Educause Security Discussion mailing list archives
Re: RDP and Campus Computers
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Wed, 7 Nov 2007 13:12:04 -0500
Interesting. We did something similar. We moved to a terminal service server (only 5 or so concurrent users at any one time so performance is not a concern at this point). We let them access it either over SSL or IPSec. We really only advertise the IPSec because even though you have to install it on the end machine it is more comfortable for the end user (Cisco application access is still kind of clunky). The IPSec only allows access to the TermServer - or special access based on specific request/approval. I saw someone else responded with how to disable your clipboard. I was looking for this answer as well. But I also have a question for the list on this topic. The only real complaint we have at this point is when users want to print a document to their home computers. I think this is a bad idea in many ways but I am being told I should look into if/how this can be done because a "business process control" can/should keep them from printing the "bad" document rather than a technical control that keeps everyone from printing anything to their home computer. What does the list think about this in general? And what about solutions using IPSec or SSL VPN and/or terminal services? _________________________ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -----Original Message----- From: Carroll, John [mailto:carrolljw () LONGWOOD EDU] Sent: Wednesday, November 07, 2007 11:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] RDP and Campus Computers We at Longwood have been trying to find a solution that would allow our faculty and staff to work from home while preventing them from downloading or storing potentially sensitive data on their personal computers. One solution that we are favoring is leveraging our SSL VPN Cisco client with the Remote Desktop to the users office computer. The issue with that appears to be the clipboard "cut and paste", which allows you to essentially copy data from work to your personal computer. To further aggravate, the option to enable and disable this feature appears to be with the client side (home user). I have not had much luck finding a solution on the web to disable the "cut and paste" (rdpclip.exe) permanently. It is a Windows protected file. Has anyone attempted to do this and found the same issue or perhaps a solution or, do we need to find an alternative method and give-up on RDP? Any suggestions or advice would be most welcome. John Carroll Information Security Office Longwood University
Current thread:
- RDP and Campus Computers Carroll, John (Nov 07)
- <Possible follow-ups>
- Re: RDP and Campus Computers Jeni Li (Nov 07)
- Re: RDP and Campus Computers Aaron B. Bewley (Nov 07)
- Re: RDP and Campus Computers Scholz, Greg (Nov 07)
- Re: RDP and Campus Computers Greg Vickers (Nov 07)
- Re: RDP and Campus Computers Ozzie Paez (Nov 07)
- FW: RDP and Campus Computers Charlie Prothero (Nov 07)