Remote Desktop Security

Remote Desktop Canary v2.0 Now Available!

March 4, 2020 By admin Leave a Comment

Greetings friends and current customers! We’ve just released Version 2.0 of Remote Desktop Canary. This new version offers:

OCR scanning of RDP login sequence screenshots, so you can be alerted to error conditions after login and/or to slow application startup times;
the ability to do a RDP connectivity test on a group of servers in Active Directory, or a group of session hosts participating in an RDS collection;
the ability to bypass login banners on your servers with synthetic input, so you can profile application load times after the login sequence;
a new helper program called Remote Desktop Canary Kickstarter, that will babysit your Remote Desktop Canary testing session, and automatically restart Remote Desktop Canary in a user session on a VM if the server is rebooted or the testing module is stopped for any reason;
the ability to suspend workflow testing momentarily when servers are down for patching or maintenance;
and much more!

We’re also excited to announce the imminent release of our CEO Andy Milford’s new book on Remote Desktop Security! Read on for a signup link below.

In this RDPSoft E-Newsletter:

New Features Available in Remote Desktop Canary v2.0

Andy Milford’s Brand New Book On RDP Security Is Almost Here

Version 2.0 Upgrade, Purchase, and Demo Links

New Features Now Available in Remote Desktop Canary v2.0:

Use OCR Event Detection To Alert To Error Conditions And Slow Application Load Times During Synthetic RDS Logins

Based on your wonderful feedback, we have engineered an OCR event detection engine, that scans screenshots during and after the RDP login sequence. This new engine allows you to define and receive alerts when certain error messages appear on screen, and define and receive alerts if it takes too long for a program to start in a RDP session (e.g. due to profile problems, for instance).

Receive OCR Based Alerts Related To On Screen Errors and Application Startup Times — Version 2.0 of Remote Desktop Canary offers a full OCR engine that can alert based on on-screen error conditions OR slow application startup times.

RDP Connectivity Testing On Multiple Computers at Once

Version 2.0 of Remote Desktop Canary now offers a “multi-server testing workflow,” whereby it will quickly check RDP responsiveness on a group of servers in Active Directory, or the servers participating in a RDS collection.

Test RDP Connectivity on Multiple Servers At Once — Remote Desktop Canary can perform a routine RDP connectivity check on multiple servers at once.

Bypass Windows Server Login Notification Banners

If your organization uses login notification banners to provide an acceptable use policy (AUP) or warning that users must acknowledge before signing on, Remote Desktop Canary can now bypass this easily with synthetic input. As a result, you can now test conditions beyond the login screen using Canary’s new OCR event detection engine.

Bypass Login Notification Banners — Version 2.0 can bypass login notification banners with synthetic input, allowing application and desktop startup times to be profiled with OCR-based alerting.

Keep Remote Desktop Canary Up And Running 24/7 With the New Remote Desktop Canary Kickstarter Applet

Remote Desktop Canary Kickstarter is a companion utility that ships with Remote Desktop Canary v2.0. It “babysits” the actively running Remote Desktop Canary tests – by itself running on a different VM from the VM running Remote Desktop Canary.

As a result, it is able to make sure that Remote Desktop Canary tests stay running at all times, and function properly, even in scenarios like:

1.) When the Remote Desktop Canary system is rebooted, such as for routine maintenance or patch installation

2.) If the Remote Desktop Canary Logon Testing Module stops running for any reason

3.) When an active Remote Desktop connection to the Remote Desktop Canary system is interrupted, resulting in a disconnected session that would prevent synthetic input from properly bypassing login banners

Remote Desktop Canary Kickstarter babysits the user session running Remote Desktop Canary — The Remote Desktop Canary Kickstarter applet keeps a watchful eye on the VM running your Remote Desktop Canary workflows.

Toggle Workflows In and Out of Maintenance Mode

While Remote Desktop Canary is running continuous synthetic RDS login tests, you can now toggle specific workflows in and out of maintenance mode with a single mouse click. When placed in maintenance mode, Remote Desktop Canary will suspend testing against that RDS collection or group of servers. This prevents alerts from being generated when you take server(s) offline for patching or other maintenance.

Right mouse click on any workflow to take it in or out of maintenance mode.

Don’t Let Your Remote Desktop Services Environment Get Pwned! Sign Up To Be Notified When Andy Milford’s New Book On Remote Desktop Security Is Released.

