Re: ASP.NET logged in TS?
"Bennett" <Bennett@discussions.microsoft.com> wrote in message
news:29BF36CA-D5F5-4F32-9887-F2DD00ABE339@microsoft.com...
> "Rob Leitman [MSFT]" wrote:
>
>> "Bennett" <Bennett@discussions.microsoft.com> wrote in message
>> news:80D51C25-D7AF-4350-94A9-16A81617C1BC@microsoft.com...
>> >I just checking a client's TS sessions, and saw the ASP.NET account had
>> > logged in over the weekend and had been disconnected for 17 hours. I
>> > know
>> > ASP.NET is a worker process, but why would it be logged in to TS?
>> > Would
>> > the
>> > ASP.NET account be hosting a TS session for an app (which doesn't make
>> > sense
>> > to me), or should I be concerned that someone set ASP.NET random
>> > password
>> > to
>> > something known and is using it as a TS backdoor?
>> >
>> > Has anyone ever seen ASP.NET logged into TS?
>>
>>
>> ASP.NET account shouldn't be logged in unless you're running a web server
>> on
>> that machine. Do you have any evidence that the account came in over TS?
>>
>> Your best bet would be to uninstall IIS.
>>
>> Rob
>>
>
> IIS isn't installed on this server. Thought it was required for the SQL
> Server & medical software they use, but I guess not.
>
> For evidence, as I said, TS Manager showed ASP.NET had been "disconnected"
> for ~17 hours, so some person/app obviously knew the password and
> connected.
>
> This is a new client and I'm wondering if the previous IT or possibly the
> medical software techs are using ASP.NET to remote in. I couldn't login
> to
> the ASP.NET connection because I don't know the password, so I just
> terminated the connection. Seems odd that someone would use it as a
> backdoor
> then disconnect instead of log off, so I'm just trying to confirm whether
> there's any reason for ASP.NET to login to TS on its own before I go
> through
> the trouble of resetting its password.
If you aren't using IIS, at a minimum disable the account. I would be
worried about the computer being hacked, if I were you.
Rob