I have started this discussion to find out the information below, share best practices and collect votes for some enhancements to the functionality
- Do you use RDP tunnelling and if not did you know that you could
- How do you use it, what improvements have you made to the supplied scripts
- What additional features would you like
We use RDP tunnelling extensively which allows us to connect to and manage Windows servers that are behind SOCKS proxies from the BSA console and have no direct connection to port 3389.
How is it used
A separate role is created for RDP tunnelling to get round the issue there is no system authorization (see RfE's) and it is a specific NSH right that is not included by default.
The authorization profile assigned to the role only has - "Custom Command. Execute, CustomCommand. Read, NSH_Proxy.Connect, Server.Read, ServerGroup.Read and NSH tcptunnel command"
Two custom commands are used to launch RDP tunnel
RDP Tunnel - "nsh -c 'rdptunnel.nsh %H'"
RDP Tunnel with Switches - nsh -c 'rdptunnel_withsw.nsh %H' - allows addtional command line options to be added e.g. /admin
Please see the attached files, the main change to the scripts supplied with BSA is the addition of an RDP file which allows you to set any security options you require e.g. disable drive mapping, also by copying this to a file with the name of the server you are connecting to means that the servername is correct in the MSTSC title bar.
I am interested to see how other people have implemented this
Request for Enhancements
- Provide a system authorization to allow TCP tunnelling to be assigned to standard roles
- Provide support to connect to servers that are listening on a non-standard port so not on 3389 - could be an additional switch to the tcptunnel command
- Provide support to allow connections when "Network Level Authentication" is enabled