Hi. I'm running into some sort of security issue. Some of our customers actively lock their RDP session so obviously no-one can use it. It seems that when you lock your RDP session, and then get a reconnect to the server, and the RDP client reconnects, it automatically logs you in again, circumventing the lock.
Easy to abuse too: locked session? Just disconnect the network cable / wifi until the session starts reconnecting, and reconnect the cable and *poof* you are in.
Now some of this is prevented as we have some customers that have 2FA implemented on the RD Gateways, so when the session reconnects, you'll need to approve the 2FA. But not all customers have that.
Would there be any way to prevent this? Anyone else can confirm this?