Devolutions ForumDevolutions Forum

Connections back to Default Phone book (6.1.3.0)

Connections back to Default Phone book (6.1.3.0)

avatar
sander

Good morning!

Yesterday, I've updated our RDM to 6.1.3.0 (enterprise). Since then, almost all of our sessions' VPN connections have been reverted to "Default Phone Book", instead of the Phone Book on our custom, central location.
We have to edit the session manually to select "Phone Book" again. The PBK location is saved correctly.

Since we have 919 sessions, is there a way to fix this?

Thanks in advance!!
Sander

All Comments (11)

avatar
David Hervieux

Hi,
Yes, this is a migration bug, I'm sorry for that, can you try this special version:

http://remotedesktopmanager.com/download/Setup.RemoteDesktopManager.6.1.5.0.exe

David Hervieux

avatar
sander

Hi David,

VPN Problem seems solved, but the security is gone! At this moment, all my employees can access any server.

My situation:
SQL Server, with SQL login (not Windows Authentication).
Users are member of security groups.
Sessions secured by Security Groups.
Every user has got it's own Data Source connection, with a set of predefined SQL and user settings, without a password.

Normally, the select their own datasource, enter a password (username is not changeable) and see their rights.
At this moment, if user A selects' user B's datasource, he can change the username to his own, enter his password and then see the sessions protected by the security groups!
Strange!!

Attached an screenshot of the configured Data Sources.
Please let me know what you need in order to solve this importent issue.

Sander

datasources.JPG

avatar
David Hervieux

Hi,
I see, I exposed allowed the user name to be changed, but I never thought that this could be a problem. I will do a fix soon.

David Hervieux

avatar
sander

Great, thanks! Big problem here as you might imagine....
Will be happy to test!!!

avatar
David Hervieux

What about this version:


http://remotedesktopmanager.com/download/Setup.RemoteDesktopManager.6.1.6.0.exe

David Hervieux

avatar
sander

Hi David,

At first, it looks ok, since there is no option to change the username anymore.
But if you enable the checkbox "editable" right after the username in the Data Sources, the same problem exists again.

Sander

avatar
David Hervieux

Yes,
But it's the same think if your user edit the username directly from the configuration? You can lock there configuration if you don't want them to be able to edit it.

David Hervieux

avatar
sander

If you change the username from UserA to UserB within the Data Source, it logs you in with the rights of the username stated there (UserB).
If you change the username after selecting the data source (where the username is UserA) and change it during the login to UserB (with the password of UserB), you can see the sessions of UserA's security group.

Hopefully you understand what I mean, otherwise I could try to make a doc with screenshots if you want me to.

Sander
edited by sander on 6/24/2011

avatar
David Hervieux

I got it,
I updated the binaries

http://remotedesktopmanager.com/download/Setup.RemoteDesktopManager.6.1.6.0.exe

David Hervieux

avatar
sander

Great! Thanks a lot David!!

Both security and VPN works great now!
Maybe you could remove the links in this post to the two defective executables? This way there won't be a security exploit.

Sander

avatar
David Hervieux

I will, thank you

David Hervieux