hidden hit counter
Help!

Terminal Services Client 6.0 Authentication

 
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Work Remotely RSS
Next:  No audio from DVD's  
Author Message
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Tue Dec 05, 2006 1:45 am    Post subject: Terminal Services Client 6.0 Authentication
Archived from groups: microsoft>public>windowsxp>work_remotely (more info?)

I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I use
the MCE system to connect to the Pro system via RDP.

So far, all I've noticed in TSC 6.0 are new annoyances. For example, I
have always used RDP by running the command line "mstsc.exe [file
name].rdp". This always used to make the connection, and then go right
to a "Log On to Windows" dialog. But with TSC 6.0, I always get a
"Remote Desktop Connection" dialog first, and then still have to enter
the (same) credentials again on the "Log On to Windows" dialog. What is
the point to the "Remote Desktop Connection" dialog?

Also, on the "Remote Desktop Connection" dialog: Sometimes, the user
name is pre-filled as simply "User". Other times, it shows up as
"x.x.x.x\User", where x.x.x.x is the IP address. Still other times, it
appears as "User@x.x.x.x". This last case is especially irritating,
because the "User@x.x.x.x" carries over onto the "Log On to Windows"
dialog, where it causes authentication failure. So, whenever this
happens (which seems to be randomly, but often), I have to manually edit
the user name field on the "Log On to Windows" dialog, changing it from
"User@x.x.x.x" to "User". Annoying. Very.

Any info would be appreciated.
Back to top
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Tue Dec 05, 2006 2:50 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

trev wrote:

> with TSC 6.0, I always
> get a "Remote Desktop Connection" dialog first, and then still have
> to enter the (same) credentials again on the "Log On to Windows"
> dialog. What is the point to the "Remote Desktop Connection" dialog?

I've found the answer to this part, at least. This behavior was the
result of having a Group Policy setting enabled:

Local Computer Policy > Computer Configuration > Administrative
Templates > Windows Components > Terminal Services > Always prompt
client for password upon connection

(I wish it were buried a few levels deeper.)

With the above setting "Not Configured", I get right to the remote
desktop after filling in the credentials on the "Remote Desktop
Connection" dialog.

I've had that Group Policy setting that way for years (which is why I
had forgotten about it). Why it behaved differently with the previous
TSC I don't know.
Back to top
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Tue Dec 05, 2006 4:06 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

trev wrote:

> trev wrote:
>
>> with TSC 6.0, I always
>> get a "Remote Desktop Connection" dialog first, and then still have
>> to enter the (same) credentials again on the "Log On to Windows"
>> dialog. What is the point to the "Remote Desktop Connection" dialog?
>
> I've found the answer to this part, at least. This behavior was the
> result of having a Group Policy setting enabled:
>
> Local Computer Policy > Computer Configuration > Administrative
> Templates > Windows Components > Terminal Services > Always prompt
> client for password upon connection
>
> (I wish it were buried a few levels deeper.)
>
> With the above setting "Not Configured", I get right to the remote
> desktop after filling in the credentials on the "Remote Desktop
> Connection" dialog.
>
> I've had that Group Policy setting that way for years (which is why I
> had forgotten about it). Why it behaved differently with the previous
> TSC I don't know.

Actually, (duh...), this was not the "answer" to anything. What I did
by changing the setting mentioned above was eliminate one prompt, but
the wrong one. The correct solution (for this part of my problem) is to
use the enablecredsspsupport:i:0 setting in the .RDP file (as pointed
out by "workinghard" in the other reply).
Back to top
workinghard
External


Since: Jan 23, 2005
Posts: 11



PostPosted: Tue Dec 05, 2006 4:17 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Hello,

try and use the "Do not use authentication" option in the Advanced Tab sheet
of
option. This does not persist however so if you want to make it permanent
add following line to the default.rdp file (or any other saved .rdp
file):enablecredsspsupport:i:0

