Hi all,
we run our applications on windows server 2008 r2 RDS and we have all the GPO that we know of to prevent access to local drives on the RDS servers. we have hide and prevent access enabled and also have software restrictions policy enabled that disallows access to the local drives.
so we have our security team doing some rotien testing, and they were able to access the C: drive by doing the following:
- from the RDS server he would navigate to the C: drive of his worksation.
- there creates a text file.
- he would have this text in the file, and then changes the file extension to html
- <html>
<body>
<a href="c:\windows\system32\drivers\etc\hosts">pentest</a>
</body>
</html> - he would double click on the html file, and IE would open the page with a single hyper link that says pentest.
- he clicks on the hyper link, and the next thing you know the hosts file is opened on the RDS server.
of course I could disallow access to IE, but it's needed by our customers, and also that will not block the access, but rather will prevent the access using IE only, so I am sure this guy can find other ways to access the C: drive and he seems to enjoy that, I have to admit that he is good at what he's does for living.
do you all have any ideas or ways to completely prevent access to the C: while still be able to launch applications on the RDS servers?
any help is much appreciated.
Mohsen Almassud