![]() ![]() Configure Internet Explorer Integrations = Internet Explorer Mode.In order for all the client computers to be able to open RDWeb in compatibility mode, you will need to install the MS Edge Administrative Templates GPO and configure policy settings under Computer Configuration -> Administrative Templates -> Microsoft: You must open this URL in Microsoft Edge in compatibility mode to use RD Web with SSO (Edge won’t run Active-X components without compatibility mode). On modern versions of Windows, Internet Explorer is disabled by default and you will need to use Microsoft Edge instead. To use Web SSO on RD Web Access, please note that it is recommended to use Internet Explorer with enabled Active X component named Microsoft Remote Desktop Services Web Access Control (MsRdpClientShell, MsRdpWebAccess.dll). To use the RD Gateway with SSO, enable the policy Set RD Gateway Authentication Method User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> RD Gateway) and set its value to Use Locally Logged-On Credentials. Now, when you start a RemoteApp or connect directly to a Remote Desktop Services host, you will not be prompted for your password. Your Windows logon credentials will be used to connect. The UserName field automatically displays your name in the format : Then navigate to the Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client and disable the policy Prompt for credentials on the client computer.Īfter updating the Group Policy settings on the client, open the mstsc.exe (Remote Desktop Connection) client and specify the FQDN of the RDS host. Select ‘ Automatic logon with current username and password’ from the dropdown list. Next, you need to enable the Logon options policy under User/Computer Configuration -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security -> Trusted Sites Zone. Specify the FQDN of the RD Connection Broker hostname and set Zone 2 (Trusted sites).Enable the policy Site to Zone Assignment List.Go to the GPO section User/Computer Configuration -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page. ![]() Then, to prevent a window warning that the remote application publisher is untrusted, add the address of the server running the RD Connection Broker role to the trusted zone on the client computers using the policy “ Site to Zone Assignment List” (similar to the article How to disable Open File security warning on Windows 10): ![]() If the NTLM authentication protocol is not disabled in the domain, you must configure the Allow delegation default credentials with NTLM-only server authentication policy in the same way. The above policy will work if you are using Kerberos authentication. This is outside the scope of this article (you can generate a self-signed SSL certificate yourself, but you will have to deploy it to the trusted cert on all clients using the group policy). The procedure for obtaining an SSL certificate for RDS deployment is not covered. The certificate’s Enhanced Key Usage (EKU) must contain the Server Authentication identifier. rdp publishers using GPO.Įnable SSO Authentication on RDS Host with Windows Server 2022/2019/2016įirst, you need to issue and assign an SSL certificate to your RDS deployment.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |