My WFH setup is a company laptop wired directly to the home router, which I access from my personal desktop using RDP. Once connected to the work laptop, I log into my corporate VPN for work (from the laptop, not the desktop).
The idea is, I can minimize the RDP session and check my favorite stonks and YouTube channels while working, without them knowing.
But it does make me wonder, how safe is it actually? My biggest concern is, what kind of events does the RDP session capture from the client (my personal desktop). Can it still collect keystrokes when the RDP session is minimized? If I have the options set to share the clipboard contents, does every CTRL+C go to my Work Laptops clipboard, even if I don’t paste it? I’m mostly concerned that some of my activities will “leak” through the RDP session into the work laptop environment. Plus you know, its Windows 10, so I’m a bit worried that Microsoft has made it easy for the employer to extend their data collection through the RDP client.
Potentially, technically yes. Any app can read clipboard contents regardless of what keys you press, various RDP clients might have some protections, … I’m not sure OTOH. disable just in case.
You’re mostly safe… mostly (alt-tab spreadsheets, alt-tab porn they probably won’t know). They can probably tell you’re RDP-ing.
Also, your employer’s security is shockingly relaxed - for allowing RDP from third party managed devices into your laptop. I doubt they care about what you do (don’t do, could do) all that much? Do they?
EDIT: Some people use KVMs as their alt-tab mechanism… It works with more secure setups. There’s no risk of clipboard sharing.
Aside from the telemetry they might collect because Microsoft gunna Microsoft RDP doesn’t seem to have harmful spying tools. Of course those might exist in the system you are connecting to. If I’m not mistaken Microsoft got into some controversial bad PR for offering some kind of activity report.
On the other hand I know Citrix has some tools to record the user session - on the remote host that is. The 2006 style corpo crap ware they include in the client will even install 3 sneaky background services. On my Mac I’ve crippled the program to avoid it running extra services, auto updating and the recording program:
For my work I log into a 2FA protected page to get an ICA file and run the session. I don’t need an authmanager or USB integration crap and I definitely don’t want a recorder program in my personal machine.
I’ve asked around on Citrix related forums how to properly do this but they treated me like I was killing baby Jesus.