block remote desktop

[Rob]

I have a user that is connecting to a remote desktop in order to access
websites from home that we normally block here at work.. I have blocked the
IP they are connecting to but incase they have another ip which is likely, I
want to just block outgoing requests all together. blocking 3389 doesn't
work.

 

[Guest]

Sounds like he is going to an aweful lot of trouble just to look at those
webpages. That's interesting he is just not doing it at home. Can you not
just disable remote desktop on the computer?

 

[Rob]

Actually let me rephrase; blocking 3389 does work but then they could just
change the listen port on their pc. So, is there anyway to block the app
without uninstalling it?

 

[Michael C]

Actually let me rephrase; blocking 3389 does work but then they could just
change the listen port on their pc. So, is there anyway to block the app
without uninstalling it?

Why are you network admins so restrictive of your users?

 

[DandyDon]

I'd record the unwelcome behavior with a keystroke logger and website
monitor, confront the employee; and either discipline or fire them,
depending on their importance to the company. If what you state is true,
they have no regard for company policy. That makes them a liability, in my
opinion.

 

[Guest]

if you have a firewall just block every port that you don't need. If you
have an application that needs another port open just add it to the
acceptiable list. Other wise you can just create a more restricted user on
the computer which does not have access to turn on the remote desktop
feature, ex. Guest doesn't have access, and then when you turn it off they
can't turn it back on. I don't know if you can uninstall remote desktop on
XP pro I have not tried it but if you want to try just put the XP Pro cd into
the computer and it prompts you with a install/uninstall componunts or
something like that. Then you can search for remote desktop and remove it.
But there are other way's to remote in. For example VNC can do it or simple
ajax program can also remote into a machine and that's accross the http 8080
port which makes it imposible to block. You should probably get an internet
filtering program which prevents the access. Or find the employee and tell
them that is not appropriate. The only other option is to restrict the user
so that they cannot install an application unless given rights.

 

[Michael C]

I'd record the unwelcome behavior with a keystroke logger and website
monitor, confront the employee; and either discipline or fire them,
depending on their importance to the company. If what you state is true,
they have no regard for company policy. That makes them a liability, in my
opinion.

What a load of rubbish. He is just like any employee who takes offense to
the typical over policing of network admin staff who have nothing better to
do than execise their little bit of power.

Michael

 

[Master Programmer]

I suggest fabricating some evidence that they have been accesing
porography whilst at work. You can then use the bogus evidence to have
them dismissed.

Steve Ray Irwin

 

[Charlie Tame]

I have a user that is connecting to a remote desktop in order to access
websites from home that we normally block here at work.. I have blocked the
IP they are connecting to but incase they have another ip which is likely,
I want to just block outgoing requests all together. blocking 3389 doesn't
work.

Quite so, he could just change the port at home.

However what is the concern? I mean why are these websites blocked at work
(It sounds like some aren't the way you said it) - is it just time wasting
you are worried about or some security risk?

Quite honestly if he can access his home PC he could be running an HTTP
server on it to download from or if you allow FTP then an FTP server. I
think that HTTP issue might be a bigger risk than RDP. If he is doing stuff
via RDP at home then it's his home machine at most risk. I use RDP all the
time from work to exchange stuff between work and home.

Charlie

 

[Edwin vMierlo]

no need for a technical solution, you could do the following

1) warn him that what he is doing is not allowed by company policy
2) notify your own manager that you have warned him (CYA)
3) warn his manager (and notify your manager that you have warned his
manager)
4) notify to HR (and notify your manager that you have notified HR)

after that... it is not your problem it is HR's and his problem

rgds,
Edwin.