RDPSoft

Remote Desktop and Terminal Server Software

We Make RDS, XenApp & VDI Monitoring/Reporting Easy and Affordable
  • Products / Services
    • Not Sure Where To Start?
    • The Complete Monitoring and Management Bundle For RDS and WVD
    • RDS / WVD Monitoring & Reporting
      • Remote Desktop Commander Suite
    • RDS / WVD Management and RMM Tools
      • Remote Desktop Commander Lite (Free RDS/WVD Management Tool)
      • Remote Assistance RMM Tool + Delegation of Management for RDS/WVD Support Desk
    • RDS Synthetic Login Monitoring / Connection Time / Uptime Monitoring Tools
      • Remote Desktop Canary
    • Consulting and Professional Services
      • RDS Performance Audit
      • Custom Report Design Services
      • Training and Other Professional Services
  • Download
    • Lite: Free RDS/Citrix Session and Farm Manager
    • Lite With Premium Management Features
    • Suite: Installer and Release Notes
    • Remote Desktop Canary – Request a Demo/Trial
    • Request Upgrade To New Version
  • Buy
    • The Complete RDS/WVD Monitoring and Management Bundle Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Commander Suite Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
      • Buy Perpetual License(s)
    • Premium Management Features Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Canary Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Buy Incident Based Support Packages
    • Pricing
  • Blog
  • Support
    • Contact Support / Submit Ticket
    • RDPSoft Knowledge Base
  • Contact
  • Partners

RDPwned: A Guide To Securing Microsoft Remote Desktop Services

April 7, 2020 By Andy Milford Leave a Comment

Greetings, friends and loyal customers! After over a year of research, my new book on how to secure your RDS environments has finally been published.

RDPwned - A Guide to Securing Microsoft Remote Desktop Services
Click here to purchase the Amazon Kindle edition for only $9.99 USD

Given how many of you are standing up new Remote Desktop Services deployments or expanding existing ones right now to facilitate teleworking during the COVID-19 outbreak, it’s imperative that you get serious about RDS security. Hackers and APT (Advanced Persistent Threat) teams know that businesses around the world are “opening up their doors wide” to facilitate remote working at the moment, and they may come knocking at yours soon. Don’t unwittingly let them in.

My book first walks you through how attackers find your RDS deployments, using normal search engines and device fingerprinting search engines like Shodan. Then I show you the tools hackers use to break into your environment, by performing dictionary attacks, man-in-the-middle compromises, or client-side credential stealing. Next, I illustrate some of the most common techniques and scripts they will use to escalate their privileges from a lowly standard user all the way up to local admin and domain admin, and how they are able to deploy and run these scripts and malware on your servers. Finally, I discuss the major types of defenses you can deploy to reduce the likelihood of being attacked, and how to mitigate the damage if you are.

An Exclusive Offer Through December 2020

As a way of saying thanks to all users of RDPSoft software who wish to purchase this book, we’ve crafted a special promotion:

All individuals and companies that purchase a copy of my new book – just $9.99 on Amazon Kindle – through the end of December 2020 are also entitled to 1 server license of our Remote Desktop Commander Suite software for a month.

What can you do with a license of our Remote Desktop Commander Suite for a month? Here are a few ideas:

  • Monitor a Remote Desktop Gateway for logins and login failures, to see if user accounts have been compromised with IP geolocation techniques.
  • See which applications are using up the most CPU and memory on your terminal servers, and determine average CPU and memory use per user.
  • Review connection statistics like RDP latency and RDP bandwidth use.
  • Do some user activity monitoring and time tracking, including screenshot recording.

All you need to do to claim your 1 server, 1 month Remote Desktop Commander Suite license is to email inquiries [at] rdpsoft [dot] com with a screenshot of your Amazon Kindle purchase receipt.

