If server and clients are in domain, you can disable the feature using group policies.
Computer configuration > Administrative Templates > Windows Components > Terminal Services > Client / Server data redirection > "Do not allow drive redirection" -- Kamlesh On 10/10/06, Dan DeStefano <[EMAIL PROTECTED]> wrote:
I should have mentioned that my RDP connection to the TS was as a normal user as well. Dan DeStefano Info-lution Corporation [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 ------------------------------ *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Peter Johnson *Sent:* Tuesday, October 10, 2006 8:40 AM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] OT: Possible Security Hole in RDP? If the RDP session is being created to the target server with Admin privileges and that account also has admin privileges on your machine then I would suspect that this is what happening here. I.E. the connection is back to your PC from the server, under the credentials you logged in with, and not from your PC to the server under your local credentials. Anyone else got any ideas?? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Dan DeStefano *Sent:* 10 October 2006 14:10 *To:* ActiveDir@mail.activedir.org *Cc:* [EMAIL PROTECTED] *Subject:* [ActiveDir] OT: Possible Security Hole in RDP? I have noticed something with Terminal Services and RDP that is concerning. I am using a notebook on which I am just a normal user (I do not log on as administrator unless absolutely necessary). I create an RDP connection to a WS2k3 terminal server and choose to make the notebook's local disks available on the terminal server. I can then browse through my notebook's hard drive with impunity. I can access all files and folders to which I should not have any access at all, including the administrator profile. However, it does take very long to open these files/folders. I am sure this is a known issue, I just haven't read about it anywhere. Does anyone know if there is a way to mitigate this other than setting group policy to not allow local disks to connect to the terminal server? Dan DeStefano *Info-lution Corporation* [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession. *Disclaimer:* The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. *Confidentiality:* The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED]<[EMAIL PROTECTED]>. Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. Dan DeStefano *Info-lution Corporation* [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
