Metric: Remote Desktop Activity
AimBetter tracks the incidence of users accessing the database through a remote desktop connection, such as AnyDisk, RemotePC, TeamViewer, etc.
Expected behavior :
There is no standard-setting.
Every instance of access via a remote desktop is reported, including the component, along with start and end time of the session.
Recommended action :
Access is a matter of security control, and this alert serves to advise of these instances.
Normal security access control may be compromised by external access via any remote desktop access program onto a terminal that has been logged in to the SQL Server. In this case, another computer has taken control of the original desktop, which was logged in and authenticated and thereby has the same level of access and control.
There may be instances where such external control is authorized and proper. This alert does not distinguish between normal and unusual instances.