We have something called websense that can see all the sites we go to from our work computers, but I have been RDPing into my home computer and browesing that way. I am sure he can see that I have RDP open but can he see what i am doing? Ironicly enough I am an administrator, but everyone has there boss, and no one seems to know to what extent a RDP session can be tracked.
Websense, in and of itself, isn’t going to show your boss what you’re doing in an RDP session. It evaluates the target site and decides whether or not to let the connection proceed at the gateway (and does logging, etc.).
That said, there are plenty of other ways your boss could see what you’re up to, even in an RDP session. If you can see it on your screen, someone else with more power can see it too. The safest way to operate is to assume everything, no matter how trivial, is being captured, recorded, logged, and monitored real-time, and decide for yourself whether it’s worth the risk.
There is no way to remain ‘private’ on the company network.
The RDP session from your workstation at work, and your homecomputer, are encrypted, and there are no easy way for your boss to watch what you’re doing, except, as stated, noting the 3389-connection between these machines. What you’re doing is essentially creating an encrypted tunnel between your workstations and what’s going on in this tunnel (browsing, file transer, etc) is encrypted too. You’re safe.
However, as Sofaspud pointed out, if your employer really - I mean really - wants to now what the heck your doing, of course they can since they own all systems at your job. You have to ask yourself if installing spyware on the workstations on behalf of the management are probable or not.
I would say not.
I don’t think it matters whether he can see what you are doing or not. I also feel that it is a no-no to do personal stuff on your work computer. Enough said!
I would say yes.
My machine at work is littered with so many Company IT related services and checkers as to make it not worth my while to even attempt to install (pirate/rogue) software or view untoward webpages (that it allows me to see!)
Occasionally the system gets “updated” and I get locked out.
The mouse pointer moves quizzically round the screen.
You then realise that some chav in the IT department is fumbling through a mod and you are seeing exactly what he is seeing.
There is no privacy in office systems, there is not supposed to be and that is just how they like it.
Oh and it’s slow as a mofo to boot.
Ok. I’m IT manager for a company and I would not be satisfied with the situation you describe. (Though you not being able to install programs on your machine is fine with any IT department - anything else would be irresponsible.)
The OP though, are talking about an in Windows XP built in client, Remote Desktop Connection, which firewalls often allows from the inside out, and doesn’t imply any tampering.
Might I add that the same IT support rolled out Filezilla to our groups workstations. This was to allow access to the on-site FTP server that is intended for use in the field.
They unfortunately forgot to allow us to have Filezilla actually open sockets out to anywhere.
I can Google but I can’t do anything useful!
As I am on-site as opposed to off-site, it (to them) isn’t an issue.
Right up until the off-site guys needs data relayed to the FTP server by the onsite guy :smack:
Better yet the 2 MB email limit that kinda necessitated the need of the FTP server in the first place. The company limit is actually 4 MB but with all extra security crap it adds you can’t get more than 2 through the pipe.
Oh and no conventional Zip files or Exe’s … bastards!
So you need to Zip your executable with an encryption, usually 12345 or somesuch and then rename said file as Unzip_12345.zit before sending.
Then again I do work for quite a large company with a fair few subdivisions which utilise the same hub. I dread to think what some of the oiks have got up to that warrants such Orwellian control. :eek:
Come to think of it you would be the ideal person to ask on that score.
He would have to be looking over your shoulder to see what you’re doing with an RDP session. Of course, he could look in Terminal Services Manager to see that you have an active connection, and he could have some crazy auditing enabled on the workstation/server to which you’re connecting. But having him “tap” into a session? Nah, the only way that can be done is by selecting Remote Control from the context menu in Terminal Services Manager. And even then, you’d be prompted to allow him permission.
This is designed this way so that Joe-IT-Guy can’t spy on something someone else is doing (reading confidential spreadsheets, etc., in a remote terminal session). BUT, with some crazy auditing enabled, he can see when you opened a particular file, if you modified it, etc.
I should mention that, since you’re RDPing into your home PC, there is not a chance they can see anything that you’re doing.
BS. There are loggers that will make an MPEG video of what’s on the work PC’s screen. It’ll show exactly what’s in every window on the screen, record every sound, and record every keystroke & mouse movement.
From that logger’s POV, the RDP session is just another window for it to videotape.
This is standard stuff for high paranoia, er, I mean, high security, installations.
Do I think the OP has that at his shop? Probably not. But to assert that RDP is safe from spyware/monitorware on the client is just flat wrong.
Give me a link to an MPEG screen logger.
Christ, the likelihood of anyone using these are absolutely minimal. With the amount of tools that one could apply in a standard corporate environment to spy on their workers, I’d assert that it’s a fucking certainty that this guy’s company isn’t using anything like you describe. Further, if they were THAT concerned with what their workers were doing, they wouldn’t be ALLOWING TCP 3389 OUT TO ANY FUCKING HOST ON THE INTERNET.
Think before posting.
I disagree. I’ve worked in environments in which (as the sysadmin) I was asked to do very similar things (although not specifically MPEG screen loggers). Granted, I was working in a government environment (with appropriate levels of paranoia) , and the requests were pursuant to potential criminal investigations. There were some situations (not directly related to the one in the OP) in which I was unable to assist. But not many. And they didn’t generally require much heavy lifting. As in any other field, a bit of creativity goes a long way. Also, paranoia isn’t limited to government settings - a company’s secrets are as vital to their survival as the government’s are to national security. There’s always a way to tweak software and/or hardware to make it do your bidding, or find a separate solution.
Think before posting.
(Sorry for the nasty tone, but you set my nasty meter off.)
This level of paranoia is obviously not the case here, as I’ve mentioned (3389 allowed out to any host tells us this).
I currently work in a data center where several of our clients’ confidential information is stored. We have a very tight security policy (including lots of server-level auditing) and access restrictions. I can assure you, that we know what files people open, what they modify, what databases are queried, what applications are changed (very, very strict change control), and so on.
Basically, the need does NOT exist to watch someone’s RDP session to know exactly what they did. Because we’re concerned with security, connections to unauthorized hosts (e.g., RDPing to one’s home desktop) are not allowed. Machines where RDP is allowed to or from, auditing is so detailed that having users’ sessions captured to MPEG files gives us absolutely nothing more than we already have.
I’ve done some Googling. I cannot find any software that does this specifically. Does anyone have a link?
I work “with” the state of CA, not for the state. Now another problem that any screen logger would overcome would be i have 2 monitors installed on my machine…and my default one is not the one i use RDP on, the one i use RDP on cannot even be seen. Most programs i have seen will not even see the other monitor. I am just paranoid lol