Seldom does a week go by these days without a breaking news report on a ransomware attack, the compromise of a large customer database, or theft of trade secrets. What’s the common attack vector that is often used to break into these organizations’ computers? RDP!

Our CEO Andy Milford has been hard at work for over a year, researching and writing a comprehensive book on how to secure your Remote Desktop Services environments. He shows you step-by-step how hackers and Advanced Persistent Threat (APT) actors locate your RDP servers and RDS deployments, how they break in, what they do when they break in, and how to defend against their techniques.

His book is now in editing, and its release is imminent. Sign up today to be notified as soon as it is available.

Remote Desktop Canary v2.0 Upgrade, Purchase, and Demo Links

If you are an existing Remote Desktop Canary subscription licensee, and want to request upgrade instructions for Version 2, please click here.

If you want to learn more about Remote Desktop Canary, including all of its features and how it is priced, please click here.

To request a free 14-day trial of Remote Desktop Canary in your environment, click here.

Remote Desktop Commander v4.5 Now Available

September 27, 2018 By admin Leave a Comment

Greetings friends and current Remote Desktop Commander customers! We’ve just released Version 4.5 of the Remote Desktop Commander Suite. This new version has incredible new features focused around RDS security and Remote Desktop Gateway monitoring, so please read on!

In this RDPSoft E-Newsletter:

New Remote Desktop Commander 4.5 Features

RDS Performance Audits, Custom Report Design Work, Training, and White Glove Installation

Version 4.5 Upgrade, Purchase, and Demo Links

New features include:

Consolidate All RDS Logins and Logon Failures, Regardless Whether Or Not They Occurred On Session Hosts Or On Remote Desktop Gateway Servers
Geolocate RDS Logins and Logon Failures In the Brand New User IP Geolocation Dashboard – Find Out Where Your Users Are Working From, and Locate the Source Of Brute Force RDP Hack Attempts
Schedule Daily User Login and Logon Failure Reports, With Six New Reports To Choose From
See The Actual IP Address and Geolocation Information for User Sessions In Existing Time Tracking Reports
Massively Reduce Database Storage Requirements With Performance Threshold Database Pruning

Consolidate All RDS Logins and Logon Failures, Regardless Whether Or Not They Occurred On Session Hosts Or Remote Desktop Gateway Servers

Our CEO, Andy Milford, has written at length about the challenges faced when attempting to correlate RDP logon failure data from session hosts at his PureRDS.org blog. Attempting to track successful RDP logins is no picnic either, as multiple log files from multiple different systems – the session host servers and remote desktop gateway servers – must be consulted and the information correlated.

Andy created a free RDS Log Viewer tool in an attempt to tackle some of these problems. That initial research effort allowed RDPSoft to build a full log collection and correlation engine into the Remote Desktop Commander Suite.

In version 4.5 of the Remote Desktop Commander Suite, the Remote Desktop Reporter Service automatically collects and correlates key events from event log files on Session Host servers and Remote Desktop Gateway servers. The result is a treasure trove of valuable login and logon failure data that it retains in its SQL database, allowing us to deliver the incredible new features described below.

Geolocate RDS Logins and Logon Failures In the Brand New User IP Geolocation Dashboard – Find Out Where Your Users Are Working From, and Locate the Source Of Brute Force RDP Hack Attempts

Geolocate RDP Logon Failures — Perform deep analysis of RDP logon failures and user logins using the User IP Geolocation Dashboard.

Remote Desktop Services login and logon failure data correlation from session hosts and gateways is a valuable feature in its own right, but the rich visualizations of this data is what sets Remote Desktop Commander Version 4.5 apart from the competition. The User IP Geolocation Dashboard combines IP geolocation data with interactive worldwide maps and tabular, filterable tables so administrators can zero in on both legitimate RDS users and hackers.

Locate The Source of RDP Brute Force Hack Attempts — Filter RDP logon failure and login data by username, time frame, computer, and sort the data by username, region, country etc.

Our dashboard is completely extensible via PowerShell scripts, which are designed to receive selected server names, usernames, and IP addresses as input parameters. This is especially useful for the remediation of inbound hack attempts.

Remediate Brute Force RDP Attacks — Extend the capabilities of the dashboard with PowerShell

Instantly build reports from the filtered RDP login and logon failure data in the dashboard, or simply export the data to comma-delimited text.

Report on RDP Logon Failures — Export RDP login data and generate reports in PDF, Word, or Excel.

Schedule Daily User Login and Logon Failure Reports, With Six New Reports To Choose From

RDP Logon Failure Reports — Build RDP login reports manually, or schedule them to run daily to gain insight on where users are connecting from.

Scheduled reports make it easy to keep track of both where your users are routinely connecting from, as well as the sources of hacking and penetration attempts. Group login and logon failure data by country or by user. With routine review of these reports, you can quickly spot geographic RDP login anomalies that could be suggestive of a compromised user account.

See The Actual IP Address and Geolocation Information for User Sessions In Existing Time Tracking Reports.

By default, the Microsoft Terminal Services client (MSTSC) does not report its actual global IP address when connecting to a terminal server. When connecting through a Remote Desktop Gateway system, no IP address information is transmitted at all. Many admins have requested that we transform the incorrect or missing IP address information with the actual global IP address of the user, whether or not they are connecting through a RD Gateway.

Based on this feedback, we have retrofitted several existing reports, such as the User Sessions – Session Details By User report family, to include the correct global IP of the user based on the correlated log data now collected by our central polling service. Also, when possible, the global IP address is accompanied with the geographic region of the user’s ISP

Remote Desktop User Time Tracking Report — Many existing user activity reports now include the resolved, Global IP of the user, and ISP geolocation information when available.

Massively Reduce Database Storage Requirements With Performance Threshold Database Pruning

Collecting in-depth performance data on a per-user and per-program basis with our agent service is great, but it’s easy to generate a lot of data in SQL by doing so. Version 4.5 has a nifty new feature that we’re calling “Performance Threshold Database Pruning.”

Now, in addition to purging out agent-based performance data based on date, you can elect to keep only the agent data associated with times of high load on session host servers. You can define what you consider to be high load both in terms of CPU usage or memory utilization, or a combination of both. Using this new feature can drastically reduce the amount of data stored in SQL over time, in many cases by over 80%.

Control RDS Performance Database Growth — Using Performance Threshold Database Tuning, tightly control the size of your SQL database growth.

Schedule an RDS Performance Audit, Request Custom Reports, or Book Training and White Glove Software Installation/Reconfiguration

Ever since we launched them earlier this year, our Remote Desktop Services consulting offerings have been a hit. From White Glove installation of our software, to troubleshooting RDS performance problems, we’ve enjoyed working with admins across the globe to get their RDS environments optimized. Here’s a quick recap of what we offer – contact us to request more details and to obtain a professional services quote.

RDS Performance Audit

Administrator time is at a premium these days. Often, you may know there is a performance issue with your RDS farm, but you don’t have the time to figure it out on your own. Let RDPSoft do that for you. We will install our Remote Desktop Commander Suite software in your environment, and then gather up key performance metrics, including data from RDS-related event logs and installed Hotfixes. After gathering data for a week, we will build a comprehensive report that benchmarks performance in your farm and offers suggestions on how to improve it. You don’t even need to have your own instance of Microsoft SQL available for data collection – we can provide you with a secure connection to an Azure SQL database as part of this service. For more detailed information, and to request a quote, click here.

Custom Report Design

Do you need a report that’s not available out of the box? Let the RDPSoft team build that for you. Using the free Microsoft Report Builder tool, we can design custom SQL queries and RDLC templates that connect into our Remote Desktop Commander database. Click here for more information and to request a quote.

White Glove Installation

For only $99, an RDPSoft technician will establish a remote support session with you and install the Remote Desktop Commander Suite software. This service includes a.) installing the software, b.) linking it to a SQL Server Express, SQL Server, or Azure SQL database, c.) adding session hosts / workstations for monitoring, d.) verifying that data is being collected properly, and e.) verifying that the data is displayed properly in reports and the Remote Desktop Commander Client. Click here to purchase this service and schedule a time with an RDPSoft support expert.

Training and Other Professional Services

Did you know we also offer training on our products, custom PowerShell development to extend Remote Desktop Commander’s capabilities, assistance with adjusting permissions so non-admin help desks can manage your RDS environment, and much more? Let us know what you need, and we’ll send you a quote.

Remote Desktop Commander 4.5 Upgrade, Purchase, and Demo Links

If you are an existing Remote Desktop Commander SUITE subscription licensee and/or active maintenance agreement holder, click here to request upgrade instructions.

If you’d like to learn more about the Remote Desktop Commander Suite, including its feature set and how to start a subscription for only $9.99 per server per month, click here.

Request a web demo with an RDPSoft solutions expert to see all our solution’s features in depth.

From the RDPSoft Blog

SPLA Reporting Made Easy

Reach Out