Solved

Remote Desktop - 2k on client - GPO premits no software install!

Posted on 2003-12-07
29
1,040 Views
Last Modified: 2013-11-21
i am using a computer that is running windows 2k, i cannot install any software on the computer becasue of strict GPO.  I would like to connect to my remote desktop connecion at home, does anyone know of any java aplet or other that i can use to connect to TServer without installing any software on the compu8ter?
0
Comment
Question by:jslingerland
  • 11
  • 7
  • 4
  • +3
29 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 250 total points
ID: 9893416
If you can run activex on your compu8ter, and can get this installed on Tserver, Bob's your uncle:
http://www.microsoft.com/downloads/details.aspx?FamilyID=33AD53D8-9ABC-4E15-A78F-EB2AABAD74B5&displaylang=en
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9893721
If you web-enable the Term server, then you can just use your browser to connect to it..
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9893900
By using the link immediately above :)
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9894247
Not to be rude, but why do you want to remote-control your PC at home from your policy-restricted work PC?  

Has it occurred to you that it may be against company policy for you to do what you are trying to do?

If there is a legitimate business purpose to do what you are trying to do, then you should enlist the help of your company's IT department.  Strict policy restrictions are usually there for a reason, and to attempt to bypass them, even for innocent purposes, could possibly be grounds for immediate termination, depending on how your company's security policies are written.

Like I said, it may be entirely innocent, and may even be for legitimate business purposes, but if you have strict GPO's in place, I would check twice, and then check again, before attempting to bypass your company's security policies.

If your company's IT staff people want to come to us with suggestions on how to enable your desired connection within the company's guidelines, then cool.  Otherwise, I don't think we should give any more info, IMHO.
0
 
LVL 6

Expert Comment

by:philjones85
ID: 9894391
you could load tightvnc on your computer at home:
http://www.tightvnc.com/

you could then either use the tightvnc viewer from work (not sure if it has to be installed or not)
or you could configure tightvnc so you could connect to it through your web browser.
i.e. open "http://youripaddress" in internet explorer to connect to your computer at home.
0
 
LVL 6

Expert Comment

by:philjones85
ID: 9894402
by the way, tightvnc sets up its web interface on port 5800, so you would have to open:
http://youripaddress:5800/
in internet explorer to connect to tightvnc on your computer at home through internet explorer at work.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9894414
there's always gotomypc
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9894439
There are always ways, often multiple ways.

Like I said, if this is a work PC, and there is not a legitimate business reason to do this RC of the home PC, any further activity without the assist of the IT personnel should be done with EXTREME caution, keeping in mind that in many companies it would be an immediate-termination offense.

You have been warned ;)
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 9900260
Wow, ShineOn sounds like he works for your company (as a matter of fact he sounds like he might be the network enginee).

I agree with those who suggested VNC.  But I should also note that if the HOME PC is running XP and Remote Desktop Sharing is already enabled, if your workstation (at work) is also running XP go to...

START
PROGRAMS
ACCESSORIES
COMMUNICATIONS
REMOTE DESKTOP CONNECTION
Enter the IP of the home machine and it should connect no problem.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9902646
Well, think about it, TheBrutha.  If you were in a situation where GPO was set up to prohibit the users from installing anything on their workstations, doesn't that imply a company that has strict security policies that would include disciplinary action for employees attempting to breach that security policy?

Like I indicated, if there is a legitimate business reason for this person to remote-access his home PC from work, then the IT department IN SUCH A CONTROLLED-ENVIRONMENT COMPANY should be involved to make sure none of what is done violates the security policy guidelines.

If I were said employee in said company, I would not even think about trying to bypass coporate security measures.  Why do you think it would be OK?  What if the questioner is a corporate spy and wants to contact his home PC to load confidential documents to sell to a competitor?  One of the basic tenets of network security is that most offenses happen from the inside - corporate spies, disgruntled employees, and such.

I don't think we should say anything else to this guy.  My spidey-sense is tingling...
0
 
LVL 1

Author Comment

by:jslingerland
ID: 9924987
oh one more thing, ShineOn please dont tell my mom, i dont want to get in trouble
0
 
LVL 1

Author Comment

by:jslingerland
ID: 9924999
maybe its not your spidey sence, mabey its your caustic sence of self satisfation.
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 9927975
Earth to ShineOn, come in ShineOn...you're starting to sound like a paranoid addict.  Obviously the individual asking the question WANTS to bypass the guidelines in place, although I think you're right for reminding him those guidelines are in place for a reason, he still requested help on what is obviously something he wants to do, REGARDLESS of the GPO currently in place.  

PS.  At what point did I say it was OK to bypass corporate security?  That's between him and his company, he simply asked how we could remotely access his PC from work even though there is a GPO in place.   I simply said you sound like the Network Engineer for his company (i.e. joke).  It's ok to laugh sometimes, get your head out your W2K administrators companion book.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9929569
The GPO prohibiting the intallation of software should be accompanied by a formal, written security policy that includes an "acceptable use" policy that users are actively made aware of.

I'm not sure an ActiveX RDP connection is any more of a threat than any other web page, certainly less than personal email accounts, IM, etc.

I trust he's now aware of the ethical implications in violating his firms guidlines and will govern his actions in accordance with them.

 
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 35

Expert Comment

by:ShineOn
ID: 9931869
Whatever.
0
 
LVL 1

Author Comment

by:jslingerland
ID: 9939176
I would also like to apologise for being an ass to ShineOn - I know he did have my best interest in mind.  I am in management here, and the ip department answers to me, although i do my best to apease my it departments wishes

your all awsome

Jordan
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9939852
Um, I guess, thanks for the apology.

One thing I must say, though, is that as a management person, you should know what your security policies are, and should realize that for them to work, even management shoudn't bypass them.  Not to say that you would abuse anything, but I personally worked with an IT director that was working "on the side" for a competitor, passing customer lists, so being in charge doesn't mean you can't possibly do anything bad by "bending" the rules.

OK, the rest of you can get pissy at me again for being anal-retentive about security now.

Brutha, your attitude about helping someone get around the rules because they asked how, regardless of the circumstances, is almost as bad as telling a script-kiddie how to crack a program's licensing security.  You're every security manager's nightmare.  Absolving yourselft from personal responsibility by saying you just gave what was asked for, and it that's what they want to do, that's up to them, they know the risks they run, is as bad as a crack dealer saying, "hell, I don't MAKE them smoke it - they came to ME."
0
 
LVL 1

Author Comment

by:jslingerland
ID: 9940406
Charade you are shine on.  With all due respect.  I gave you a chance, told you i see things from your perspective.    so what if i want to loging to my pc at home and burn a cd, or modify security policies on my domain controler while im at work.  For real  Im not tring to "passing customer lists" bring Adelphia  into further turmoil.  And no, im not acculy doing work most the time when im remote connecting.  But im not an idiot, i dont ask alot of questians on EE, and most of the time i find the answer myself way before anyone on here gives me advice. But i dont know everything, and i respect the advice of most the people on EE, so i ask to see if peope know better ways.  So maby you should step off your moral high ground for a minute and stop trying to play daddy. iI can totaly see one time trying to bring up the fact that you dont want to violate policy, but to keep coming and coming with it, serously.

0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9941590
The only reason for it being mentioned more than once, in more than one way, is simply because everyone else simply shrugged it off each time.  Even trying to add a touch of humor fell flat.

If you want to see me as a parental figure that's OK.  I did bring up 2 kids quite successfully, and am proud of the results.

It is not moral high ground.  I am not being preachy.  It is a message that should not be ignored, and this is the third time you are "being an ass" as you put it, although you did apologize once.

I don't give a whit what you want to do with your time or your company's time; that is not my concern.  I don't care if you ignore anything else I say on EE out of spite; that is your prerogative.  The point I was trying to make was not to you, but to the other participants of this question - that this kind of "help" can be more harmful than helpful.  The place to go for this information for someone in your position is your own IT department.

I am trying to keep this professional, so please end this now.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9941636
or  move it to religion and philosophy...
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9941678
chicagoan

This is a professional TA.  If I remember correctly, the EE rules discourage helping people break security.  It is unprofessional to recommend ways around security - EE is not a hacker site.

If that is an incorrect assessment, cool.  I retract all my statements regarding security.

If not, I will continue my "religious and philosophical" adherence to the professional concept of network security, in this, the appropriate TA for it.

If you think I'm being unreasonable, complain to the moderators.
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 9941753
As stated in an earlier post...