That will take care of it. Cheers

"trev" wrote in message

>I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I use the
>MCE system to connect to the Pro system via RDP.
>
> So far, all I've noticed in TSC 6.0 are new annoyances. For example, I
> have always used RDP by running the command line "mstsc.exe [file
> name].rdp". This always used to make the connection, and then go right to
> a "Log On to Windows" dialog. But with TSC 6.0, I always get a "Remote
> Desktop Connection" dialog first, and then still have to enter the (same)
> credentials again on the "Log On to Windows" dialog. What is the point to
> the "Remote Desktop Connection" dialog?
>
> Also, on the "Remote Desktop Connection" dialog: Sometimes, the user name
> is pre-filled as simply "User". Other times, it shows up as
> "x.x.x.x\User", where x.x.x.x is the IP address. Still other times, it
> appears as "User@x.x.x.x". This last case is especially irritating,
> because the "User@x.x.x.x" carries over onto the "Log On to Windows"
> dialog, where it causes authentication failure. So, whenever this happens
> (which seems to be randomly, but often), I have to manually edit the user
> name field on the "Log On to Windows" dialog, changing it from
> "User@x.x.x.x" to "User". Annoying. Very.
>
> Any info would be appreciated.
>
>
Back to top
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Tue Dec 05, 2006 4:17 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Thanks. I actually *have* to use that option, otherwise it will not
work at all. It tells me that it can't authenticate... Therefore, I
have no choice.

workinghard@news.postalias wrote:

> Hello,
>
> try and use the "Do not use authentication" option in the Advanced
> Tab sheet of
> option. This does not persist however so if you want to make it
> permanent add following line to the default.rdp file (or any other
> saved .rdp file):enablecredsspsupport:i:0
>
> That will take care of it. Cheers
>
> "trev" wrote in message
>
>> I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I
>> use the MCE system to connect to the Pro system via RDP.
>>
>> So far, all I've noticed in TSC 6.0 are new annoyances. For
>> example, I have always used RDP by running the command line
>> "mstsc.exe [file name].rdp". This always used to make the
>> connection, and then go right to a "Log On to Windows" dialog. But
>> with TSC 6.0, I always get a "Remote Desktop Connection" dialog
>> first, and then still have to enter the (same) credentials again on
>> the "Log On to Windows" dialog. What is the point to the "Remote
>> Desktop Connection" dialog? Also, on the "Remote Desktop Connection"
>> dialog: Sometimes, the
>> user name is pre-filled as simply "User". Other times, it shows up
>> as "x.x.x.x\User", where x.x.x.x is the IP address. Still other
>> times, it appears as "User@x.x.x.x". This last case is especially
>> irritating, because the "User@x.x.x.x" carries over onto the "Log On
>> to Windows" dialog, where it causes authentication failure. So,
>> whenever this happens (which seems to be randomly, but often), I
>> have to manually edit the user name field on the "Log On to Windows"
>> dialog, changing it from "User@x.x.x.x" to "User". Annoying. Very.
>>
>> Any info would be appreciated.
Back to top
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Tue Dec 05, 2006 7:36 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Thanks, but now there's another (albeit minor) problem. Using
enablecredsspsupport:i:0 eliminates the RDC dialog, but when I get to
the server's login dialog, the user name is no longer remembered (as it
always used to be).

workinghard@news.postalias wrote:

> Hello,
>
> try and use the "Do not use authentication" option in the Advanced
> Tab sheet of
> option. This does not persist however so if you want to make it
> permanent add following line to the default.rdp file (or any other
> saved .rdp file):enablecredsspsupport:i:0
>
> That will take care of it. Cheers
>
> "trev" wrote in message
>
>> I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I
>> use the MCE system to connect to the Pro system via RDP.
>>
>> So far, all I've noticed in TSC 6.0 are new annoyances. For
>> example, I have always used RDP by running the command line
>> "mstsc.exe [file name].rdp". This always used to make the
>> connection, and then go right to a "Log On to Windows" dialog. But
>> with TSC 6.0, I always get a "Remote Desktop Connection" dialog
>> first, and then still have to enter the (same) credentials again on
>> the "Log On to Windows" dialog. What is the point to the "Remote
>> Desktop Connection" dialog? Also, on the "Remote Desktop Connection"
>> dialog: Sometimes, the
>> user name is pre-filled as simply "User". Other times, it shows up
>> as "x.x.x.x\User", where x.x.x.x is the IP address. Still other
>> times, it appears as "User@x.x.x.x". This last case is especially
>> irritating, because the "User@x.x.x.x" carries over onto the "Log On
>> to Windows" dialog, where it causes authentication failure. So,
>> whenever this happens (which seems to be randomly, but often), I
>> have to manually edit the user name field on the "Log On to Windows"
>> dialog, changing it from "User@x.x.x.x" to "User". Annoying. Very.
>>
>> Any info would be appreciated.
Back to top
TP
External


Since: Apr 15, 2005
Posts: 23



PostPosted: Tue Dec 05, 2006 4:47 pm    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

The new client can give roughly the same auth behavior as
the old client, it just works a little different on the front
end. You do not need the enablecredsspsupport option
that I discussed in a prior post:

http://groups.google.com/group/microsoft.public.windows.terminal_services/browse_frm/thread/7048672478cf3141/

I recommended that option because the poster specifically
asked for the old behavior and because he is using the
Novell client.

What behavior would you prefer, exactly?

When you run "mstsc [filename].rdp", would you like it to:

1.) Connect and log you in to your XP Pro machine, without
prompting for username/password at all?

2.) Connect to your XP Pro machine, but stop at the Log On
to Windows prompt, with your user name pre-filled and
the password box blank?

3.) Another option?

I am guessing you want option 2 above, please correct me if
I am wrong. Remove the enablecredsspsupport that you
added before.

In order to do this, you need to open up the client (manually, not
specifiying .rdp file) and connect to your XP Pro machine using
the same computer name stored in your .rdp file. When
prompted for your credentials, enter them exactly as you would
if you were entering them on your XP Pro machine, and check
the save password box.

After you have successfully connected, disconnect from
your XP Pro machine. Open up the client again, make sure
the computer name is still set to your XP Pro machine as used
above, and then click the edit credentials hyperlink. The
credentials screen should have your username as entered
above, with the password box blank. Click the OK button
to save your credentials, do *not* enter a password in the box.

Uncheck "Always ask for credentials". Optionally set all of your
connection preferences and then click the Save As button to
make a fresh .rdp file for this connection.

Click the Connect button. This time it should connect to your XP
Pro machine, but stop at the Log On to Windows screen with
the user name field pre-filled and the password blank. You
should have the same behavior if you use the rdp file as well.

Username and password are no longer stored in the .rdp
file.

Please let me know if you have any questions.

-TP

trev wrote:
> I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I use
> the MCE system to connect to the Pro system via RDP.
>
> So far, all I've noticed in TSC 6.0 are new annoyances. For example,
> I have always used RDP by running the command line "mstsc.exe [file
> name].rdp". This always used to make the connection, and then go
> right to a "Log On to Windows" dialog. But with TSC 6.0, I always
> get a "Remote Desktop Connection" dialog first, and then still have
> to enter the (same) credentials again on the "Log On to Windows"
> dialog. What is the point to the "Remote Desktop Connection" dialog?
>
> Also, on the "Remote Desktop Connection" dialog: Sometimes, the user
> name is pre-filled as simply "User". Other times, it shows up as
> "x.x.x.x\User", where x.x.x.x is the IP address. Still other times,
> it appears as "User@x.x.x.x". This last case is especially
> irritating, because the "User@x.x.x.x" carries over onto the "Log On
> to Windows" dialog, where it causes authentication failure. So,
> whenever this happens (which seems to be randomly, but often), I have
> to manually edit the user name field on the "Log On to Windows"
> dialog, changing it from "User@x.x.x.x" to "User". Annoying. Very.
>
> Any info would be appreciated.
Back to top
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Tue Dec 05, 2006 10:50 pm    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Thank you! Your guess was a good onee; it was "option 2" that I was
after. Your instructions worked perfectly. I don't think I would have
figured that out on my own. (I very nearly removed TSC 6.0.)

The only caveat was that I had to temporarily disabled the "Local
Computer Policy > Computer Configuration > Administrative Templates >
Windows Components > Terminal Services > Client > Do not allow passwords
to be saved" setting on the client. (Otherwise, no "Save password"
option appears at all.)

Thanks again.

TP wrote:

> The new client can give roughly the same auth behavior as
> the old client, it just works a little different on the front
> end. You do not need the enablecredsspsupport option
> that I discussed in a prior post:
>
> http://groups.google.com/group/microsoft.public.windows.terminal_services/browse_frm/thread/7048672478cf3141/
>
> I recommended that option because the poster specifically
> asked for the old behavior and because he is using the
> Novell client.
>
> What behavior would you prefer, exactly?
>
> When you run "mstsc [filename].rdp", would you like it to:
>
> 1.) Connect and log you in to your XP Pro machine, without
> prompting for username/password at all?
>
> 2.) Connect to your XP Pro machine, but stop at the Log On
> to Windows prompt, with your user name pre-filled and
> the password box blank?
>
> 3.) Another option?
>
> I am guessing you want option 2 above, please correct me if
> I am wrong. Remove the enablecredsspsupport that you
> added before.
>
> In order to do this, you need to open up the client (manually, not
> specifiying .rdp file) and connect to your XP Pro machine using
> the same computer name stored in your .rdp file. When
> prompted for your credentials, enter them exactly as you would
> if you were entering them on your XP Pro machine, and check
> the save password box.
>
> After you have successfully connected, disconnect from
> your XP Pro machine. Open up the client again, make sure
> the computer name is still set to your XP Pro machine as used
> above, and then click the edit credentials hyperlink. The
> credentials screen should have your username as entered
> above, with the password box blank. Click the OK button
> to save your credentials, do *not* enter a password in the box.
>
> Uncheck "Always ask for credentials". Optionally set all of your
> connection preferences and then click the Save As button to
> make a fresh .rdp file for this connection.
>
> Click the Connect button. This time it should connect to your XP
> Pro machine, but stop at the Log On to Windows screen with
> the user name field pre-filled and the password blank. You
> should have the same behavior if you use the rdp file as well.
>
> Username and password are no longer stored in the .rdp
> file.
>
> Please let me know if you have any questions.
>
> -TP
>
> trev wrote:
>> I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I
>> use the MCE system to connect to the Pro system via RDP.
>>
>> So far, all I've noticed in TSC 6.0 are new annoyances. For example,
>> I have always used RDP by running the command line "mstsc.exe [file
>> name].rdp". This always used to make the connection, and then go
>> right to a "Log On to Windows" dialog. But with TSC 6.0, I always
>> get a "Remote Desktop Connection" dialog first, and then still have
>> to enter the (same) credentials again on the "Log On to Windows"
>> dialog. What is the point to the "Remote Desktop Connection" dialog?
>>
>> Also, on the "Remote Desktop Connection" dialog: Sometimes, the user
>> name is pre-filled as simply "User". Other times, it shows up as
>> "x.x.x.x\User", where x.x.x.x is the IP address. Still other times,
>> it appears as "User@x.x.x.x". This last case is especially
>> irritating, because the "User@x.x.x.x" carries over onto the "Log On
>> to Windows" dialog, where it causes authentication failure. So,
>> whenever this happens (which seems to be randomly, but often), I have
>> to manually edit the user name field on the "Log On to Windows"
>> dialog, changing it from "User@x.x.x.x" to "User". Annoying. Very.
>>
>> Any info would be appreciated.
Back to top
TP
External


Since: Apr 15, 2005
Posts: 23



PostPosted: Tue Dec 05, 2006 10:50 pm    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

You are welcome. Thank you for posting your
results.

I did not think to have you disable the policy setting
because you mentioned in an earlier post that you
had set it to Not Configured.

-TP

trev wrote:
> Thank you! Your guess was a good onee; it was "option 2" that I was
> after. Your instructions worked perfectly. I don't think I would
> have figured that out on my own. (I very nearly removed TSC 6.0.)
>
> The only caveat was that I had to temporarily disabled the "Local
> Computer Policy > Computer Configuration > Administrative Templates >
> Windows Components > Terminal Services > Client > Do not allow
> passwords to be saved" setting on the client. (Otherwise, no "Save
> password" option appears at all.)
>
> Thanks again.
Back to top
trev
External


Since: Dec 04, 2006
Posts: 10



PostPosted: Wed Dec 06, 2006 1:47 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Sorry--I've been playing with so many settings I can't keep track of
them all.

I've noticed that enabling the "require FIPS" setting in either one of
my two clients prevents me from being able to connect to the other.
Weird, given they're both XP systems. (I know I probably don't need
hardcore 3-DES but hey...)

TP wrote:

> You are welcome. Thank you for posting your
> results.
>
> I did not think to have you disable the policy setting
> because you mentioned in an earlier post that you
> had set it to Not Configured.
>
> -TP
>
> trev wrote:
>> Thank you! Your guess was a good onee; it was "option 2" that I was
>> after. Your instructions worked perfectly. I don't think I would
>> have figured that out on my own. (I very nearly removed TSC 6.0.)
>>
>> The only caveat was that I had to temporarily disabled the "Local
>> Computer Policy > Computer Configuration > Administrative Templates >
>> Windows Components > Terminal Services > Client > Do not allow
>> passwords to be saved" setting on the client. (Otherwise, no "Save
>> password" option appears at all.)
>>
>> Thanks again.
Back to top
TP
External


Since: Apr 15, 2005
Posts: 23



PostPosted: Wed Dec 06, 2006 11:38 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Windows XP does not support FIPS encryption for *incoming*
Remote Desktop connections.

So, when you require FIPS the Remote Desktop Client will
only connect if it can successfully negotiate FIPS encryption with
the destination machine. It can't, because in your case the
destination machine is XP.

-TP

trev wrote:
> Sorry--I've been playing with so many settings I can't keep track of
> them all.
>
> I've noticed that enabling the "require FIPS" setting in either one of
> my two clients prevents me from being able to connect to the other.
> Weird, given they're both XP systems. (I know I probably don't need
> hardcore 3-DES but hey...)
>
Back to top
dwgeis
External


Since: Dec 06, 2006
Posts: 1



PostPosted: Wed Dec 06, 2006 12:01 pm    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

TP, I have a question about the saved credentials. The credentials
seem to be saved by *machine* not by RDP file.

In other words, if I want to create two RDP files to connect to the
same machine with two different sets of credentials it does not work.
Every time I changed the saved credentials in the one RDP file, it
changes them in the other file. This used to work. What am I doing
wrong?

TP wrote:
> The new client can give roughly the same auth behavior as
> the old client, it just works a little different on the front
> end. You do not need the enablecredsspsupport option
> that I discussed in a prior post:
>
> http://groups.google.com/group/microsoft.public.windows.terminal_services/browse_frm/thread/7048672478cf3141/
>
> I recommended that option because the poster specifically
> asked for the old behavior and because he is using the
> Novell client.
>
> What behavior would you prefer, exactly?
>
> When you run "mstsc [filename].rdp", would you like it to:
>
> 1.) Connect and log you in to your XP Pro machine, without
> prompting for username/password at all?
>
> 2.) Connect to your XP Pro machine, but stop at the Log On
> to Windows prompt, with your user name pre-filled and
> the password box blank?
>
> 3.) Another option?
>
> I am guessing you want option 2 above, please correct me if
> I am wrong. Remove the enablecredsspsupport that you
> added before.
>
> In order to do this, you need to open up the client (manually, not
> specifiying .rdp file) and connect to your XP Pro machine using
> the same computer name stored in your .rdp file. When
> prompted for your credentials, enter them exactly as you would
> if you were entering them on your XP Pro machine, and check
> the save password box.
>
> After you have successfully connected, disconnect from
> your XP Pro machine. Open up the client again, make sure
> the computer name is still set to your XP Pro machine as used
> above, and then click the edit credentials hyperlink. The
> credentials screen should have your username as entered
> above, with the password box blank. Click the OK button
> to save your credentials, do *not* enter a password in the box.
>
> Uncheck "Always ask for credentials". Optionally set all of your
> connection preferences and then click the Save As button to
> make a fresh .rdp file for this connection.
>
> Click the Connect button. This time it should connect to your XP
> Pro machine, but stop at the Log On to Windows screen with
> the user name field pre-filled and the password blank. You
> should have the same behavior if you use the rdp file as well.
>
> Username and password are no longer stored in the .rdp
> file.
>
> Please let me know if you have any questions.
>
> -TP
>
> trev wrote:
> > I just installed TSC 6.0 on my WinXP Pro and WinXP MCE systems. I use
> > the MCE system to connect to the Pro system via RDP.
> >
> > So far, all I've noticed in TSC 6.0 are new annoyances. For example,
> > I have always used RDP by running the command line "mstsc.exe [file
> > name].rdp". This always used to make the connection, and then go
> > right to a "Log On to Windows" dialog. But with TSC 6.0, I always
> > get a "Remote Desktop Connection" dialog first, and then still have
> > to enter the (same) credentials again on the "Log On to Windows"
> > dialog. What is the point to the "Remote Desktop Connection" dialog?
> >
> > Also, on the "Remote Desktop Connection" dialog: Sometimes, the user
> > name is pre-filled as simply "User". Other times, it shows up as
> > "x.x.x.x\User", where x.x.x.x is the IP address. Still other times,
> > it appears as "User@x.x.x.x". This last case is especially
> > irritating, because the "User@x.x.x.x" carries over onto the "Log On
> > to Windows" dialog, where it causes authentication failure. So,
> > whenever this happens (which seems to be randomly, but often), I have
> > to manually edit the user name field on the "Log On to Windows"
> > dialog, changing it from "User@x.x.x.x" to "User". Annoying. Very.
> >
> > Any info would be appreciated.
Back to top
TP
External


Since: Apr 15, 2005
Posts: 23



PostPosted: Wed Dec 06, 2006 3:47 pm    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

You are not doing anything wrong. I am drafting a response
to Rob Leitman regarding a different issue where I plan to
bring this up. The credentials are stored on a per-name
basis, and not only that they do not take into account custom
ports.

So, for example, you can have several TS servers/XP Pro
machines addressable through one ip address, like so:

ts.contoso.com
ts.contoso.com:6000
ts.contoso.com:6001
ts.contoso.com:6002

Each one is a unique machine, and as such the client should
allow you to save a set of credentials for each. Instead it only
allows *one* set of credentials, because they all have the
same name: ts.contoso.com.

Credentials are not stored in the rdp file any more. Of course
it would be possible for MS to modify the client so that it
could store a unique credential set for each unique rdp file.

You can run the 5.2.3790.x client version alongside the 6.x
version if you want without problems. The new version will
use credentials that were stored in the .rdp file by the old
version.

Keep in mind that the primary reason the new client exists
is to allow you to use the new features when connecting to
Vista and Longhorn server. It is an optional update.

Also, saving credentials in a text file is not considered
secure, even though the password is encrypted. Even the
new method of storing them is a security risk and there is
a Group Policy to disable the feature.

-TP

wrote:
> TP, I have a question about the saved credentials. The credentials
> seem to be saved by *machine* not by RDP file.
>
> In other words, if I want to create two RDP files to connect to the
> same machine with two different sets of credentials it does not work.
> Every time I changed the saved credentials in the one RDP file, it
> changes them in the other file. This used to work. What am I doing
> wrong?
Back to top
bjdraw
External


Since: Dec 14, 2006
Posts: 1



PostPosted: Fri Dec 15, 2006 12:02 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Thanks for the tips, I have another question.

The problem we are having is that the username that is being cached is
not correct.

