This is because of the design enhancements in Windows Vista and Windows Server 2008, by virtue of which you cannot connect to Session 0, which is the default session. Running services and user applications together in Session 0 poses a security risk because services in Session 0 run at elevated privileges and therefore can be targeted by malware that attack by attempting and exploiting a privilege escalation.
The new generation of the Windows operating system mitigates this security risk by isolating services in Session 0 and making Session 0 non-interactive to the user. In Windows Vista (and Windows Server 2008), only system processes and services run in Session 0. The first user logs on to Session 1. Subsequent users log on to subsequent sessions (Session 2, Session 3 etc). This means that services (like printer drivers loaded by spooler service, UMDF drivers, user/window interactive services, etc) never run in the same session as users' applications and are therefore protected from attacks that originate in application code.
Session Zero in Windows XP/Windows Server 2003: The first user logs in to Session Zero itself.
Session Zero Isolation in Windows XP SP3/Windows Vista SP1/Windows Server 2008: First user's Session is not within Session Zero, a separate session is created, thereby improving security.Since there is no longer the ability to connect to Session 0, the /console switch is no longer required. But, what if I want to connect to Session 0 on a Windows Server 2003/XP or earlier machine using RDP 6.1? Let's find out.
When I typed "mstsc /?" on my Windows Server 2008 machine, these are the options that are available to me:
Notice that the /console option is not available, but there is a /admin option. The /admin option lets you connect to Session 0 on a remote computer that doesn't have Windows Vista SP1, Windows XP SP3 or Windows Server 2008 or later installed.
However, if you try to pull the /console switch on a Windows Server 2008 or Vista SP1 machine, you get an error "An unknown parameter was specified in the computer name field".
mstsc.exe allows you to initiate terminal services commands via the command line, and forms an important part of this additional Windows service. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems.\r"
Creates connections to terminal servers or other remote computers, edits an existing Remote Desktop Connection (.rdp) configuration file, and migrates legacy connection files that were created with Client Connection Manager to new .rdp connection files.
No comments:
Post a Comment