2008 R2 RDP Password Prompt - iPad App

Minot
Minot used Ask the Experts™
on
Hi,

I have a terminal server setup behind a RD Gateway instance and all is working normally with one exception.  Thru group policy I have "Always prompt for password on connection set". This option works perfectly well from any PC on the LAN or thru the RD Gateway.  My issue happens when a user is setup on their iPad using the MS Remote Desktop Connection app.  When the user creates a connection and saves the password, they are then able to connect without the prompt to enter their password.  This present a security flaw as users are allowed to use their own personal devices so we cannot enforce a screen pin unless they setup email.  I have looked at various settings to try and force the prompt and or prevent the pass thru from RD Gateway to the RD server but no success yet.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
There isn't a way that I know of on the new iPad & OSX RDP client.  It's quite an obnoxious thing they've done.  You might be able to ask Microsoft to change the program so that it doesn't do it that way on the iPad.  Other than that, I don't know if there's anything you can do to block it on the iPad itself.

Maybe change the client to the free 2X Client instead and tell them not to use the Microsoft RDC.

Author

Commented:
I guess a fundamental question for someone is why does the reg key on the server side fPromptForPassword only work on Windows Clients?  It would seem that if there is a server setting it should apply no matter what client is making the connection. I do agree that this is obnoxious and worse, it really becomes a compliance issue.  With this flaw rdgateway and rdp itself (on the lan) is really unacceptable in the eyes almost any audit if there is no way to enforce being prompted for a password.  MS needs to fix this, now if we can only get their attention.
I believe that Microsoft programmed it to save the password.  It must be saved either as plain text or, if encrypted, it's reversible.  I used it once to connect to one Server 2012 VM from a Mac, because CoRD and the old Microsoft RDC wouldn't work.  I normally use CoRD and it doesn't save passwords.  The old Mircrosoft RDP doesn't save passords unless you hard code it in the preferences, but the new one basically forces it.  I can't leave it blank to have it prompt me.  I have to delete the entry to have it clear my password from the cache.  It's their broken programming, probably done by some fresh out of college intern.

Author

Commented:
No solutions have been found, I agree that the programming is suspect at best.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial