Auto-login

From ThinManager Knowledge Base
Jump to: navigation, search

Contents

Environment

Description

  • Thin clients appear to not be passing the auto login credentials on to the Terminal Server.

Problem Cause

This issue is caused by Windows always prompting for a password and not allowing the use of cached credentials from ThinManager.

Resolution

This issue is resolved by disabling the "Always prompt for password" feature within RD/TS Session Host Configuration Snap-in.

Server 2008

  • Start > Administrative Tools > Terminal Services Session Host Configuration
  • Double click on RDP-Tcp
  • Log on Settings > Uncheck "Always prompt for password"
    • If "Always prompt for password" is grayed out, "Do not allow passwords to be saved" needs to be set to "Not configured" via GPO.

Server 2008 R2

  • Start > Administrative Tools > Remote Desktop Session Host Configuration
  • Double click on RDP-Tcp
  • Log on Settings > Uncheck "Always prompt for password"
    • If "Always prompt for password" is grayed out, "Do not allow passwords to be saved" needs to be set to "Not configured" via GPO.

Server 2012 and Server 2012 R2

  • Start > Run > gpedit.msc
  • Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
  • Double click the "Always prompt for password upon connection" setting
  • Change setting to Not Configured or Disabled
  • To apply changes: Start > Run > gpupdate /force

Note: Windows Server 2012 and 2012 R2 were designed such that RDS servers should be joined to a domain using at least one Remote Desktop Services Connection Broker. All Remote Desktop Servers would then be managed as a Collection using Server Manager and/or PowerShell. However, Microsoft’s Article ID 2833839, entitled “Guidelines for installing Remote Desktop Session Host role service on a computer running Windows Server 2012 without the Remote Desktop Connection Broker role service,” describes that, although not ideal, the Remote Desktop Services role can be installed on a server joined to a Workgroup as opposed to a domain. The major drawback to this architecture is that most of the User Interface tools provided to manage and configure Remote Desktop Services are not available to non-domain member servers. The configuration must take place using a combination of local group policy edits and/or PowerShell scripts, which is why this setting is modified using Local Group Policy in the Server 2012 and Server 2012 R2 sections above.


Group Policy Fix

2008 FFL

  • Start > Run > gpedit.msc
  • Expand: Administrative Templates > Windows Components > Terminal Services > Terminal Server > Remote Desktop Connection Client
  • Change: "Do now allow passwords to be saved" to Not configured or Disabled.

2008 R2, 2012 and 2012 R2 FFL

  • Start > Run > gpedit.msc
  • Expand: Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client
  • Change: "Do now allow passwords to be saved" to Not configured or Disabled.
Personal tools
Namespaces

Variants
Actions
Navigation
Events
Toolbox