Vojko Divjak
asked on
RDP login to SBS 2008 Std with invalid domain name
Hi Guru's !
II found out strange configuration on SBS 2008 Std. It is security issue.
Beleve or not but I can RDP login to SBS 2008 with INVALID domain name.
Does anyone have experiences about that.
Thanks
II found out strange configuration on SBS 2008 Std. It is security issue.
Beleve or not but I can RDP login to SBS 2008 with INVALID domain name.
Does anyone have experiences about that.
Thanks
Wikkard
Are your server in a domain ? If not then the local machine accounts would always be used for authentication I believe.
so are you using "invaliddomain\user" where user is a valid user and you use a valid password and it then logs on? If so the RDP client may just be passing the username and password and not domain. Why are you concerned about this? RDP should not be open to the internet and only on the LAN, in which case anyone who can get on your LAN can probably figure out what your real domain is anyway. As long as your passwords are complex and changed on a schedule that should be secure enough.
ASKER
Ok. But I noticed tihis behavior only on SBS 2008. On 2008 Std and 2008 R2 and you know on all releases of 2003 it works fine.
I agree RDP port should be closed to internet.
Everything started when one of my customer wanted to see all connections on exchange server with his Miobile Phone. I saw that his phone using wrong (read old) domain name and he gets mail without any problems.
I agree RDP port should be closed to internet.
Everything started when one of my customer wanted to see all connections on exchange server with his Miobile Phone. I saw that his phone using wrong (read old) domain name and he gets mail without any problems.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It is strange, yes. That's whay a was started to digging.
My server is fully pached, of course :)
Thanks
My server is fully pached, of course :)
Thanks