Forum / Remote Desktop Manager - Feature Request

RDM agent for Windows/Linux servers

  • Create an Issue
  • Cancel

Hi!

I'm missing the option to enforce my staff to use RDM. Today they mostly connect directly to a server through MSRDP, which means that I dont get tracability on who was connected where and whos using sessions right now.

Wouldnt it be nice if there was a RDM Agent that could be installed in Windows (and linux) that sent back session info on remote connections to RDM and perhaps even gave the oppertunity to deny connections not coming through RDM?

On Windows I guess the Agent doesnt need to be a locally installed agent, since it most likely can poll that info over the network, although perhaps not in real time as locally installed agent would be able to do.

/Kaj

Clock3 yrs

Hello,

First I'll start by saying that we will look into solutions using the agent.

The current solutions to this challenge are as follows.

  • Using the firewall, block your RDP port from being accessed by your users IP. Implement either a TS Gateway, a combination or TS + RDM Jump, or a SSH Gateway for which your users DO NOT know the password. Only allow RDP from these machines. The only place where the gateway credentials are stored is in RDM. This allows for their normal domain accounts to be used on the remote device.
  • Remove your user's account from the "Remote Desktop Users" group, or remove the "Allow to log on locally" privilege, depends on your situation. Create utility accounts that do have that right and store passwords only in RDM. This prevents normal domain accounts to be used on the device.

Even with the agent, some sort of blockage must be put in place on the remote device to block plain accounts from directly connecting, but our agent could be used to implement these changes.


Best Regards



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock3 yrs

Hi!

I'm first and foremost intrested in getting the logging of who is connected and when, but can see that we will implement a blocking of direct connections over time - So if a potential agent will solve the audit/log part that would be great.

/Kaj

Clock3 yrs