I need an RDP guru - trying to use nested RDP sessions
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
Okay, mystery one solved. The first session's menu bar was hiding itself. I managed to click the pin that had it pegged. Jeesh. Intuitive? Nope. Guess I need more rounded icons.
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
charlieg wrote:
This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more.
Their choice, their problem :) Maybe invest into having RDP tunnels over the Onion framework using NordVPN? Ofcourse, NordVPN is owned by the CIA, so you need to build your own alternative. Paranoia is ok, as is realism :)
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
If I'm being real, having a DMZ or a jump box is not a bad thing at all. Never really seen anyone do that over RDP twice though. In theory you'd only have to RDP to the jump box and do any admin via PowerShell, etc. to the actual machine(s). But, whatever floats their boat I guess. :laugh: Just want to point out that as DMZ isn't a bad thing. In the *nix world at least, hopping around servers in a session is very common.
Jeremy Falcon
-
charlieg wrote:
This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more.
Their choice, their problem :) Maybe invest into having RDP tunnels over the Onion framework using NordVPN? Ofcourse, NordVPN is owned by the CIA, so you need to build your own alternative. Paranoia is ok, as is realism :)
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
NordVPN is owned by the CIA? wtf? Seriously? :) And yes, their problem. It's a total fluster cluck. I can't even ping anything. They won't open anything up for testing, etc. Going to double my rate.
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
-
If I'm being real, having a DMZ or a jump box is not a bad thing at all. Never really seen anyone do that over RDP twice though. In theory you'd only have to RDP to the jump box and do any admin via PowerShell, etc. to the actual machine(s). But, whatever floats their boat I guess. :laugh: Just want to point out that as DMZ isn't a bad thing. In the *nix world at least, hopping around servers in a session is very common.
Jeremy Falcon
I'm okay with that. DMZs are good. The internet is completely out of control and 99.99999999% of the people have no clue. The ones that do work for the NSA and Russian hackers :)
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
-
NordVPN is owned by the CIA? wtf? Seriously? :) And yes, their problem. It's a total fluster cluck. I can't even ping anything. They won't open anything up for testing, etc. Going to double my rate.
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
charlieg wrote:
Going to double my rate.
:thumbsup:
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
There are a couple of ways... I used to reduce the resolution to make it a bit smaller than my laptop monitor, then you have two windows. The only annoying thing is that the keyboard shortcuts can act weird depending where the focus is. Another option is, if you have more than one monitor, to set the first RDP to use all monitors and the second one to use only one monitor. Sharing information / files from one to the other one, can still be a PITA. Oh, btw. There was (not sure if still is) a very annoying (and even dangerous) bug back then. Multiple users RDPing in a server would get cross-clipboard. That means, the text I copied could be pasted by you in an editor. That provoked a couple of "funny" situations in our routinary work.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
There are a couple of ways... I used to reduce the resolution to make it a bit smaller than my laptop monitor, then you have two windows. The only annoying thing is that the keyboard shortcuts can act weird depending where the focus is. Another option is, if you have more than one monitor, to set the first RDP to use all monitors and the second one to use only one monitor. Sharing information / files from one to the other one, can still be a PITA. Oh, btw. There was (not sure if still is) a very annoying (and even dangerous) bug back then. Multiple users RDPing in a server would get cross-clipboard. That means, the text I copied could be pasted by you in an editor. That provoked a couple of "funny" situations in our routinary work.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
I do a similar thing, but, instead of RDP over RDP, I have RDCMAN installed on the machine I RDP into. There's then no confusion over which system I'm controlling and I don't need to worry about hitting the right control title bar thing. It might be overkill for connecting to a single server, but since, at the last count, the list of servers I need to connect to was well over 100, it's useful for me to have a single tool where I can group servers, switch easily between them, start sessions on all nodes of a cluster or all servers running a particular service, etc. Of course, you may not be able to have it installed on the "jump" server. Note that our network also has restrictions, so while the PC I RDP to can connect to a large number of servers, the PC in front of me, connected via VPN, has a much more restricted set that it can access.
-
This sort of used to work. I support a customer who has gone completely anal on security (all it takes is one hack I guess). Anyway, they moved the server to inside of an ultra secure facility, and network restrictions are to the extreme. This is all on their internal network AND behind their firewall - nevertheless... I used to be able to login to their VPN and RDP from my laptop to the server but no more. Now, I login to their VPN, RDP to the "jump server" - a machine that is open for these connections. This jump server is heavily restricted to talk to a limited # of other servers. I then RDP from the jump server to the production server - this is what I mean by nested. I need to be able to navigate between each RDP session. It used to be that I could slide the RDP title bar to the left or right but this seems to have disappeared. Any hints or wisdom?
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
Run the first session full screen (or windowed almost to full screen) and the nested sessions windowed slightly smaller. Move the taskbar on each layer to a different side of the “monitor” Workstation: Bottom taskbar Jump Server: Left taskbar DMZ Servers: Right taskbar We do similar things where each login is a different userid. I prefer windowed at each layer so my password manager/powershell script can send the untypable, constantly-rotating passwords to the lock screens. Running in full screen blocks “send keys” functionality.
