Remote Desktop Access Procedure
Purpose
This document outlines the procedure for accessing Global Bank workstations and servers remotely using Remote Desktop Protocol (RDP) through the bank's secure Remote Desktop Gateway. Remote desktop access is restricted to authorised personnel who require direct access to specific systems that cannot be reached via standard VPN connectivity alone.
Policy Reference: IT-NET-003
Applies To: IT administrators, application support teams, and authorised business users
When to Use Remote Desktop
Remote Desktop access should only be used when:
- You need to administer a server or workstation that requires a graphical console session.
- You need to access a legacy application that is not published through the Virtual Application Platform.
- You are performing authorised maintenance or troubleshooting on behalf of IT Operations.
For general remote working, employees should use the VPN (see VPN Setup and Usage Guide, IT-NET-001) and access applications through the standard published application catalogue.
Prerequisites
- An active VPN connection to the Global Bank network.
- Membership in the appropriate Active Directory security group (e.g.,
GBL-RDP-Servers,GBL-RDP-Workstations). - A completed and approved Remote Access Request Form (ITOPS-RF-012), signed by your line manager and the system owner.
- Multi-Factor Authentication (MFA) enrolment.
Requesting Access
- Log in to the IT Service Portal at servicedesk.globalbank.com.
- Navigate to Request a Service > Remote Desktop Access.
- Complete the request form, specifying:
- Target system hostname or IP address
- Business justification
- Required duration (maximum 90 days per request)
- Approving manager's name and employee ID
- Submit the request. Your line manager and the system owner will receive approval notifications.
- Once both approvals are obtained, IT Operations will add your account to the relevant security group within two business days.
Connecting via Remote Desktop Gateway
- Establish a VPN connection using CiscoSecure Connect.
- Open Remote Desktop Connection (mstsc.exe) on your device.
- Click Show Options and navigate to the Advanced tab.
- Under Connect from anywhere, click Settings and enter the gateway server:
rdgw.globalbank.com - Select Use my RD Gateway credentials for the remote computer.
- Return to the General tab and enter the target computer name.
- Click Connect and authenticate with your corporate credentials.
- Approve the MFA prompt when presented.
Session Management Rules
| Rule | Detail |
|---|---|
| Maximum session duration | 8 hours (auto-disconnect) |
| Idle timeout | 30 minutes |
| Concurrent sessions | 1 per user (unless exception granted) |
| Clipboard redirection | Disabled by default on servers |
| Drive redirection | Disabled on all sessions |
| Session recording | Enabled for privileged accounts |
Security Considerations
- All RDP sessions are routed through the Remote Desktop Gateway; direct RDP connections to internal hosts are blocked at the firewall.
- Sessions to servers classified as Tier 0 or Tier 1 are recorded and subject to audit by the IT Security Team.
- File transfer via RDP is prohibited. Use approved secure file transfer mechanisms instead.
- Report any suspicious activity observed during an RDP session to the Security Operations Centre immediately.
Access Revocation
Remote Desktop access is automatically revoked after the approved duration expires. If access is no longer required before the expiry date, submit a cancellation request through the IT Service Portal. Access may also be revoked immediately by IT Security in the event of a security incident.
Support
For assistance with Remote Desktop access:
- IT Operations: itops@globalbank.com | Ext. 2100
- IT Service Desk: servicedesk@globalbank.com | Ext. 2000