Remote Desktop Double Login
In our network all clients run Win 7 x64 Enterprise, the servers run Win 2008R2 x64 Enterprise. Until a while ago connection via RDP to any of the machines for maintainance required only one login at the RDP client. Now on the Win 7 machines the normal login
screen shows up after credentials have already been provided to the RDP client, requiring to login twice effectively. The Win 2008R2 machines behave a usual. I can't put my finger to it but it seems this behavior on the clients turned up after the April 2012
windows update cycle. No GPO has been modified. The registry entries refering to CredSSP etc. show up normal. The logs are clean. RDP info say NLA is supported. Any thoughts ?
Aquila
May 3rd, 2012 1:12pm
Hi Aquila,
Please refer below link will help.
http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx
Thanks & best Regards,Mohammed Imtiyaz Ali
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 5:07pm
Hi Mohammed,
Thank you for your input. However, the single signon is not exactly what I meant. We use RDP for maintainance as follows:
For day-to-day work I'm logged in with a normal unprivileged user account on my machine running Win 7 x64 Enterprise. When I need to login to a remote machine I use RDP, providing admin credentials to the RDP client (Windows Security / Enter your credentials).
That used to be enough, the RDP client showed my admin desktop through RDP. For the Win 2008R2 machines this still works. For the Win 7 machines, now the login screen appears (as if I would logon locally) within the RDP window with the last logged in user
showing and I have to provide the admin credentials again. This is quite a pain and something that changed only recently without any apparent reason. Before that the Win 7 machines 'behaved' like the Win 2008R2s.
Kind regards
Aquila
May 4th, 2012 4:04am
Hi,
Based
on my experience, I recommend you to check the issues via the following steps:
1.
Use
the local group policy on the client sides, modify the following setting: Computer Configurations \ Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Connection Client
Allow
.rdp files from unknown publisher: Enabled;
Configure
server authentication for client: Enabled (Always connect, even if authentication fails)
2.
On
the client side, also modify the following local group policy setting: Computer Configuration \ Administrative Template \ System \ Credentials Delegation
Allow
Delegating Default Credentials with NTLM-only Server Authentication: Enabled
3.
On
the clients Internet Explorer, modify the settings as below:
Tools
Internet Options Security <RDWebs Zone> - Custom level Automatic logon with current user name and password
Tools
Internet Options Advanced Enable Integrated Windows Authentication
4.
In
the RemoteApp Web Access (RDWeb/pages/en-us/Default.aspx), check the option:
I
am using a private computer that complies with my organizations security policy
Do the above suggestions help?
Regards,
Sabrina
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Sabrina
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2012 2:23am
Hi,
How are you? I would appreciate it if you could drop me a note to let me know the status of the issue. If you have any questions or concerns,
please feel free to let me know. I am happy to be of further assistance. :)
Regards,
Sabrina
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Sabrina
TechNet Community Support
May 8th, 2012 10:02pm