Filed Under: RDP Security Tagged With: apt, hacker, rdp crack, rdp hack, RDP Security, RDPwned, RDS Security, Remote Desktop Services

RDS Logins & Logon Failure Tracking (And More) in Remote Desktop Commander v4.5+

September 27, 2018 By admin Leave a Comment

Though later versions of our Remote Desktop Commander Suite build on these key features, it’s worth drilling into these specific capabilities in RDS logins and logon failure tracking (plus some extra stuff we’re sure will interest you) that were introduced starting with v4.5:

Consolidate All RDS Logins and Logon Failures, Regardless Whether Or Not They Occurred On Session Hosts Or Remote Desktop Gateway Servers

Our CEO, Andy Milford, has written at length about the challenges faced when attempting to correlate RDP logon failure data from session hosts at his PureRDS.org blog. Attempting to track successful RDP logins is no picnic either, as multiple log files from multiple different systems – the session host servers and remote desktop gateway servers – must be consulted and the information correlated.

In version 4.5 of the Remote Desktop Commander Suite, the Remote Desktop Reporter Service automatically collects and correlates key events from event log files on Session Host servers and Remote Desktop Gateway servers. The result is a treasure trove of valuable login and logon failure data that it retains in its SQL database, allowing us to deliver the incredible new features described below.

Geolocate RDS Logins and Logon Failures In the User IP Geolocation Dashboard – Find Out Where Your Users Are Working From, and Locate the Source Of Brute Force RDP Hack Attempts

Geolocate RDP Logon Failures
Perform deep analysis of RDP logon failures and user logins using the User IP Geolocation Dashboard.

Remote Desktop Services login and logon failure data correlation from session hosts and gateways is a valuable feature in its own right, but the rich visualizations of this data is what sets Remote Desktop Commander Version 4.5+ apart from the competition. The User IP Geolocation Dashboard combines IP geolocation data with interactive worldwide maps and tabular, filterable tables so administrators can zero in on both legitimate RDS users and hackers.

Locate The Source of RDP Brute Force Hack Attempts
Filter RDP logon failure and login data by username, time frame, computer, and sort the data by username, region, country etc.

Our dashboard is completely extensible via PowerShell scripts, which are designed to receive selected server names, usernames, and IP addresses as input parameters. This is especially useful for the remediation of inbound hack attempts.

Remediate Brute Force RDP Attacks
Extend the capabilities of the dashboard with PowerShell

Instantly build reports from the filtered RDP login and logon failure data in the dashboard, or simply export the data to comma-delimited text.

Report on RDP Logon Failures
Export RDP login data and generate reports in PDF, Word, or Excel.

Schedule Daily User Login and Logon Failure Reports

RDP Logon Failure Reports
Build RDP login reports manually, or schedule them to run daily to gain insight on where users are connecting from.

Scheduled reports make it easy to keep track of both where your users are routinely connecting from, as well as the sources of hacking and penetration attempts. Group login and logon failure data by country or by user. With routine review of these reports, you can quickly spot geographic RDP login anomalies that could be suggestive of a compromised user account.

See The Actual IP Address and Geolocation Information for User Sessions In Existing Time Tracking Reports.

By default, the Microsoft Terminal Services client (MSTSC) does not report its actual global IP address when connecting to a terminal server. When connecting through a Remote Desktop Gateway system, no IP address information is transmitted at all. Many admins have requested that we transform the incorrect or missing IP address information with the actual global IP address of the user, whether or not they are connecting through a RD Gateway.

Based on this feedback, we have retrofitted several existing reports, such as the User Sessions – Session Details By User report family, to include the correct global IP of the user based on the correlated log data now collected by our central polling service. Also, when possible, the global IP address is accompanied with the geographic region of the user’s ISP

Remote Desktop User Time Tracking Report
Many existing user activity reports now include the resolved, Global IP of the user, and ISP geolocation information when available.

Massively Reduce Database Storage Requirements With Performance Threshold Database Pruning

As you can see, we’ve mainly talked about logins and logon failures so far, and we’re talking about lots of data that we work with. So, we have to be ready to handle it all. Which brings us to a related feature.

Collecting in-depth performance data on a per-user and per-program basis with our agent service is great, but it’s easy to generate a lot of data in SQL by doing so. Version 4.5+ has a nifty new feature that we call “Performance Threshold Database Pruning.”

Now, in addition to purging out agent-based performance data based on date, you can elect to keep only the agent data associated with times of high load on session host servers. You can define what you consider to be high load both in terms of CPU usage or memory utilization, or a combination of both. Using this new feature can drastically reduce the amount of data stored in SQL over time, in many cases by over 80%.

Control RDS Performance Database Growth
Using Performance Threshold Database Tuning, tightly control the size of your SQL database growth.

. . . And What’s The Latest?

Of course, features change and mature, so be sure to find out the latest developments with our Remote Desktop Commander Suite by requesting a web demo with an RDPSoft solutions expert.

Updated: November 2020.

Filed Under: RDP Login Tracking, RDP Logon Failure Tracking, RDP Security, Remote Desktop Security, Software Releases Tagged With: geolocating RDP logins, rdp hack attempt, rdp login, rdp logon failure, RDP Security, RDS Security

  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

Not Sure Where To Start?

In just a few moments, you can find the right fit of solutions and even services for your needs.

> Get Going Now.

Help Documents

Remote Desktop Commander
Help and Users Guide (ver 4.x)
Release Notes (ver 4.x)

Sign Up for Remote Desktop Tips and RDPSoft Updates

Blog Topic Categories

  • Azure RemoteApp
  • citrix edgesight
  • Citrix Edgesight Replacement
  • Citrix Shadowing
  • Cloud RDP Monitoring
  • Performance
  • RDP Latency
  • RDP Login Time
  • RDP Login Tracking
  • RDP Logon Failure Tracking
  • RDP Logs
  • RDP Loss Rate
  • RDP Security
  • RDP Transmission Rate
  • RDS License Metering
  • RDS Licensing
  • Remote Desktop Bandwidth
  • Remote Desktop CPU
  • Remote Desktop Management
  • Remote Desktop Memory
  • Remote Desktop Memory Usage
  • Remote Desktop Performance
  • Remote Desktop Protocol
  • Remote Desktop Reporting
  • Remote Desktop Security
  • Remote Desktop Services
  • Remote Desktop Services Free Tools
  • Remote Desktop Services Hotfix
  • Sensitive Data
  • Server 2012 TSAdmin Replacement
  • Shadow User
  • Software Releases
  • SPLA Reporting
  • Synthetic RDP
  • Telecommuting/Teleworking
  • Terminal Server Logging
  • Terminal Server Monitoring
  • Uncategorized
  • User Activity Monitoring
  • User Productivity
  • Windows 2008 Terminal Server
  • Windows Virtual Desktop
  • WVD Login Time
  • XenApp Monitoring
  • XenApp Reporting

Recent Posts

  • Remote Desktop Canary v2.3 Now Available!
  • WVD Monitoring – Step By Step
  • Need Better Windows Virtual Desktop Monitoring and Management? Take Advantage Of This Special Offer!
  • TSAdmin Replacement For Server 2012, 2016, and 2019
  • Citrix Shadowing Without Notification

From the RDPSoft Blog

  • Remote Desktop Canary v2.3 Now Available!
  • WVD Monitoring – Step By Step
  • Need Better Windows Virtual Desktop Monitoring and Management? Take Advantage Of This Special Offer!
  • TSAdmin Replacement For Server 2012, 2016, and 2019
  • Citrix Shadowing Without Notification
  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

SPLA Reporting Made Easy

Service Provider Licensing Tracker Software

RDPSoft’s Service Provider Licensing Tracker (SPL Tracker) keeps track of SPLA licensing on various shared … Learn more about SPL Tracker >

Reach Out

For fastest response, reach out via our sales and support contact forms.

Sales
US: 1-855-738-8457 x1
Outside the US: 1-702-749-4325 x1

Support
for Evaluators and Priority Support Customers
US: 1-855-738-8457 x2
Outside the US: 1-702-749-4325 x2

Copyright © 2013 - 2020 RDPSoft. All rights reserved. · RDPSoft is the sole authorized publisher and distributor of the following software titles: Remote Desktop Commander, Premium Management Features, Remote Desktop Canary · Sitemap