goth9 Posted October 13, 2005 Share Posted October 13, 2005 I am using remote desktop to connect FROM my pc at work TO my PC at home. The admins here at work have locked us out of anything remotely interesting on the web, including internet email. The remote desktop allows me to access files on my home PC, and (thankfully) let's me send internet emails until I'm blue in the face My question is, can the admins see what I'm doing? I'm sure they might be able to see that I'm making that remote connection, but unless they use a screenshot utility or keylogger or something, they can't see files that I'm opening, websites that I'm visiting, or posts on MSFN that I'm making... right? Link to comment Share on other sites More sharing options...
ringfinger Posted October 13, 2005 Share Posted October 13, 2005 (edited) I'm basically in the same boat. Our network here at work is locked down big time. Unless there's a way that I'm not aware of I think you're safe. Just keep an eye on your processes running on your work machine, I know that our corp IT has installed remote software on all workstations to solve issues from a far, but you can always tell when they're in. My questions back to you, since our admins have locked down these machines so much I don't see Remote Desktop in the communications portion of the start menu. Do you know the name of the executable for Remote Desktop in the Windows/Program Files directory so I can run it straight from the .exe and possibly do the same thing you're doing? If you could just right click the shortcut and tell me the path i would appriciate it! Thanks. Now, I just hope the ports are open Edited October 13, 2005 by ringfinger Link to comment Share on other sites More sharing options...
goth9 Posted October 13, 2005 Author Share Posted October 13, 2005 I don't know if this will help you, but the file is in:C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\CommunicationsThat file isn't necessarily available right from the get go. I had to go through some help files in xp to figure out how to "install" it or unpack it or whatever the heck I did.I was surprised when I discovered it worked. I guess the admins haven't gotten around to locking us out of it (yet). Link to comment Share on other sites More sharing options...
ringfinger Posted October 13, 2005 Share Posted October 13, 2005 Yeah... see here I don't even have a communications in ..\Accessories, but I know the shortcut must be linked to a .exe somewhere. Link to comment Share on other sites More sharing options...
InTheWayBoy Posted October 13, 2005 Share Posted October 13, 2005 %SystemRoot%\system32\mstsc.exeAs for the original question, it really depends on how they monitor the network. At the least they could see that you are using the port required for RDP...if you can change that (I don't know if you can or not) then that might help you slip under the radar. Or, it could expose you...they might not notice any traffic on RDP because they themselves probably use it and just think you are another admin. If you change to a different port then that may get you in hot water.Also, if they have things like packet loggers then they will notice. They could also track you by checking the logs to see what remote connections are made (Only a matter of time before they trace your home IP to you personally), or they might have a employee workstation monitor application that might bust you (Not too common yet). Link to comment Share on other sites More sharing options...
ringfinger Posted October 13, 2005 Share Posted October 13, 2005 Thx for the path. Link to comment Share on other sites More sharing options...
Clint Posted October 14, 2005 Share Posted October 14, 2005 Jeesas, I feel for ya guys...must be terrible to be monitored and having all those threats hanging over you. If you wanna change that port on your home puter : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber and change it to what you consider will do it (on the Edit menu change to decimal).When connecting from work just enter: ***.***.***.***:portnumber Link to comment Share on other sites More sharing options...
TheFlash428 Posted October 14, 2005 Share Posted October 14, 2005 As a network admin that (against my good will) has to set a lot of policies described here, I can tell you that, yes, it possible to see the remote desktop traffic (port 3389)--but frankly, if a user in my network was smart enough to figure out how to do this, I would be too impressed to report him/her, assuming the motive was innocent.The network I manage is behind a DoD firewall (which is as specific as I'll get), but pretty much every port is closed, including the remote desktop port. Changing the port (on the target computer) as mentioned above does work though--what we do is use a know open port on the firewall for access, which does work. Link to comment Share on other sites More sharing options...
ringfinger Posted October 14, 2005 Share Posted October 14, 2005 @Clint & TheFlash... thanks for the info guys! So TheFlash... whats up on the Area 51 archive man?!? Link to comment Share on other sites More sharing options...
Clint Posted October 14, 2005 Share Posted October 14, 2005 @Clint & TheFlash... thanks for the info guys! So TheFlash... whats up on the Area 51 archive man?!? Yw, now you go 'n' kick that boss in da butt from me Link to comment Share on other sites More sharing options...
goth9 Posted October 14, 2005 Author Share Posted October 14, 2005 As a network admin that (against my good will) has to set a lot of policies described here, I can tell you that, yes, it possible to see the remote desktop traffic (port 3389)--When you say it's possible to see the traffic, you mean as an admin you can see a user is active using the port or you can see what's actually going through the port? As an analogy, I don't mind if my admin sees my car on the road (I'm assuming if he doesn't want me driving he'll say so) - I just don't want him to be able to roll my window down and see me picking my nose at the stoplight Link to comment Share on other sites More sharing options...
net_user Posted October 14, 2005 Share Posted October 14, 2005 as a network admin, i purchased some software that allows me to interact with the computers on the network.it works great as to help people out so i don't have to walk all over the place...ect..ect.. one day i noticed my co-worker rdp into a xp machine, so using my software i started to control the xp machine. i could see everything he was doing. so yes, rdp connections can be watched. Link to comment Share on other sites More sharing options...
bledd Posted October 14, 2005 Share Posted October 14, 2005 net_userwhat software is that? Link to comment Share on other sites More sharing options...
Rhelic Posted October 14, 2005 Share Posted October 14, 2005 (edited) The ONLY thing the admins can see is that you remote desktop to a certain computer.Everything you type, paste or copy across the remote desktop is encrypted by default, I have researched this in the past, it's all explained in some MS whitepapers. Edited October 14, 2005 by Rhelic Link to comment Share on other sites More sharing options...
net_user Posted October 14, 2005 Share Posted October 14, 2005 not true Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now