![]() ![]() To use the RD Gateway with SSO, enable the policy Set RD Gateway Authentication Method User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> RD Gateway) and set its value to Use Locally Logged-On Credentials. Now, when you start a RemoteApp or connect directly to a Remote Desktop Services host, you will not be prompted for your password. Your Windows logon credentials will be used to connect. ![]() The UserName field automatically displays your name in the format : Then navigate to the Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client and disable the policy Prompt for credentials on the client computer.Īfter updating the Group Policy settings on the client, open the mstsc.exe (Remote Desktop Connection) client and specify the FQDN of the RDS host. Select ‘ Automatic logon with current username and password’ from the dropdown list. Next, you need to enable the Logon options policy under User/Computer Configuration -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security -> Trusted Sites Zone. Specify the FQDN of the RD Connection Broker hostname and set Zone 2 (Trusted sites).Enable the policy Site to Zone Assignment List.Go to the GPO section User/Computer Configuration -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page.Then, to prevent a window warning that the remote application publisher is untrusted, add the address of the server running the RD Connection Broker role to the trusted zone on the client computers using the policy “ Site to Zone Assignment List” (similar to the article How to disable Open File security warning on Windows 10): If the NTLM authentication protocol is not disabled in the domain, you must configure the Allow delegation default credentials with NTLM-only server authentication policy in the same way. ![]() The above policy will work if you are using Kerberos authentication. This is outside the scope of this article (you can generate a self-signed SSL certificate yourself, but you will have to deploy it to the trusted cert on all clients using the group policy). ![]() The procedure for obtaining an SSL certificate for RDS deployment is not covered. The certificate’s Enhanced Key Usage (EKU) must contain the Server Authentication identifier. rdp publishers using GPO.Įnable SSO Authentication on RDS Host with Windows Server 2022/2019/2016įirst, you need to issue and assign an SSL certificate to your RDS deployment. Add the RDS certificate thumbprint to the trusted.Configure credential delegation group policy.Web SSO has to be enabled on the RDWeb server.You need to issue and assign an SSL certificate on RD Gateway, RD Web, and RD Connection Broker servers.The single sign-on setup process consists of the following steps: The RDP Security Layer in the connection settings should be set to Negotiate or SSL (TLS 1.0), and the encryption mode to High or FIPS Compliant.SSO works only with password authentication (smart cards are not supported).The RDP 8.0 or later must be used on the RDP clients.SSO works only in the domain environment: Active Directory user accounts must be used, the RDS servers and user’s workstations must be joined to the same AD domain.You can use Windows 11,10,8.1 with Pro/Enterprise editions as client workstations.The Connection Broker server and all RDS hosts must be running Windows Server 2012 or newer.Configure Remote Desktop Single Sign-on on Windows Clients.Enable SSO Authentication on RDS Host with Windows Server 2022/2019/2016. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |