In an attacker's ideal world, he or she would infect a desktop, steal the user's RDP password and move smoothly across the network to the RDP server and immediately gain access. In real life however, things can get a little more complicated.