Re: saving password in rdp file
- From: "Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 13:56:18 -0800
Why would they need a admin password on the TS???
Why not simply use their existing NT user accounts?
I think that you are creating an administrative nightmare for both
yourself and your users, having to manage both domain and local
accounts, as well as all those rdp files.
Making the rdp-files read-only won't work, because users will be
forced to enter their new password in the rdp file anyway, each
time they have changed their account password (whether it is the
local TS account or the domain account).
Why not use a policy to set the initial program on the TS, instead
of using rdp files?
Computer Configuration - Administrative templates - Windows
Components - Terminal Services
"Start a program on connection"
(also under User Configuration; If both settings are configured,
the Computer Configuration setting overrides.)
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Greg Hubers" <greg.hubers@xxxxxxxxxxxxx> wrote on 21 nov 2006 in
microsoft.public.windows.terminal_services:
Well, on the XP pro machines I have shell version 5.1 (build.
2600) Control version 5.1.2600.2180 and on the win2k pro
machines I have shell version 5.1 (build 2600) Control version
5.1.2600.0 for the rdp client software. I initially tried
storing the .rdp file on the local hard drive and then I tried
storing them on a Win2k Server. Then I tried making them hidden
and read only and adjusting the rights to the .rdp file to
obtain the highest security possible so nothing could use/modify
them except the original client.
All of the scenerios have had the exact same result. They work
fine for 2-3 weeks and then lose the password so the Win2003 TS
prompts them for a login name and password.
If I try to start the connection from a client other than the
machine that created the .rdp file I immediately get prompted to
login from the TS and if I go back to the original client
computer and try the connection the password is gone from the
.rdp file. That is the part that I do understand and is acting
the way it should be I believe. So all the .rdp files were
created from the user's computers. On the local computers we
login to novell and a winNT domain. So I can walk up to any
computer and login to it since my profile comes from the NT
domain. The way I was trying to set up the TS is that I set the
.rdp file to log in to a LOCAL user account on the server. I
created a local user account on the TS for each user and gave
them a strong password. So when they click on the .rdp file it
automatically logs them in locally and not with the NT domain.
I bring their local printers and drives via the .rdp file so
they still have access to the rest of the network that way. It
then fires up the specific program which is the only thing they
see since when they close the program it logs them back out of
the TS. But by doing the local login to the TS I could control
the password so they would not have an admin password to the TS.
They need to run the program that the .rdp assigns unless they
get real fancy and figure out how to change the .rdp file and
remove the program that it is starting. Most here do not know
that. I just don't like giving out an admin password to
everyone who has to run programs off the TS.
"Vera Noest [MVP]" <Vera.Noest@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message
news:Xns98827B2E25853veranoesthemutforsse@xxxxxxxxxxxxxxxx
You can get the version from inside the rdp client.
Click in the small icon at the left hand side of the rdp
client's title bar. In the system menu, click "About" to see
the version.
Where *exactly* are the rdp files stored? What's the search
path to them?
Do the users have roaming profiles?
Can you try if you can reproduce the problem by starting
connections from different workstations, with different OS +
rdp client version?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
"Greg Hubers" <greg.hubers@xxxxxxxxxxxxx> wrote on 20 nov 2006:
Hi Vera,
Yes there are different O/S's and different versions of the
rdp client in use. I'm not sure how to tell the versions of
the rdp client software. The only O/S that I have to load the
client rdp software is on my Win2k boxes, WinXP is built in.
The O/S's are WinXP and Win2k but all the clients are able to
set/save the password. The client computer remains the same,
they don't try to use the .rdp file from a different computer.
It makes sense to me that someone wouldn't be able to fire up
the .rdp file from another computer. But nothing here is
changing on the client side. It just simply works for a while
and then stops working.
It's difficult to troubleshoot as well since I can not
reproduce the
problem. I just have to wait until it decides to loose the
password because I can't figure out what would be doing that.
Could it have anything to do with group policies on the
domain? I am not a domain admin. I simply work in a small
group with a Win2003 server and workstations that are all on
the larger novell/windows network. "Vera Noest [MVP]"
<vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Xns9881DD5564F8Averanoesthemutforsse@xxxxxxxxxxxxxxxx
This behaviour (password works only on same client) is by
design. For security reasons, the password is encrypted in
such a way that only the same user on the same client can
decrypt and use it.
But that doesn't explain your main problem, that the password
in the rdp file works for a couple of weeks and then suddenly
stops working.
The user account is the same, I assume?
Not all versions of the rdp client can save passwords at all.
Are your users using different versions of the rdp client, on
different client OS versions? I haven't tested it, but maybe
their password gets lost when they use an older version on
some machines?
_________________________________________________________
Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Greg Hubers" <greg.hubers@xxxxxxxxxxxxx> wrote on 20 nov
2006 in microsoft.public.windows.terminal_services:
The same type of problem occurs if I copied the .RDP file to
another computer. The password is no longer saved. That is
why I created the .RDP file from the client computers. But
the password only works for a few weeks at most. So it
seems like the .RDP file is not recognizing the client for
some reason after a certain amount of time. I'm not heavily
into how the security works for the whole thing...
"Greg Hubers" <greg.hubers@xxxxxxxxxxxxx> wrote in message
news:4561c9d1$0$61929$815e3792@xxxxxxxxxxxxxxxxx
Hi Vera,
Thanks for the post. Actually this has nothing to do with
changed passwords as far as I can tell. I create an RDP
file from the client machine using a user name and password
that are local to the Win2003 box and save it with the
password saved. The domain selected is the name of the
local TS box. It works great for a few weeks and then out
of the blue it stops working and the RDP file no longer
contains the password and the save password box is
unchecked. I have tried changing the network passwords
(novell and windows) with no effect on the RDP file
working. It still works fine.
I can not figure out why the password dissapears. The
happens with every client O/S and ts client software that I
have tried. The RDP file simply will not hold the password
in it for some reason. To be honest it's a real drag,
because now I have to give all users and administrative
account with a password. So much for trying to be secure
with a microsoft product :(
"Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:Xns987F88236A6F5veranoesthemutforsse@xxxxxxxxxxxxxxxx
This will always happen when users change their password,
because the rdp file still contains the old password.
So after a password change the login box will show up, and
users will have to type in the new password and then save
the new settings, overwriting the old rdp file.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Greg Hubers" <greg.hubers@xxxxxxxxxxxxx> wrote on 18 nov
2006 in microsoft.public.windows.terminal_services:
Oh btw, I forgot to mention...
The clients and the Windows 2003 server box all have a
novell client running.
"Greg Hubers" <greg.hubers@xxxxxxxxxxxxx> wrote in
message news:455e5a9d$0$10306$815e3792@xxxxxxxxxxxxxxxxx
Windows 2003 TS sessions:
When I create an RDP file and have the save password box
checked it works fine for a while but every few weeks it
looses the password and prompts the user to login. I
have been unable to reproduce anything that causes this
problem so I'm not sure what is causing it. I have even
tried making the RDP files read only. I need to have the
clients have their own profiles/user directories but do
not want to have them log in with a user id and
password. I want this to happen automatically via RDP
file. Any idea what is causing the RDP files to lose
the password? The clients are using Win2000 Pro and
WinXP Pro.
- Follow-Ups:
- Re: saving password in rdp file
- From: Greg Hubers
- Re: saving password in rdp file
- References:
- saving password in rdp file
- From: Greg Hubers
- Re: saving password in rdp file
- From: Greg Hubers
- Re: saving password in rdp file
- From: Vera Noest [MVP]
- Re: saving password in rdp file
- From: Greg Hubers
- Re: saving password in rdp file
- From: Greg Hubers
- Re: saving password in rdp file
- From: Vera Noest [MVP]
- Re: saving password in rdp file
- From: Greg Hubers
- Re: saving password in rdp file
- From: Vera Noest [MVP]
- Re: saving password in rdp file
- From: Greg Hubers
- saving password in rdp file
- Prev by Date: RE: Restrict User to One Session ONLY
- Next by Date: Re: Is this true?
- Previous by thread: Re: saving password in rdp file
- Next by thread: Re: saving password in rdp file
- Index(es):
Relevant Pages
|
Loading
