This is normal behavior for Windows RDP, in Server 2022 and older you
are allowed 2 (Different Users) free RDP sessions. However if you are
User one is logged at console or remote, and you connect from another
system with same user account, windows will prompt to log out the active
session for that same user. When this is not true is when you are using
TS license (RDS) CALS to connect many users to one system with Desktop
Sharing.
Windows 10 Pro Allows 2 connections at same time for two users, Windows
11 Pro is 1 connection.
This has nothing to do with Guacamole.
For RDP, this is naturally encrypted by default, there are different
levels of authentication such as NLA, which is being retired and
replaced with new protocol authentication. (Microsoft Windows RDP
Network Level Authentication Bypass (CVE-2019-9510)).
Hope this information helps.
*Thank You*
Sean Hulbert
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 5/22/2024 11:15 AM, Hankins, Jonathan wrote:
Not sure if/how FreeRDP handles this but here is some context about
changes from Windows Server 2003 to 2008 (RDC 6.1):
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/changes-to-remote-administration-in-windows-server-2008/ba-p/246577
On a Desktop OS (Windows 11), this is what I see:
Connecting through Guacamole via RDP as the SAME user I have logged
into the console "steals" the session that was on the console,
regardless of the "Administrator console" setting on the connection in
Guacamole.
Connecting through Guacamole via RDP as a DIFFERENT user I have logged
into the console asks me if I want to disconnect them, and when I
choose Yes, asks them (on the console) if they want to be disconnected
with a 30s countdown, regardless of the "Administrator console"
setting on the connection in Guacamole.
On a server OS (Windows Server 2022) with RDS role, this is what I see:
(FWIW, I do have "Restrict Remote Desktop Services users to a single
Remote Desktop Services session" enabled in my group policy for my
terminal servers.)
Connecting through Guacamole via RDP as the SAME user I have logged
into the console "steals" the session that was on the console,
regardless of the "Administrator console" setting on the connection in
Guacamole.
Connecting through Guacamole via RDP as a DIFFERENT user I have logged
into the console does NOT affect the session on the console,
regardless of the "Administrator console" setting on the connection in
Guacamole.
On Wed, May 22, 2024 at 12:42 PM Barnhart, Steven
wrote:
We have a scenario where a lab may be used in person, but we also
want it to be available remotely through guacamole. I know
Guacamole doesn’t handle that right now (or seemingly), but is it
even possible or does the RDP protocol not expose that at all?
*Steven T. Barnhart*
Solutions Engineer
*The Ohio State University*
OTDI Research Technology and Infrastructure
(614) 688-1013 Office