The first time I login to ts.mydomain.com I use
username
password

The next time I login it cached
ts.mydomain.com\username

The correct username would be
mydomain.com\username

This is annoying and worst of all users don't know what is wrong.

Is there a way to make the machine cache the correct username?

Thanks
Ben
TP wrote:
> You are not doing anything wrong. I am drafting a response
> to Rob Leitman regarding a different issue where I plan to
> bring this up. The credentials are stored on a per-name
> basis, and not only that they do not take into account custom
> ports.
>
> So, for example, you can have several TS servers/XP Pro
> machines addressable through one ip address, like so:
>
> ts.contoso.com
> ts.contoso.com:6000
> ts.contoso.com:6001
> ts.contoso.com:6002
>
> Each one is a unique machine, and as such the client should
> allow you to save a set of credentials for each. Instead it only
> allows *one* set of credentials, because they all have the
> same name: ts.contoso.com.
>
> Credentials are not stored in the rdp file any more. Of course
> it would be possible for MS to modify the client so that it
> could store a unique credential set for each unique rdp file.
>
> You can run the 5.2.3790.x client version alongside the 6.x
> version if you want without problems. The new version will
> use credentials that were stored in the .rdp file by the old
> version.
>
> Keep in mind that the primary reason the new client exists
> is to allow you to use the new features when connecting to
> Vista and Longhorn server. It is an optional update.
>
> Also, saving credentials in a text file is not considered
> secure, even though the password is encrypted. Even the
> new method of storing them is a security risk and there is
> a Group Policy to disable the feature.
>
> -TP
>
> wrote:
> > TP, I have a question about the saved credentials. The credentials
> > seem to be saved by *machine* not by RDP file.
> >
> > In other words, if I want to create two RDP files to connect to the
> > same machine with two different sets of credentials it does not work.
> > Every time I changed the saved credentials in the one RDP file, it
> > changes them in the other file. This used to work. What am I doing
> > wrong?
Back to top
TP
External


Since: Apr 15, 2005
Posts: 23



PostPosted: Wed Dec 20, 2006 5:25 am    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

There is a bug in the UsernameHint functionality of the new
client. UsernameHint pre-fills the user name field when
the client prompts the user for credentials in the case
where no previously-saved credentials exist for the server
name specified.

This bug will cause an incorrect value to be pre-filled in
the user name field when connecting to a legacy server
(2003, XP, 2000, etc.). If the user does not manually
correct the user name, then the incorrect value will be
sent to the server.

You can work around the bug by having your users
save credentials when connecting. They don't have to
save both user name and password, simply saving their
username with an empty password is enough. Then
make sure that "Always ask for credentials" is
unchecked so that they will not be prompted each
time.

Naturally, if they save a blank password they will have
to enter their password at the server logon screen.

Another work around is to "break" the UsernameHint
capability by denying permissions on its registry
key. The key is for each user:

HKCU\Software\Microsoft\Terminal Server Client\UsernameHint

Set the permissions to Deny Full Control for each user.

-TP

wrote:
> Thanks for the tips, I have another question.
>
> The problem we are having is that the username that is being cached is
> not correct.
>
> The first time I login to ts.mydomain.com I use
> username
> password
>
> The next time I login it cached
> ts.mydomain.com\username
>
> The correct username would be
> mydomain.com\username
>
> This is annoying and worst of all users don't know what is wrong.
>
> Is there a way to make the machine cache the correct username?
>
> Thanks
> Ben
Back to top
dreesi



Joined: Sep 23, 2008
Posts: 1



PostPosted: Tue Sep 23, 2008 4:16 pm    Post subject: Re: Terminal Services Client 6.0 Authentication [Login to view extended thread Info.]

TP,

do you know where RDP 6.0 saves the credentials, in particular the password?

I found the usernames under

HKCU\Software\Microsoft\Terminal Server Client\Servers\

Is the rest also saved in the registry or in a file somewhere?

Thanks,

Dreesi
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Work Remotely All times are: Eastern Time (US & Canada)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum