Hello RDMers,

Let’s say you have a very beautiful, very rare and very valuable diamond (yes I know it’s always nice to dream!) you would do everything to protect it. You would buy the most expensive safe, have a bodyguard keeping it 24/7 and leave it in the most secure bank. We do not recommend sharing Windows sessions (some people call this being in kiosk mode), but we realize that for some of you it may be unavoidable.  If you do share your Windows Session, you should take as many precautions to keep your information safe. Here are some tips on how to set up all your bodyguards to keep everything secure!

There are two opportunities to prompt for credentials, the first one to open the application itself, the second one for the data source.  You can choose to use just one, or both, as your security concerns dictate.

For the application level. In File – Options – Security – Application Security, you would choose Use Windows credentials as application password and ensure that Force currently logged on username and domain is NOT activated as this will prevent any one else but the current Windows session user to connect.  The net effect is that anyone with an account on the domain/machine will be able to open Remote Desktop Manager.

options_security
For the Data Source level, one thing that’s important to know and to understand is never to save any credentials in a shared data source configuration, Remote Desktop Manager should always prompt the user prior to opening the data source, doing so will secure the use of the Private Vault and of the User Specific Settings.
dss

If you’ve decided to save credentials in your Data Source configuration, you’ll have to disable the Private Vault and the User Specific Settings in the Data Source settings, otherwise users of the same Data Source might be able to see your credentials as explained in our previous blog “Why can my colleagues see my credentials?”

For your third level of security (oh yeah were not taking any chances!) you’ll need to disable the Offline mode and the Caching mode. Leaving those options enabled could make your data at risk since these will create a file on your computer.  I know, I know, it is an encrypted file but just the fact that someone could grab an encrypted file is deemed a risk by many of our community.A little advice we like to give our users is not to use My Personal Credentials when using Remote Desktop Manager in kiosk mode. This feature is a single credential entry stored on your computer, it would therefore be available to every user of that workstation.

Now for your last layer of security, we recommend that you disable Local Machine Specific Settings. Why you might ask? Because, much like My Personal Credentials, they are saved locally and that makes it less safe than using the User Specific Settings that are saved in your Data Source.

You think Fort Knox is safe…. after taking all those steps, believe me Fort Knox got nothing on you!As always, please let us know your thoughts by using the comment feature of the blog.  You can also visit our forums to get help and submit feature requests, you can find them here.