It is actually part of the rdp connection file she will download and use to connect. But nothing stops the user from changing it. What security concerns do you have?
From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Wednesday, July 17, 2013 12:24 PM To: [email protected] Subject: RE: [NTSysADM] Exposure from VPN not sure, But I will not be in control of the gateway policy if I understand correctly, it will be the remote domain /gateway host that would configure that. Jean-Paul Natola ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Exposure from VPN Date: Wed, 17 Jul 2013 16:14:42 +0000 You can restrict the ability have the local drive show up through the policy on the RD Gateway, can you not? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Wednesday, July 17, 2013 12:07 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Exposure from VPN Ahhh, I see. Don't think you can limit your exposure in that scenario other than having her use a machine not in the domain...and on it's own vlan or internet connection. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of J- P Sent: Wednesday, July 17, 2013 12:03 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Exposure from VPN This would still expose our lan would it not? she remotes in, her local drives show up including her network drives (our lan shares), where's the security on our side? I get than they can secure their network using rdgateway, but what protects me as I am not the gateway hoster/provider? Jean-Paul Natola ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Exposure from VPN Date: Wed, 17 Jul 2013 15:54:04 +0000 Pptp absolutely not. It is totally broken and insecure. MS has a KB somewhere saying stop using it. We use remote desktop via Microsoft's Remote Desktop Gateway. Very easy to setup and use and gives the user a desktop that is located in the remote domain..so all the settings..mapped drives...all show up. http://technet.microsoft.com/en-us/library/cc731150.aspx From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of J- P Sent: Wednesday, July 17, 2013 11:43 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Exposure from VPN Hi all, We have an employee who works part time for 2 organizations which are located in the same building, now we are moving and they want her to VPN in from our network to theirs, using traditional MS pptp- I'm not entirely comfortable with that idea , can someone suggest a more secure safer alternative Or maybe someway of securing this type of connection as to reduce exposure of our LAN? TIA Jean-Paul Natola
