ENVIRONMENT: Windows Server 2003 SP2 (all patches current) running MS Terminal Services (Remote Desktop). Server is located in a colocation facility, and multiple concurrent users connect from an office premises located some distance away.
We have a client with a poor internet connection at their office, which results in frequent disconnections. RDP clients automatically re-connect to the server after a few seconds.
PROBLEM: This client claims that when sessions are disconnected, users at that location are getting re-connected to the sessions of other users at the same location. All users have different userIDs. (nobody shares a userID)
For example, user "Receptionist" is getting re-connected to the remote desktop of user "Accountant". This has serious security issues, with privileged data being exposed to non-privileged employees.
On the surface this "seems" impossible, but the client insists it's happening.