Can a virus spread through a network share used by an RDP connection

malwarewindows-server-2003windows-server-2008

When connecting to a Windows Server (2003 or 2008) desktop through RDP from a local Windows (7 or XP) PC with networks shares enabled (usually, the local C: disk will be shared with the remote server), is there a real chance that a virus infects the remote server?

Of course, we protect our local PCs as good as we can, so I'd just like to know if it makes sense to have a policy to restrict file transmissions to FTP or WebDAV and prohibit shares.

I believe a question like this should have been asked before, but I couldn't really find anything.

Best Answer

There's no automated mechanism where a virus would spread through the shared local drives. Unless you count users as Automated Tools of Destruction™ (which I would not underestimate).

We block such access for a couple reasons:

Users have a nasty habit of exploiting any superfluous features we allow for their personal enjoyment (and/or accidentally), usually leading to me cleaning up some sort of mess (like that 90+GB of home pictures someone accidentally copied). It doesn't have to be a virus to bring the server to it's knees.
We can worry less about what the users are copying off our network. You might not be in the same position we are, but we have financial and personal data laying around everywhere. Most users have access to it. We want to limit their copying of that data to external places to mechanism that are logged and generally easy to trace.
There's basically no use case for that access in the first place. We already have a file transfer website, easier and more reliable than copying files in a RDP session. I've only ever had one user ask about transferring files, and one other user ask about printing (which is also disabled by policy).

Related Solutions

Windows Server 2003 – Cannot RDP or Initiate Remote Restart

Try instead:

shutdown -r -f -m \\hostname -c "Comment goes here"

That's a bit drastic, but I've had the need to do that in a very similar environment to what you describe. I also open a cmd window and start a ping -t against the server to watch when the IP stack goes down and comes back up. This is a very useful indicator of activity when you don't have physical access to the server (or are too lazy to get up and walk over to it).

EDIT: (based on your comment) Ok, do this first and then try the above again (or restart it as normal if this works). See it that gets you farther. The -a will abort a system shutdown.

shutdown -a -m \\hostname

Windows Server 2003 – Recycle Bin for File Shares

Third party applications like Undelete can do this - but I think Microsoft simply considers a file share as not really a document system. For storing, keeping version control over and handling important documents - something else is needed. Like the mentioned Sharepoint (though I can't say I enjoy the user experience of it) or some other of all the document management systems out there.

You could also check your backup solution and see if you can go to continuous backup instead of daily for the share. Most backup applications these days should have that at least as an add-on. That way, if supported on the server, all changes will be backed up as they occur, or with only a few minutes delay. This is a nice feature to aim at a disk backup system with a few days of history at most - while keeping nightly backups for longer as usual on tape or whatnot.

Best Answer

Related Solutions

Windows Server 2003 – Cannot RDP or Initiate Remote Restart

Windows Server 2003 – Recycle Bin for File Shares

Related Topic