remote desktop vs. evil network admins...

[goth9]

I am using remote desktop to connect FROM my pc at work TO my PC at home. The admins here at work have locked us out of anything remotely interesting on the web, including internet email. The remote desktop allows me to access files on my home PC, and (thankfully) let's me send internet emails until I'm blue in the face

My question is, can the admins see what I'm doing? I'm sure they might be able to see that I'm making that remote connection, but unless they use a screenshot utility or keylogger or something, they can't see files that I'm opening, websites that I'm visiting, or posts on MSFN that I'm making... right?

[ringfinger]

I'm basically in the same boat. Our network here at work is locked down big time. Unless there's a way that I'm not aware of I think you're safe. Just keep an eye on your processes running on your work machine, I know that our corp IT has installed remote software on all workstations to solve issues from a far, but you can always tell when they're in.

My questions back to you, since our admins have locked down these machines so much I don't see Remote Desktop in the communications portion of the start menu. Do you know the name of the executable for Remote Desktop in the Windows/Program Files directory so I can run it straight from the .exe and possibly do the same thing you're doing? If you could just right click the shortcut and tell me the path i would appriciate it! Thanks.

Now, I just hope the ports are open

Edited October 13, 2005 by ringfinger

[goth9]

I don't know if this will help you, but the file is in:

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications

That file isn't necessarily available right from the get go. I had to go through some help files in xp to figure out how to "install" it or unpack it or whatever the heck I did.

I was surprised when I discovered it worked. I guess the admins haven't gotten around to locking us out of it (yet).

[ringfinger]

Yeah... see here I don't even have a communications in ..\Accessories, but I know the shortcut must be linked to a .exe somewhere.

[InTheWayBoy]

%SystemRoot%\system32\mstsc.exe

As for the original question, it really depends on how they monitor the network. At the least they could see that you are using the port required for RDP...if you can change that (I don't know if you can or not) then that might help you slip under the radar. Or, it could expose you...they might not notice any traffic on RDP because they themselves probably use it and just think you are another admin. If you change to a different port then that may get you in hot water.

Also, if they have things like packet loggers then they will notice. They could also track you by checking the logs to see what remote connections are made (Only a matter of time before they trace your home IP to you personally), or they might have a employee workstation monitor application that might bust you (Not too common yet).

[ringfinger]

Thx for the path.

[Clint]

Jeesas, I feel for ya guys...must be terrible to be monitored and having all those threats hanging over you.

If you wanna change that port on your home puter : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber and change it to what you consider will do it (on the Edit menu change to decimal).

When connecting from work just enter: ***.***.***.***:portnumber

[TheFlash428]

As a network admin that (against my good will) has to set a lot of policies described here, I can tell you that, yes, it possible to see the remote desktop traffic (port 3389)--but frankly, if a user in my network was smart enough to figure out how to do this, I would be too impressed to report him/her, assuming the motive was innocent.

The network I manage is behind a DoD firewall (which is as specific as I'll get), but pretty much every port is closed, including the remote desktop port. Changing the port (on the target computer) as mentioned above does work though--what we do is use a know open port on the firewall for access, which does work.

[ringfinger]

@Clint & TheFlash... thanks for the info guys! So TheFlash... whats up on the Area 51 archive man?!?

[Clint]

@Clint & TheFlash... thanks for the info guys! So TheFlash... whats up on the Area 51 archive man?!?

Yw, now you go 'n' kick that boss in da butt from me

[goth9]

As a network admin that (against my good will) has to set a lot of policies described here, I can tell you that, yes, it possible to see the remote desktop traffic (port 3389)--

When you say it's possible to see the traffic, you mean as an admin you can see a user is active using the port or you can see what's actually going through the port? As an analogy, I don't mind if my admin sees my car on the road (I'm assuming if he doesn't want me driving he'll say so) - I just don't want him to be able to roll my window down and see me picking my nose at the stoplight

[net_user]

as a network admin, i purchased some software that allows me to interact with the computers on the network.

it works great as to help people out so i don't have to walk all over the place...ect..ect.. one day i noticed my co-worker rdp into a xp machine, so using my software i started to control the xp machine. i could see everything he was doing. so yes, rdp connections can be watched.

[bledd]

net_user

what software is that?

[Rhelic]

The ONLY thing the admins can see is that you remote desktop to a certain computer.

Everything you type, paste or copy across the remote desktop is encrypted by default, I have researched this in the past, it's all explained in some MS whitepapers.

Edited October 14, 2005 by Rhelic

[net_user]

not true