Installed NIS 2010, now RDP broken

TheGoldTooth · ‎10-10-2009

For several years now I have been accessing my main computer (MAIN, XP Pro SP3) from my kids' computer (KIDS, XP MCE 2002 SP3) using RDP. I do it so much I almost never sit in front of MAIN any more, and it's been working perfectly. Both machines were running NIS 2009, and yesterday I upgraded them both to NIS 2010, for each installation first running the Norton Removal Tool to get rid of 2009.

Now when I click the RDP shortcut, instead of MAIN's desktop being displayed on KIDS, what happens is this:

1. On KIDS, a screen flashes past so quickly I can't be sure what it is, but it might be a MAIN logon screen.

2. On KIDS, the screen goes blank and will remain that way until I kill the RDP process. KIDS remain unaffected otherwise.

3. On MAIN, when I visit it, a blank screen is displayed, the monitor power light is yellow, indicating that it's in standby mode, and the computer is unresponsive to any input (mouse and keyboard actions, CTRL-ALT-DEL). I have to manually turn off the computer by holding in the power button and then turn it on again.

There is no doubt that the sudden failure of my RDP sessions is connected in some why to installing NIS 2010. I have given each machine full trust to each other, so I don't think the problem is firewall or network security related.

Any ideas, anyone?

TGT

dbrisendine · ‎10-06-2008

What is the Network Trust Level on each machine? In the network security Map; click on the [edit] inox under Network Details, In the popup, what is the Trust Level?

TheGoldTooth · ‎10-10-2009

MAIN has full trust to KIDS, and the reverse is also true.

TGT

TheGoldTooth · ‎10-10-2009

As an experiment I turned off Intrusion Prevention on both machines but the problem remains, with identical symptoms.

TGT

dbrisendine · ‎10-06-2008

Please see this picture to answer my qusetion; please tell us what the network's trust level is. Thank you.

TheGoldTooth · ‎10-10-2009

Sorry, must be a bit dense today.

My network trust level was set to SHARED. I changed it to FULL TRUST and I can now successfully RDP from KIDS to MAIN just as I did before upgrading to NIS 2010. Thank you.

I have a wired network at home (powerline -- would never go back to wireless), so a high trust level between devices on my LAN doesn't seem an extreme risk, but there is still a chance, I suppose, that a malefactor outisde the LAN gaining control of KIDS could then access MAIN, which is the only machine that contains information worth stealing.

It seems not quite right that with a network trust level of SHARED, NIS 2010's response to an RDP access attempt to MAIN is to put it offline in such a way that a cold boot is required to restart it. Shouldn't there be a warning message or something gentle like that? Also, it's not completely clear to me from the definitions provided for FULL TRUST, SHARED, PROTECTED, and RESTRICTED exactly which one I should have slected to be able to use RDP. I've now discovered that to make RDP work I have to define my netowork as FULL TRUST, but why this should be so escapes me.

Thanks for your help, dbrisendine; you're a genius. Is it you or I who puts up the "Solved!" icon?

TGT

dbrisendine · ‎10-06-2008

As the orginator of the thread, only you have the ability to mark a post as the solution.

I am glad this works for you but I am going to flag this thread for a Symantec person to look at. I don't know when you can get a responce form them (they work some long and often strange hours). I feel that you should be able to do what you want with the network set at SHARED and want them to see what the conflict is. I really only wanted you to set it to FULL TRUST to see if that allowed the connection. You should not have a problem even at that level as NIS2010 will still be looking at all the processes and files before they hit the network.