none
RDS hardening - bat file through share RRS feed

  • Question

  • Good day,
    Our customer came with a serious problem:
    RDS 2016 Remote app is delivered to the customer. The remote app can browse the local computer. Access to server disks is denied.
    The customer made a bat file on his local computer and browsed through the remote app to the bat file. The bat file contains a line of tekst:
    cmd.exe
    When he opens the file cmd opens. Access to the disks is denied, but on the cmd line he can open powershell and regedit. With powershell he is able to browse windows and windows/system32.
    The registry he can read as read only.
    How can we prevent him to do this trick?
    We have policy in place that should prevent cmd.exe, powershell.exe and regedit.exe from running
    But I think it works because he uses his local computer to start it.

    If you need more information, please let me know and I will provide it to you.

    Kind regards,

    Wednesday, June 12, 2019 8:33 AM

All replies