Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Why log in twice with Remote Desktop 6.0?
- Thread starter PPettit
- Start date
twice? it asks you for it when you enter the server details then should log straight in . . . are you being asked again when you get to the log in screen?
Adrian Paris
Paris Engineering Ltd
Google search of just tech forums & articles
(very useful, honest!)
Adrian Paris
Paris Engineering Ltd
Google search of just tech forums & articles
(very useful, honest!)
- Thread starter
- #3
I'm pretty sure that my issue is caused by disallowing the ability to log on using stored credentials. It's a policy setting.
It seems like the Remote Desktop client prompts for the username and password which it stores somehow. It then tries to pass this stored information to the login process of my server. Since my server doesn't allow stored credentials, it ignores this action and puts up the standard username and password prompt. Now I have to supply the credentials a second time.
Are there any compelling reasons why I would want to allow stored credentials? This seems to be much less secure than forcing my users to input their user name and password every time.
Maybe there's a way to disallow saving the credentials, yet still allow the RDC to pass them during the login process. I want my users to key in the user name and password manually, but it probably doesn't matter which prompt (RDC prompt or server prompt) is used.
It seems like the Remote Desktop client prompts for the username and password which it stores somehow. It then tries to pass this stored information to the login process of my server. Since my server doesn't allow stored credentials, it ignores this action and puts up the standard username and password prompt. Now I have to supply the credentials a second time.
Are there any compelling reasons why I would want to allow stored credentials? This seems to be much less secure than forcing my users to input their user name and password every time.
Maybe there's a way to disallow saving the credentials, yet still allow the RDC to pass them during the login process. I want my users to key in the user name and password manually, but it probably doesn't matter which prompt (RDC prompt or server prompt) is used.
Using stored credentials is no less sucure really particularly on an internal system such as a termonal server, all it means is that if a Domain controller isn't available it will check the stored credentials on the client and allow the user to log in so still checks that the credentials are correct.
On desktops there is a theoretical possiblity that someone who has been sacked or disgruntled in some way can unplug a machine from the network and still log in after there account has been disabled but this isn't possible for a machine they don't have physical access to like a TS.
Not sure if this is the issue (I would have thought the RDP client passes the credentials rather than caches them in some way) but you could try and allow caching of the last log in on this one server to see if the issue disappears
Adrian Paris
Paris Engineering Ltd
Google search of just tech forums & articles
(very useful, honest!)
On desktops there is a theoretical possiblity that someone who has been sacked or disgruntled in some way can unplug a machine from the network and still log in after there account has been disabled but this isn't possible for a machine they don't have physical access to like a TS.
Not sure if this is the issue (I would have thought the RDP client passes the credentials rather than caches them in some way) but you could try and allow caching of the last log in on this one server to see if the issue disappears
Adrian Paris
Paris Engineering Ltd
Google search of just tech forums & articles
(very useful, honest!)
There are other ways a person can get in to a user's station. Example---your vpn allows split-tunelling. A hacker gets into the workstation or the vpn server, and can then log into other workstations because of the split tunnel---the workstation and/or the vpn server is now a gateway to the local/remote network(s), depending on what the hacker cracks into---can then use a brute-forcer or a VB script that fetches the SAM registry file, logs into a workstation, and guess what? The username/password are stored. All the hacker has to do then is press a-z, 1-10, one at a time, until the auto-fill feature fills in the rest.
I find it always best to NOT store the user credentials---just tell the users that it is just double authentication for THEIR safety and the integrity of THEIR personal data.
Burt
I find it always best to NOT store the user credentials---just tell the users that it is just double authentication for THEIR safety and the integrity of THEIR personal data.
Burt
- Status
Similar threads
- Locked
- Question
- Locked
- Question