[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

Save Remote Desktop Passwords on server drive

Our network consists of roughly 100 machines, all of which we need remote access to occasionally.  We have set up a Remote Destkops folder which contains RDP icons for each PC, saving the username and IP address.  When we attempt to save the passwords in the RDP shortcuts, the passwords are only saved *on the machine that actually saved them*.  If we go to another machine, view the Remote Desktops folder, and Edit the shortcut, the password is not saved.  We can return to the PC that originally saved the password, and it is indeed saved.

Is there any way to save these passwords with the RDP shortcuts so that they're always accessible from any machine on the network?  Security issues aside, for the time being...

Thanks very much!
0
saoirse1916
Asked:
saoirse1916
2 Solutions
 
saoirse1916Author Commented:
P.S. What we are currently assuming is that the answer is no, and that the passwords are just saved in the local machine's password table.
0
 
sirbountyCommented:
Are you saving these to a network share?
0
 
saoirse1916Author Commented:
Yes, the Remote Desktops folder is saved on a network share, access is limited to Domain Admins only.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
sirbountyCommented:
Then you're probably right and the password is stored elsewhere.
Would unassisted remote service work for you?
0
 
saoirse1916Author Commented:
I don't think I've heard of unassisted remote service...  what do you mean by that?
0
 
sirbountyCommented:
Click Start->Run->...and paste the following in the run box:

"hcp://CN=Microsoft Corporation,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm"

It's basically Remote Assistance without the user having to initiate the session - you, as an admin, initiate it by entering their workstation name or IP address.

Of course, you would be using their logon session, not your own RDP session - so you'd be under their credentials and need to use runas to elevate them...
0
 
saoirse1916Author Commented:
Is there anything that needs to be set on the workstations?  I've tried using this on several systems on our network and none seem to work.  I get two different errors: Remote Assistance failed. Please try again - or: Access to the requested resource has been disabled by your administrator.

The latter message I get when I attempt to connect to one of our servers, and I believe we do have remote assistance turned off there, which is OK since that's one password we wouldn't be interested in saving anyway.  But the first error I get on a machine that has remote assistance on, and I still can't get through.
0
 
sirbountyCommented:
Under Computer Properties (Start->Run->sysadm.cpl <Enter>) on the Remote tab, Remote Assistance is checked (and the subsequent "allow this computer to be remote controlled"?

You might check the group policy as well:
http://support.microsoft.com/?id=301527
http://support.microsoft.com/?id=306496
0
 
saoirse1916Author Commented:
Everything looks like it checks out.  The machine that I'm testing this remote connection with is on a different subnet -- i.e. the machine that I'm using as my administrator PC is on a 192.168.0.XXX IP and the one that I'm trying to take over is on 192.168.2.XXX.  Would that have anything to do with it?  The 192.168.2.XXX PC is in a remote location but is connected via a VPN.
0
 
sirbountyCommented:
Hmm - doubtful.  I believe it uses the same port, 3389, for connectivity.
Let me think on this - I use it over VPN with no problem.
0
 
sirbountyCommented:
Any firewall perhaps that might be preventing this?
0
 
saoirse1916Author Commented:
I doubt it -- if it uses the same port as RDP, those connections all work fine.
0
 
sirbountyCommented:
I can't think of what would be preventing it but the message about being disabled your administrator leads me to believe it's a policy.
You could click Start->Run->RSOP.Msc <enter>
to get a list of policies that are applied.  Perhaps something in there will show what it is...?
0
 
saoirse1916Author Commented:
Well, I didn't see much in there that would have anything to do with remote connections...
0
 
sirbountyCommented:
I've asked for some other expert assistance here.  I can't think of what would be blocking it...
0
 
expexchuserCommented:
Ensure the help and support service is enabled and running on both source and destination.
0
 
MichaelMiariCommented:
"Start" - "Run" - "gpedit.msc"
Expand "Local Computer Policy"
"Computer Configuration"
"Administrative Templates"
"System"
"Remote Assistance"  
"Offer Remote Assistance" :
To configure the list of helpers, click Show. This opens a new window where you can enter the names of the helpers. Add each user or group one by one.
When you enter the name of the helper user or user groups, use the following format:  <Domain Name>\<User Name> or  <Domain Name>\<Group Name>  

Then :
Expand "Local Computer Policy"
"Computer Configuration"
"Administrative Templates"
"Network"
"Network Connections"
"Windows Firewall: Define port exceptions”:  135:TCP:*:Enabled: Offer Remote Assistance  
“Windows Firewall: Define program exceptions”:
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance  
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance Windows Messenger and Voice  

For computers running the Windows XP Service Pack 2 (SP2) and Windows XP 64-bit Service Pack 1 (SP1) operating systems
“Windows Firewall: Define program exceptions”:  %WINDIR%\SYSTEM32\Sessmgr.exe:*: Enabled: Remote Assistance  

0
 
sirbountyCommented:
Thanx gang. :^)
0
 
saoirse1916Author Commented:
Wow -- well, that did it, but with 100+ systems it'll be some time before we can make those changes across the board.  Is there a way to do this through Active Directory's group policy so that it will configure this on all machines in the domain?
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now