Jump to content

Any way to force users to log in manually?

Guest amos

By Guest amos
in Windows NT Server

 Share

Recommended Posts

Guest amos

Guest amos

Posted
Posted

Many of our offsite users have saved Remote Desktop Connection (.rdp)

files saved with the password. Is there any way to have TS 2003 reject

that kind of login, and ask for it to be manually typed in?

  • Replies 17
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

Yes.

 

839918 - Hotfix that lets you control whether a user can save a

password for Remote Desktop Connection sessions to a terminal server

in Windows XP or in Windows 2000

http://support.microsoft.com/?kbid=839918

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

amos <amos@amos2.com> wrote on 19 jul 2008 in

microsoft.public.windows.terminal_services:

> Many of our offsite users have saved Remote Desktop Connection

> (.rdp) files saved with the password. Is there any way to have

> TS 2003 reject that kind of login, and ask for it to be manually

> typed in?

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Any way to force users to log in manually?

 

There is a gpo as well that youc an set that forces prompt for password.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AE0EB6773F2Everanoesthemutforsse@207.46.248.16...

> Yes.

>

> 839918 - Hotfix that lets you control whether a user can save a

> password for Remote Desktop Connection sessions to a terminal server

> in Windows XP or in Windows 2000

> http://support.microsoft.com/?kbid=839918

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> amos <amos@amos2.com> wrote on 19 jul 2008 in

> microsoft.public.windows.terminal_services:

>

>> Many of our offsite users have saved Remote Desktop Connection

>> (.rdp) files saved with the password. Is there any way to have

>> TS 2003 reject that kind of login, and ask for it to be manually

>> typed in?

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

Eeeeh, that's exactly what is documented in the KB article...

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 20 jul 2008

in microsoft.public.windows.terminal_services:

> There is a gpo as well that youc an set that forces prompt for

> password.

>

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AE0EB6773F2Everanoesthemutforsse@207.46.248.16...

>> Yes.

>>

>> 839918 - Hotfix that lets you control whether a user can save a

>> password for Remote Desktop Connection sessions to a terminal

>> server in Windows XP or in Windows 2000

>> http://support.microsoft.com/?kbid=839918

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> amos <amos@amos2.com> wrote on 19 jul 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Many of our offsite users have saved Remote Desktop Connection

>>> (.rdp) files saved with the password. Is there any way to have

>>> TS 2003 reject that kind of login, and ask for it to be

>>> manually typed in?

Guest amos

Guest amos

Posted
Posted

Re: Any way to force users to log in manually?

 

OK, I've read that and somehow remain unsure about what it means. It's a

server setting that knows enough to diregard the 'save password'

checkbox in the rdc dialog? Remember these are not AD users on a

corporate lan, these are users who are not part of the server domain. I

am pretty sure that you both understood what I was requesting, but I'd

just like to be positive that a user from 'outside' connecting via cisco

vpn who has 'save password' check on their connection, would be forced

to manually log in despite that 'save password' checkbox?

 

Thanks for you help

 

In article <Xns9AE0EB6773F2Everanoesthemutforsse@207.46.248.16>,

vera.noest@remove-this.hem.utfors.se says...

> Yes.

>

> 839918 - Hotfix that lets you control whether a user can save a

> password for Remote Desktop Connection sessions to a terminal server

> in Windows XP or in Windows 2000

> http://support.microsoft.com/?kbid=839918

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> amos <amos@amos2.com> wrote on 19 jul 2008 in

> microsoft.public.windows.terminal_services:

>

> > Many of our offsite users have saved Remote Desktop Connection

> > (.rdp) files saved with the password. Is there any way to have

> > TS 2003 reject that kind of login, and ask for it to be manually

> > typed in?

>

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

No, that was not clear from your first post. The users or the

clients must belong to your domain, otherwise the GPO won't be

applied to them.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

amos <amos@amos2.com> wrote on 20 jul 2008 in

microsoft.public.windows.terminal_services:

> OK, I've read that and somehow remain unsure about what it

> means. It's a server setting that knows enough to diregard the

> 'save password' checkbox in the rdc dialog? Remember these are

> not AD users on a corporate lan, these are users who are not

> part of the server domain. I am pretty sure that you both

> understood what I was requesting, but I'd just like to be

> positive that a user from 'outside' connecting via cisco vpn who

> has 'save password' check on their connection, would be forced

> to manually log in despite that 'save password' checkbox?

>

> Thanks for you help

>

> In article <Xns9AE0EB6773F2Everanoesthemutforsse@207.46.248.16>,

> vera.noest@remove-this.hem.utfors.se says...

>> Yes.

>>

>> 839918 - Hotfix that lets you control whether a user can save a

>> password for Remote Desktop Connection sessions to a terminal

>> server in Windows XP or in Windows 2000

>> http://support.microsoft.com/?kbid=839918

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> amos <amos@amos2.com> wrote on 19 jul 2008 in

>> microsoft.public.windows.terminal_services:

>>

>> > Many of our offsite users have saved Remote Desktop

>> > Connection (.rdp) files saved with the password. Is there any

>> > way to have TS 2003 reject that kind of login, and ask for it

>> > to be manually typed in?

Guest amos

Guest amos

Posted
Posted

Re: Any way to force users to log in manually?

 

In article <Xns9AE1DFE4CAB3Everanoesthemutforsse@207.46.248.16>,

vera.noest@remove-this.hem.utfors.se says...

> No, that was not clear from your first post. The users or the

> clients must belong to your domain, otherwise the GPO won't be

> applied to them.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

>

OK, then is there any way to force 'external' users to have to manually

enter a password?

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

amos <amos@amos2.com> wrote on 20 jul 2008:

> In article <Xns9AE1DFE4CAB3Everanoesthemutforsse@207.46.248.16>,

> vera.noest@remove-this.hem.utfors.se says...

>> No, that was not clear from your first post. The users or the

>> clients must belong to your domain, otherwise the GPO won't be

>> applied to them.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>>

> OK, then is there any way to force 'external' users to have to

> manually enter a password?

 

If you don't have any control over the user accounts or the

clients, no, I don't think so. Not without an additional logon

requirement, like smart cards or something like that.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Any way to force users to log in manually?

 

Oh sure, now I"m expectd to read the articeles lol j/k Vera. I should've

read that article better. I thought the article was talking about a hotfix

to put on the XP machines.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AE17A6BD1F4Cveranoesthemutforsse@207.46.248.16...

> Eeeeh, that's exactly what is documented in the KB article...

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 20 jul 2008

> in microsoft.public.windows.terminal_services:

>

>> There is a gpo as well that youc an set that forces prompt for

>> password.

>>

>> Jeff Pitsch

>> Microsoft MVP - Terminal Services

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AE0EB6773F2Everanoesthemutforsse@207.46.248.16...

>>> Yes.

>>>

>>> 839918 - Hotfix that lets you control whether a user can save a

>>> password for Remote Desktop Connection sessions to a terminal

>>> server in Windows XP or in Windows 2000

>>> http://support.microsoft.com/?kbid=839918

>>>

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> amos <amos@amos2.com> wrote on 19 jul 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> Many of our offsite users have saved Remote Desktop Connection

>>>> (.rdp) files saved with the password. Is there any way to have

>>>> TS 2003 reject that kind of login, and ask for it to be

>>>> manually typed in?

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Any way to force users to log in manually?

 

The GPO is a computer setting not a user setting. Therefore it doesn't

matter if the users are part of the domain or not. The GPO will work fine.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

 

"Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AE29E12730veranoesthemutforsse@207.46.248.16...

> amos <amos@amos2.com> wrote on 20 jul 2008:

>

>> In article <Xns9AE1DFE4CAB3Everanoesthemutforsse@207.46.248.16>,

>> vera.noest@remove-this.hem.utfors.se says...

>>> No, that was not clear from your first post. The users or the

>>> clients must belong to your domain, otherwise the GPO won't be

>>> applied to them.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>>

>> OK, then is there any way to force 'external' users to have to

>> manually enter a password?

>

> If you don't have any control over the user accounts or the

> clients, no, I don't think so. Not without an additional logon

> requirement, like smart cards or something like that.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> *----------- Please reply in newsgroup -------------*

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

But as I understand it now, neither the users nor the clients are

part of the domain. Then I don't see how it can be done. Or am I

missing something?

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 21 jul 2008

in microsoft.public.windows.terminal_services:

> The GPO is a computer setting not a user setting. Therefore it

> doesn't matter if the users are part of the domain or not. The

> GPO will work fine.

>

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

>

> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AE29E12730veranoesthemutforsse@207.46.248.16...

>> amos <amos@amos2.com> wrote on 20 jul 2008:

>>

>>> In article

>>> <Xns9AE1DFE4CAB3Everanoesthemutforsse@207.46.248.16>,

>>> vera.noest@remove-this.hem.utfors.se says...

>>>> No, that was not clear from your first post. The users or the

>>>> clients must belong to your domain, otherwise the GPO won't

>>>> be applied to them.

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>>

>>> OK, then is there any way to force 'external' users to have to

>>> manually enter a password?

>>

>> If you don't have any control over the user accounts or the

>> clients, no, I don't think so. Not without an additional logon

>> requirement, like smart cards or something like that.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> *----------- Please reply in newsgroup -------------*

Guest amos

Guest amos

Posted
Posted

Re: Any way to force users to log in manually?

 

Yes, sorry for the original post being less than lucid. I thought I had

laid it all out but it was pretty skimpy on my situation. For my

particular situation it's true, the users are widely dispersed, many

will be operating out of home offices, and not part of any lan or

domain. It'd be very cool if the gpo setting did result in any and all

requests for an rd connection to need manual password entry, so it'll be

interesting to see what the upshot is. I may be able to experiment with

the server in question, but that'd not be my first choice.

Guest TP

Guest TP

Posted
Posted

Re: Any way to force users to log in manually?

