Solved Win Sandbox Runs in a Remote Desktop Connection (RDC) Session with RDC OFF - Am I Exposed to RDC's Security Vulnerabilities???

I read that Remote Desktop Connection (RDC) has security issues, including concerns about leaving port 3389 open to the world. I didn't want to harden RDC, don't need it, so turned it off first at Settings/System/Remote Desktop. Then I ensured Control Panel/Advanced System Settings/Remote tab - Remote Assistance/Allow Remote Assistance was off and (in the same tab) Remote Desktop/Don't Allow Remote Connections was on.

Moved on to setting up Win Sandbox, did not see RDC as a prerequisite (

Windows Sandbox

Windows Sandbox overview

learn.microsoft.com

), turned the Sandbox feature on in Windows, re-booted, started playing with it, and noticed it's in an RDC window - clicking the sandbox's "Connection Information" icon displays this RDC window...

In my mind, if Sandbox depends on RDC, and RDC is off, Sandbox shouldn't work, which means RDC is at least partly on. I checked if running Win Sandbox had turned RDC on in the real PC but it hadn't... The real System and Control Panel RDC settings are on the left & the virtual PC's are on the right (Sandbox/Settings/Remote Desktop does nothing when clicked)...


Apparently even though RDC is "off," enough of it has been brought online to run Win Sandbox. So the question is, even though RDC is off in Settings and Control Panel, is enough of it up and running that I'm exposed to its various vulnerabilities - do I need to harden it by change the listening port to something other than 3389 etc? OR, are these two Windows functions (RDC and Sandbox) so well integrated that they are only talking to each other deep in Windows and there is no aspect of the RDC exposed to the internet?

Thanks,

Gordy_Z

RDC is only an issue if you remote connect to a pc over the internet.

Using it on a LAN i.e. inside the host OS firewall is no issue.

Thanks for the reply. Unfortunately, not understanding PC intricacies, I'd like to see for myself RDC is off to the outside world. I understand if I remote connect to a PC over the internet my session can be hijacked and by choosing to not remotely connect I can prevent that. But, people seemed to be concerned about more than active RDC sessions... "Never ever expose RDP directly to the internet." And I think I know that in a worse case scenario in which someone has my credentials they can log in remotely without me initiating the connection, right?

The Sandbox turned parts of RDC on even though I'd turned it off as shown above. So I'd like to verify/see for myself that it's not turned on enough to include connections beyond my PC and the Sandbox inside it, so that even if they had my credentials they couldn't use my RDC. Cereberus mentioned the Firewall so I looked into mine...

No Remote anything apps have either Private or Public checked.

I think this shows that my PC's RDC (and remote anything) simply cannot send anything to the web and nothing from the web can reach my PC via RDC, even if they had my RDC sign-in credentials. Is that right?

Thanks again,

Gordy_Z said:

I think this shows that my PC's RDC (and remote anything) cannot send anything to the web and nothing from the web can reach my PC via RDC, even if they had my RDC sign-in credentials. Is that right?

Thanks again,

Click to expand...

Right.

Thanks Oat, you're quick - I think you replied in the first minute before I took it down to edit it (I just put it back up again, maybe it stays up while it's being edited, not sure).

So unless I hear differently I'm going to operate on the assumption that that Firewall capture shows my RDC only operates inside my PC and has no ability to listen for incoming session requests, even if a request has all the right credentials to access RDC on my PC.

Thanks again,