domain Policy (computer): Enabled (Full Control Without Users Permission)
The particular user say “ABCD” is in the xxxxx organizational unit. All other users in that OU can be shadowed. And user ABCD connecting from the same remote location from PC1 can be shadowed but not for PC2.
The user has access to regedit, however, is unable to change the respective keys values for the above. They cannot run gpedit.msc and are not an administrative user.
I would like to know:
1) What they could possibly be doing that prevents shadowing of a session and
2) What settings on the server to change to force the possibility of shadowing.
This is a particular concern as it obviously opens up the way for users to be able to operate outside of company guidelines. It could also indicate a potential more serious vulnerability as if they can bypass a group policy in this instance, perhaps they can bypass others too.
Thankyou in advance.
You must be logged in to reply to this topic.