Always have to double logon with terminal services

Posted on 2009-02-20
Last Modified: 2013-11-29
I'm using Windows Server 2008 and setting up TS for use with a program for a couple users.  I want to have the users type their username/passwords in on their local RDP window rather than seeing the Server 2008 logon screen.  When I go to:
Terminal Services Configuration--> RDP-tcp-->Logon Settings-->
The "always prompt for password" is checked, but greyed out.  I believe this is where my problem is.  No matter what setting I select above, that check box is still greyed out.  I've tried changing settings in gpedit.msc, but to no avail.  I've even moved this server into a "No inheritance" OU and rebooted but this check box is still greyed out.  Any ideas?  Thanks in advanced.
Question by:Unisys1

    Author Comment

    Forgot to add, the original problem is that users are prompted at open of the .rdp file to connect, and once they log onto the server they are prompted for credentials again.
    LVL 13

    Expert Comment

    I think you're right about that checkbox being the problem. After you changed the GPO settings or moved it to the other OU, did you run gpupdate to refresh the policies on the terminal server? Are they running the new remote desktop client or the one that came with XP?

    Another option to work around it is to just have them leave the password blank initially. Then when they're actually connected it will ask for their password and they can log in. I think in this case, since the terminal server is always asking for the password the 2nd time, it never processes the initial login, so leaving the password blank initially should not count as a bad password attempt.

    Author Comment

    Yes, I did run the gpupdate /force after I modified the settings & moved OUs.  We are connecting from XPSP3 so it is RDP 6.1.  

    To answer your second question, yes that would work fine desable local credentials and have the user log on at the Server 2008 Screen, but what I left out was that we would like to use RemoteApp and just have them enter username/password at the small initial screen and then they would never see that 2008 logon screen and it would look truely seemless to the end user.

    I've uninstalled Terminal ervices, modified the gpedit.msc "Prompt for credentials on the Client Computer" to enabled.  Rebooted, and now the check box is unchecked, but still greyed out!   Arrgh...
    Reinstalled TS, and it does prompt for credentials only once, but still greyed out.  Any clues?
    LVL 13

    Accepted Solution

    Grayed out check boxes almost always means either you're not logged in with enough rights to change something or that it is configured by a policy. I'm assuming you're logged in as an admin on the server so it shouldn't be that.

    That still leaves a policy. Run gpedit.msc on the terminal server and see if anything there is configured. It should be under computer settings, administrative templates, windows components, terminal services.

    If that doesn't do it, use the group policy management console and run resultant set of policies for that server and see what policies get applied to it.

    Author Comment

    Wierd wierd wierd.  First of all, thank you CrashDummy.  It doesn't matter how much you believe your settings are right, you should always double check.  Currently the machine is in an OU that blocks GPO inheritance.  I ran gpresult /v and looked through the list and sure enough, the reason my box is greyed out & unchecked is because of a local GPedit.

    Initial Problem --> OU GPO applied
    2nd Problem, after I moved to an ininherited OU, I still had the local "Do not allow passwords to be saved" Policy set to enabled.  

    They are both set to not configured, and my check box is back.  Thanks

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now