"whatever"

chicagoan resolved the issue, and that's all that really matters at this point.  That's why he's one of the top 15!  =)
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9941817
I don't think your effort to make people aware of security is unreasonable, but every enterprise is different and the degree of lattitude given to end users is different. Being professional is not about locking down an enterprise to the greatest extent possible, it's about applying the policies that management has put forth.

From a philosophical point of view - I think there is a difference in circumventing a GPO to install software and web-enabling you home TServer so that you can use it from work with the infrastructure in place PROVIDING THAT DOES NOT VIOLATE THE SECURITY POLICY.







0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9942018
TheBrutha -

If you look, I am also in the top 15, and if you are not of the hacker/cracker mentality, resolving this Q is not all that matters.

chicagoan -

I think we are much closer to agreement on this than we are in disagreement.  However, I don't think it's up to us to guess whether or not we are enabling someone to circumvent their security policy.  Unless the asker is part of the IT department and is looking for ways to allow this type of access to a user within the security policy's guidelines, I don't feel that it is our place to put that info out there.  Sure, we don't know if the asker is lying, but to give info freely to an obvious end-user looking to do an end-around ...

I know, there are many ways a determined user can find out how to break the rules, and most if that knowledge is available elsewhere - they don't NEED to come to EE for that info.  That doesn't mean we should provide them that info just because they could find it elsewhere.  We don't know how liberal their company's security policy is, so that shouldn't matter.

If a company has strict GPO in place that restricts installation of programs, they are much more likely to have strict security guidelines to match.  Being professional is not about locking down the desktop, it is about whether our dissemination of knowledge is ethical.  NOT moral, but ethical - there's a difference.  If I had said moral, then your comment about religion & philosophy might apply.  Ethics is part of professional behavior.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9942543
>If a company has strict GPO in place that restricts installation of programs, they are much more likely to have strict >security guidelines to match.
I'm not sure I can agree with that premise. Having worked for firms ranging from bank holding companies to large universities and private firms doing sensitive work for govt agencies, the lack of a well founded and disseminated policy is more the case than one might hope outside of .gov institutions. In my experience, locking down the local machine is more often a response by IT to the costs of repairing them and the exposure of unlicensed, unsupportable or conflicting applications than an attempt to enforce a corporate information security policy.

You can't seperate ethics and morality! Ethics are based on moral principles.*

That aside, the ethical consideration here is that the "use the property of a client or employer only in ways properly authorized, and with the client's or employer's knowledge and consent."

If the question had been posed differently:
How can I access my PC at home from a cyber-cafe without installing any software? or
How can I get to our office PC from a client's public machine?
would that change the ethical framework?

In all of these cases the root principal is that the activity must be ok with the employer. The question here was NOT how to hack the emplyer's system but how to set up a machine to be accessed without the installation of client software. While the GPO issue framed the context, and a caveat that the activity be "properly authorized, and with the client's or employer's knowledge and consent" I submit this question is not about a hack, and I don't think that's splitting hairs.

From a "portal of infection" standpoint, how different an activity is this than getting your mail from Yahoo or Hotmail, or accessing you ISP web space to get some files you were working on at home, or sticking a usb keyfob in your machine?
If someone asked "I work at home a lot and occasionally need to access my files" I don't think any reasonable security professional would cut them off, but would answer "assuming that's ok with your boss, you could....."



*http://www.cpsr.org/program/ethics/cei.html
*http://www.computer.org/tab/seprof/code.htm
*http://www.acm.org/constitution/code.html
*https://www.isc2.org/cgi/content.cgi?category=12


0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9942747
I would also direct anyone wondering about network security here:

http://www.sans.org/rr/catindex.php?cat_id=8

to learn about best practices.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9942772
This one, titled "The Internal Threat to Security, Or, Users Can Really Mess Things Up" might be most apropos to this Question.
http://www.sans.org/rr/papers/index.php?id=856
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 9942836
Shine On, you just don't quit do you?  Yes I know you're in the top 15, but you didn't resolve the inquiry, that's why praise was given to chicagoan, everyone have a pleasant day.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9942958
No, I don't quit.  I didn't try to resolve the Q.  I tried to stop it from being resolved.  

Not to speak for chicagoan, but if you're looking for praise for giving a "right" answer, then you should go talk to your kindergarten teacher.  This isn't about praise.  It's about helping people.

Have a wonderful day.

0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now