topic Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that? in General Topics

Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that?

VinothV — Fri, 24 May 2013 05:22:58 GMT

When connecting a windows machine via RDP using mstsc client, we have an option to share the local resources like printer, clipboard, etc. By this way we can able to share the local hard disk drives with the remote machine that we connect to. Upon connecting, our local drives are shown as the network drives on the remote computer. I noticed two app-ids are popping in the traffic logs during this transaction... ms-rdp and t.120..... Blocking either of the app-id is not letting me to even connect to the remote computer... Is there any way to block the resource sharing while just allowing the RDP alone?

Re: Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that?

kfindlen — Fri, 24 May 2013 05:38:48 GMT

The Remote Desktop protocol is encrypted so granular control over specific functions within the session is not possible from the firewall. You will need to utilize group policies on the server side machine to disallow drive mapping from the client.

Re: Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that?

ericgearhart — Fri, 24 May 2013 13:13:04 GMT

What kfindlen said is completely true.

Another way we have restricted resource sharing (for servers/workstations that are not necessarily members of the same domain) is to use Microsoft's "Remote Desktop Gateway" service.

http://technet.microsoft.com/en-us/library/dd560672.aspx
Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway (TS Gateway), is a role service in the Remote Desktop Services server role included with Windows Server® 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources.

Basically at the firewall you only allow RDP connections to the RDP gateway, and at the RDP gateway you can granularly control what resource sharing is allowed or disallowed.

Microsoft's RDP client natively supports the RDP gateway feature as well.

Re: Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that?

VinothV — Tue, 28 May 2013 08:31:15 GMT

Thank you for the post. Can we utilize the Remote Desktop Gateway service for RDP between end systems. For example I am having two lab networks which needs RDP between each other. Each has about 250+ computers. Can we utilize the RDP Gateway service for this setup?