locked
Bug? - Remote Access to home-computer desktop when Remote Access is disallowed. RRS feed

  • Question

  • I can remotely access a "home-computer desktop" via IE 7 and WHS (URL: https://???.livenode.com/home/) on which Remote Access is disallowed in the WHS console.

    1. There are three computers with User Account’s setup on WHS.
    2. The account credentials are the same on the workstations and the WHS.
    3. The workstations are all running XP Pro SP2
    4. I have configured one workstation with "Remote Access" = Allowed. I’ll call it ws01.
    5. Ws02 and ws03 are configured with "Remote Access" = "Not allowed".
    6. All three workstations have the WHS icon in the system tray and behave predictably and consistently on the local network (WHS console, RD to WHS, backup etc.).
    7. They also can all RDC between one another and numerous other flavors of local systems.
    8. Only one User Account, ws01, can successfully log on to https://???.livenode.com/remote/logon.aspx?.
    9. The other two User Account’s raise the message:
      "Your user account does not have remote access enabled. Contact your home network administrator to enable your user account for remote access."
    10. The WHS Administrator account refuses as expected.
    11. Ws01 is a member of Users and "Remote Desktop Users". It was setup as a Limited User Account system to test WSH.
    12. Ws02 and ws03 are only members of Adminstrators (no explicit RDU membership – but obviously implicitly allowed).
    13. Now the rub.
    14. When I first-freshly built the RC WHS and connected and configured the clients, I noted the following:
    • Everything worked flawlessly and as expected locally.
    • Remote Access to Computers (Remote Desktop Web Connection) offered ws02 as "Available for connection". The other two workstations advertised "Connection disabled".
    • I was able to forge an RDC with ws02.
    • I was not able to RDC with ws01 or ws03 as the connection hyperlinks were disabled.
    • Ws02 and ws03 don’t even meet the strong password requirements to allow enabling of Remote Access in the WHS console.
    • Only ws01 is a member of "Remote Desktop Users" group on the WHS.
    • After a few days, many reboots and no setup changes ws01 became remotely RDC accessible in addition to ws02. The WHS console still only shows ws01 with "Remote Access" = Allowed
    • All my "Remote Access to Computers" connections were made via the Internet (not Intranet) by using logmein etc. to loop back from other locations.

    Thanks for not opening port 3389 in the router via UPnP – I wouldn’t want to be inviting RDC attempts on a network of unsecured workstations.

     

    I would include more specific/helpful info if this were not an open forum.

     

    I installed the Connector on ws01 via the Administrator account because I expected the User account would not allow the install. The desktop shortcut and System Tray icon appeared and functioned as expected in the ws01 workspace.

     

    The TALQ for the WSH is CAB 351296482. The other systems can’t be TALQ’d because of client stipulations.

     

    You guys must be the NAS vendors’ worst nightmare,

    …Shuss

    Tuesday, June 19, 2007 9:43 PM

Answers

  • Remote access to computers is separate from the remote access permitted to WHS users. If the computer permits remote access, then any user allowed to log on to that computer can connect to it. The RDP authentication is not controlled by WHS. So in your scenario, if all three users exist on all three client PCs and WHS, you can control which users can log into the WHS Remote Access site, and you've set things so that only ws01 can do so. Once logged in, however, that user can log in to any client PC on your network that supports RDP connections. If that user knows other userids and passwords, he could even log on to client PCs to which he himself is not granted access, by using an id/password appropriate to the machine he's connecting to.

    Does that help?
    Wednesday, June 20, 2007 1:39 AM
    Moderator
  •  Michael Bath wrote:

    Gentlemen:

     

    Interesting notes; I have been using RDC on XP Pro, Vista RC1 (Ultimate) etc., machines and now also Vista Home Prem.  The obvious question now arises: why limit RDC connections to Vista Home Premium computers; also RDC with WHS???  I have applied a modified termsrv.dll in system32 and this fixes the RDC connection in Windows but not from WHS - for the Home Premium machine.  It seems to check the opsys (of the Home Premium computer) and still not allow the connection.  I wonder where this CHECK can be found?

     

    Michael

     

     

    Michael, you cannot TS to Vista Home Premium through WHS since Vista Home Premium does not have TS functionality shipped with it. Modifying termsrv.dll is not what we expect users to do, so it will still show up in Remote Access computers page as Disabled.

    Wednesday, June 20, 2007 6:29 PM

All replies

  • Remote access to computers is separate from the remote access permitted to WHS users. If the computer permits remote access, then any user allowed to log on to that computer can connect to it. The RDP authentication is not controlled by WHS. So in your scenario, if all three users exist on all three client PCs and WHS, you can control which users can log into the WHS Remote Access site, and you've set things so that only ws01 can do so. Once logged in, however, that user can log in to any client PC on your network that supports RDP connections. If that user knows other userids and passwords, he could even log on to client PCs to which he himself is not granted access, by using an id/password appropriate to the machine he's connecting to.

    Does that help?
    Wednesday, June 20, 2007 1:39 AM
    Moderator
  • Gentlemen:

     

    Interesting notes; I have been using RDC on XP Pro, Vista RC1 (Ultimate) etc., machines and now also Vista Home Prem.  The obvious question now arises: why limit RDC connections to Vista Home Premium computers; also RDC with WHS???  I have applied a modified termsrv.dll in system32 and this fixes the RDC connection in Windows but not from WHS - for the Home Premium machine.  It seems to check the opsys (of the Home Premium computer) and still not allow the connection.  I wonder where this CHECK can be found?

     

    Michael

     

    Wednesday, June 20, 2007 2:50 AM
  •  Michael Bath wrote:

    Gentlemen:

     

    Interesting notes; I have been using RDC on XP Pro, Vista RC1 (Ultimate) etc., machines and now also Vista Home Prem.  The obvious question now arises: why limit RDC connections to Vista Home Premium computers; also RDC with WHS???  I have applied a modified termsrv.dll in system32 and this fixes the RDC connection in Windows but not from WHS - for the Home Premium machine.  It seems to check the opsys (of the Home Premium computer) and still not allow the connection.  I wonder where this CHECK can be found?

     

    Michael

     

     

    Michael, you cannot TS to Vista Home Premium through WHS since Vista Home Premium does not have TS functionality shipped with it. Modifying termsrv.dll is not what we expect users to do, so it will still show up in Remote Access computers page as Disabled.

    Wednesday, June 20, 2007 6:29 PM
  • Remote access to computers is separate from the remote access permitted to WHS users. If the computer permits remote access, then any user allowed to log on to that computer can connect to it. The RDP authentication is not controlled by WHS. So in your scenario, if all three users exist on all three client PCs and WHS, you can control which users can log into the WHS Remote Access site, and you've set things so that only ws01 can do so. Once logged in, however, that user can log in to any client PC on your network that supports RDP connections. If that user knows other userids and passwords, he could even log on to client PCs to which he himself is not granted access, by using an id/password appropriate to the machine he's connecting to.

    Does that help?

    How can we access administrator account authentication in windows xp with any user account what are the ways to get access to administrator account authentication.

     

    If their is a way to access the administrator account authentication with user account...

    What is the way to protect our administrator account authentication  ?


    Monday, February 21, 2011 11:36 AM