0
Background: I connect to one terminal server (TS) running Windows Server 2012 R2 from two Windows 10 machines (WinA and WinB). (I connect from Macs, too, but they don't share this issue.) I connect to TS from both machines with Microsoft's native RDP client.
Both machines have local authentication; neither one syncs with a Microsoft account for login purposes (although both have OD, ODFB, and an O365-based installation of Office). Both machines log in to the same account on TS; there is never a time when both machines are logged in to TS at the same time.
TS is running on AWS. In order for the machines to get to TS, they have to either:
- go through a Bastion host, in which case the TS has one IP address (private AWS), and then log in through RDP; or
- from one machine I can log in directly via RDP, in which case TS has a different IP address (public AWS).
If I have logged in to one TS IP address in RDP from WinA, WinA's address will be the default TS address in the RDP client on WinB, even if my last login on WinB was to the different TS IP. Same in reverse.
In fact, I only log in to one IP address from each machine via RDP, and it's a different address; nevertheless, the RDP client shows the IP I last used on the other machine.
That means that somehow, somewhere, something is syncing between these two RDP clients. The flip side of that, even more concerning, is that the synchronization has to be using some unidentified third node that is not subject to a user's or administrator's toggling it off.
What's going on?
I posted this issue in the MSFT community and MSFT Technet forums without answers.
Joseph_N
Posted 2018-09-08T15:39:18.457
Reputation: 1
Your structure was hard to follow, so I took a stab and clearing it up. I hope I got all the details correct. – schroeder – 2018-09-08T19:52:47.560
So, WinA always connects thru the Bastion host and targets TS with the internal AWS IP, WinB always connects directly to TS using its public IP. But when you launch the RDP client on either machine, you get whatever IP you last used on either machine? – schroeder – 2018-09-08T19:54:48.717
Although there are definitely security implications, I'm not sure this is a security question per se. This appears to be a Windows RDP internals question to figure out what is syncing and how. – schroeder – 2018-09-08T20:01:18.353
@schroeder Yes, you have the details correct, and yes, I get whichever IP I used last, regardless of which machine it was on. The problem certainly has privacy implications, but whether it has security implications--or how to address the privacy issues--depends on what's going on. (I put the question on the security professionals site, bc there's no easily available answer and that community seemed the most likely to know. But, yes, this is probably a more suitable site for the content of the question. Thanks for the move.) – Joseph_N – 2018-09-09T22:36:17.617