What are the security implications of running a Windows RDS farm vs. just using RDP for remote administration?
Asked
Active
Viewed 251 times
-1
-
1RDS is remote desktop server, which enables Remote Desktop through the Remote Desktop Protocol (RDP), I'm not sure what you're trying to figure out. Could you expand a little? – Nomad Feb 23 '19 at 18:27
-
I was reading this article and the author said "The first thing to understand about enabling remote desktop for administrative purposes (i.e. when you don’t require users to connect to your server to access applications) is that it’s really easy to do. Sometimes I see people trying to enable the full Remote Desktop Services (RDS) role in Windows Server, a confusion taken from earlier editions of Windows Server where there was a special remote administration mode for Terminal Services. Note: Installing Remote Desktop Services is not necessary in Windows Server 2012, and enabling..." – Hilo21 Feb 23 '19 at 18:34
-
"...remote desktop access for administration is the same process as enabling remote desktop access in Windows 8, except there is an extra entry point to the configuration via Server Manager." – Hilo21 Feb 23 '19 at 18:34
-
and I got confused about the differences between the two operating modes ! – Hilo21 Feb 23 '19 at 18:35
1 Answers
1
Two ways to answer this question. Since this is a Security forum let me answer security wise first.
RDP is the protocol used to connect to Windows, whether it is for administration purposes or to just run a remote desktop session, to access applications that you would not be able to run elsewhere. Where the security footprint changes is between the administration usage and remote desktop usage. Specifically administration usually means only administrators of the server log on to perform short tasks or to hop to another server, whereas an RDS installation intends to put non-administrators on the server and usually in much larger numbers. Larger numbers of users, more applications and less IT experience usually creates security risks that would not occur in administration usage of the server. Also, installing several RDS roles to enable "remote desktop server farm" functionality changes the security of the server. On one hand more services mean more vulnerabilities to exploit, on the other hand it could mean a better security posture when exposing that RDS infrastructure to the internet. What I mean here is, internet access to a single Windows server with just the RDP port (tcp 3389) exposed for administration is relatively unsafe, but when running a full RDS infrastructure of servers, you would only expose port 443 (SSL/TLS) of the infrastructure, which is what most servers on the internet expose already.
The other answer is as Nomad already posted - RDP is the protocol used for administration and in RDS farm access, and RDS is a suite of Windows roles you install on one or more Windows servers when you want to securely host a large number of users by providing them Windows based desktop and or/applications, in an RDP session.
HackneyB
- 319
- 1
- 6