Re: Remote desktop access policy

["Kurt Buff" <kurt.buff () gmail com>]

On Jan 18, 2008 5:33 AM, WALI <hkhasgiwale () gmail com> wrote:
> Hi guys...do you have any remote desktop policy clauses that you can share?
> I am having difficulties in trying to tell people the hazards of haphazardly
> asking IT guys the perils of asking access to their desktops when the come
> in via VPN.
>
> Everyone wants to have a VPN client and then to a remote desktop session to
> their desktop.
>
> How can I tell them the threats of doing so? Are there any threats? Should I
> restrict such usage? For one, it makes a lot of economic sense to switch off
> PC once a user leaves his/her desk for the day.

I'm in the middle of implementing the community (free/OSS) version of
SSL-Explorer, and it's pretty dang sweet. I'm not ready to deploy yet,
but have tested with great success a native Java implementation of
RDP.

The remote user needs a web browser and a JRE on their machine, and
can then get to their own desktop or a TS server, or whatever else
I've defined. There are other apps available, and authentication to AD
is available (though I haven't successfully configured that yet) as
well as native *nix (/etc/shadow, etc., which I haven't tried, and
probably won't) and an internal database (HSQLDB), which works easily.

The way I have it set up currently, the user authenticates to the app
(SSL-Explorer) then is presented with a set of apps, which I can
specify based on the account, or the groups of which the account is a
member. One of those is the Java RDP app. Another is a WoL app, which
will wake up the remote machine, so if they're going to their machine,
they can do one and then the other (maybe - I haven't gotten that far
yet.)

I think this is quite cool, actually, and am going to roll it out as
soon as I get my arms the rest of the way around it.

Kurt