Solved

RDP login to SBS 2008 Std with invalid domain name

Posted on 2010-08-20
5
600 Views
Last Modified: 2013-11-21
Hi Guru's !

II found out strange configuration on SBS 2008 Std. It is security issue.

Beleve or not but I  can RDP login to SBS 2008 with INVALID domain name.


Does anyone have experiences about that.


Thanks



0
Comment
Question by:Vojko Divjak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:Wikkard
ID: 33483337
Are your server in a domain ? If not then the local machine accounts would always be used for authentication I believe.
0
 
LVL 4

Expert Comment

by:ebooyens
ID: 33483358
so are you using "invaliddomain\user" where user is a valid user and you use a valid password and it then logs on?  If so the RDP client may just be passing the username and password and not domain.  Why are you concerned about this?  RDP should not be open to the internet and only on the LAN, in which case anyone who can get on your LAN can probably figure out what your real domain is anyway.  As long as your passwords are complex and changed on a schedule that should be secure enough.
0
 

Author Comment

by:Vojko Divjak
ID: 33483739
Ok. But I noticed tihis behavior only on SBS 2008. On 2008 Std and 2008 R2 and you know on all releases of 2003 it works fine.

I agree RDP port should be closed to internet.

Everything started when one of my customer wanted to see all connections on exchange server with his Miobile Phone. I saw that his phone using wrong (read old) domain name and he gets mail without any problems.


0
 
LVL 4

Accepted Solution

by:
ebooyens earned 500 total points
ID: 33483763
Yeah that is strange.  Sounds like a bug to me.  I don't have any thoughts on fixing this sorry other than just making sure your server is fully patched.
0
 

Author Comment

by:Vojko Divjak
ID: 33483821
It is strange, yes. That's whay a was started to digging.
My server is fully pached, of course :)

Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question