Forum / Remote Desktop Manager - Feature Request

Ability to Lock desktop manager after a timeout

  • Create an Issue
  • Cancel

Hi,

First, some background:
I'm evaluating Remote Desktop Manager for my site and it works quite well for what we want, but fails on two main items.
The most important is the prime reason why we are trialling this type of tool in the first place. Our security department and auditor has made it clear that our main security hole is users or admins desktops. If a malicious user or trojan got access to an administrators machine it can then get access to many important servers very easily, either directly or get passwords to them.
We still have the practical problem of many servers to administer and with good security practice of long/complex passwords we use a password vault application to store them. With various other changes we could be entering passwords very often so we are looking at tools like RDM to make logging in easier for us Admins while not having to repeatedly enter passwords. However, there is still the issue of "if someone gets access to the machine they can get to other servers too easily".
We now have a policy that all desktops (soon all servers too) switch to the password locked screensaver after 10 minutes idle time (they wanted 5). Our password vault software does a similar thing, 3 minutes of not using that application itself will lock it and you need a different password (not the desktop one) to get access again.

Where does Remote desktop Manager fit in this? While you can set a password for opening the RDM application, you need an option to timeout and lock again (prompt for password on next attempt to use) after X minutes, otherwise it is too risky to store passwords for one click desktop access. We acknowledge that we can never entirely eliminate the risk of someone taking over a machine, but must try and minimise the window of opportunity.

The other problem is not so important if the first isn't solved. We also have many applications like Oracle Grid Control that are web pages with logins. Most of us also use Firefox, not IE, even so, storing passwords in the browser is not ideal. A central secure vault is the aim and if you can't get the login and password saved with the URL in RDM there isn't much point in saving the URL only.

Whether the policies are good or not, or valid arguments isn't the point of this request (before others comment on it wink ). I have no control over the policy just have to try and streamline our processes while working within the rules here.

Hope you can help, in other ways I quite like Remote Desktop Manager but can't continue with it unless at least the first point is addressed and this is as secure as possible.

Cheers,
Damian

Clock9 yrs

Hi Damian
I completely understand and I have no problem with your company policy. I'm working hard to make the application secure and I can see the benefit of an auto lock feature. I added your request to my todo list but I can't tell you it will be available. Maybe in the middle of January but I can't guarantee you the exact availability.

For you second point, for now I'm unable to manage web credentials, if you know a way of doing that, let me know, I will gladly add this.

Thank you for your comments.

David Hervieux
Devolutions inc.

David Hervieux

signaturesignature

Clock9 yrs

Thanks David,

I'll keep an eye on here to see what changes.

Cheers,
Damian

Clock9 yrs

Add my vote for a similar locking mechanism...there's already a startup password option which is great, but I'd like to be able to lock the software as well. Preferably as an option, whenever the desktop locks the software should lock separately, but I'd like to be able to specify a shorter timeout as well. No huge hurry but it would be nice :-)

Clock9 yrs

Hi guys,
This feature (auto lock on idle and auto lock when minimized) is nearly done and it should be in the next beta.

Thank you

David Hervieux
Devolutions inc.

David Hervieux

signaturesignature

Clock9 yrs

David,
This feature(auto lock on idle and auto lock when minimized) is not working for us. We are on v7.0.4 Binary.
We are using shared passphrase with "AlwaysPromptForPassphrase=1"

Clock7 yrs

The autolock feature was not designed to work with the passphrase. I will have to verify how much work this represents.

David Hervieux

signaturesignature

Clock7 yrs