 

Hi,

 

On the server:

 

1. Open Terminal Services Configuration (tscc.msc)

2. Right-click RDP-Tcp and choose Properties

3. On the Logon Settings tab, choose "Always use the following logon information"

4. Leave the User name field blank

5. If the server is joined to a domain and you would like the logon screen to

default to the domain, enter the domain name in the Domain field

6. Check "Always prompt for password"

7. Click the OK button

 

Now your server will prompt for user name and password when users

connect via RDP, regardless of their client settings.

 

Thanks.

 

-TP

 

amos wrote:

> Many of our offsite users have saved Remote Desktop Connection (.rdp)

> files saved with the password. Is there any way to have TS 2003 reject

> that kind of login, and ask for it to be manually typed in?

Guest TP

Guest TP

Posted
Posted

Re: Any way to force users to log in manually?

 

Hi Vera,

 

That hotfix allows you to control whether users are able to save

passwords in an .rdp file. This is a useful feature for security

purposes on client PCs, but does not affect how the server

will respond if a RDP client presents saved credentials.

 

What is needed is to change the setting on the server.

 

There is a brilliant individual that maintains an FAQ on such

matters, you may want to take a look:

 

http://tinyurl.com/63s5o8

 

Thanks.

 

-TP

 

Vera Noest [MVP] wrote:

> Yes.

>

> 839918 - Hotfix that lets you control whether a user can save a

> password for Remote Desktop Connection sessions to a terminal server

> in Windows XP or in Windows 2000

> http://support.microsoft.com/?kbid=839918

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

Aaaah, I see. I was thinking about the client side of things only.

Thanks, TP!

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"TP" <tperson.knowspamn@mailandnews.com> wrote on 22 jul 2008 in

microsoft.public.windows.terminal_services:

> Hi Vera,

>

> That hotfix allows you to control whether users are able to save

> passwords in an .rdp file. This is a useful feature for

> security purposes on client PCs, but does not affect how the

> server will respond if a RDP client presents saved credentials.

>

> What is needed is to change the setting on the server.

>

> There is a brilliant individual that maintains an FAQ on such

> matters, you may want to take a look:

>

> http://tinyurl.com/63s5o8

>

> Thanks.

>

> -TP

>

> Vera Noest [MVP] wrote:

>> Yes.

>>

>> 839918 - Hotfix that lets you control whether a user can save a

>> password for Remote Desktop Connection sessions to a terminal

>> server in Windows XP or in Windows 2000

>> http://support.microsoft.com/?kbid=839918

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Any way to force users to log in manually?

 

"TP" <tperson.knowspamn@mailandnews.com> wrote on 22 jul 2008 in

microsoft.public.windows.terminal_services:

> There is a brilliant individual that maintains an FAQ on such

> matters, you may want to take a look:

>

> http://tinyurl.com/63s5o8

 

LOL :D

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

Guest amos

Guest amos

Posted
Posted

Re: Any way to force users to log in manually?

 

In article <ecNh0MA7IHA.5820@TK2MSFTNGP04.phx.gbl>,

tperson.knowspamn@mailandnews.com says...

> Hi,

>

> On the server:

>

> 1. Open Terminal Services Configuration (tscc.msc)

> 2. Right-click RDP-Tcp and choose Properties

> 3. On the Logon Settings tab, choose "Always use the following logon information"

> 4. Leave the User name field blank

> 5. If the server is joined to a domain and you would like the logon screen to

> default to the domain, enter the domain name in the Domain field

> 6. Check "Always prompt for password"

> 7. Click the OK button

>

> Now your server will prompt for user name and password when users

> connect via RDP, regardless of their client settings.

>

> Thanks.

>

> -TP

That's almost perfect. The only issue with this approach is that the

user has to enter their login as well as the password. But, pretty

workable. Thank you.

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Any way to force users to log in manually?

 

You apply the setting to the Terminal Server not the end points.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AE2DF67FD4F8veranoesthemutforsse@207.46.248.16...

> But as I understand it now, neither the users nor the clients are

> part of the domain. Then I don't see how it can be done. Or am I

> missing something?

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 21 jul 2008

> in microsoft.public.windows.terminal_services:

>

>> The GPO is a computer setting not a user setting. Therefore it

>> doesn't matter if the users are part of the domain or not. The

>> GPO will work fine.

>>

>> Jeff Pitsch

>> Microsoft MVP - Terminal Services

>>

>>

>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AE29E12730veranoesthemutforsse@207.46.248.16...

>>> amos <amos@amos2.com> wrote on 20 jul 2008:

>>>

>>>> In article

>>>> <Xns9AE1DFE4CAB3Everanoesthemutforsse@207.46.248.16>,

>>>> vera.noest@remove-this.hem.utfors.se says...

>>>>> No, that was not clear from your first post. The users or the

>>>>> clients must belong to your domain, otherwise the GPO won't

>>>>> be applied to them.

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>

>>>> OK, then is there any way to force 'external' users to have to

>>>> manually enter a password?

>>>

>>> If you don't have any control over the user accounts or the

>>> clients, no, I don't think so. Not without an additional logon

>>> requirement, like smart cards or something like that.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> *----------- Please reply in newsgroup -------------*

 Share
Go to topic listing
×
×
  • Create New...