Solved

2008 R2 RDP Password Prompt - iPad App

Posted on 2014-03-04
4
613 Views
Last Modified: 2014-05-23
Hi,

I have a terminal server setup behind a RD Gateway instance and all is working normally with one exception.  Thru group policy I have "Always prompt for password on connection set". This option works perfectly well from any PC on the LAN or thru the RD Gateway.  My issue happens when a user is setup on their iPad using the MS Remote Desktop Connection app.  When the user creates a connection and saves the password, they are then able to connect without the prompt to enter their password.  This present a security flaw as users are allowed to use their own personal devices so we cannot enforce a screen pin unless they setup email.  I have looked at various settings to try and force the prompt and or prevent the pass thru from RD Gateway to the RD server but no success yet.
0
Comment
Question by:Minot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:serialband
ID: 39904352
There isn't a way that I know of on the new iPad & OSX RDP client.  It's quite an obnoxious thing they've done.  You might be able to ask Microsoft to change the program so that it doesn't do it that way on the iPad.  Other than that, I don't know if there's anything you can do to block it on the iPad itself.

Maybe change the client to the free 2X Client instead and tell them not to use the Microsoft RDC.
0
 

Author Comment

by:Minot
ID: 39905183
I guess a fundamental question for someone is why does the reg key on the server side fPromptForPassword only work on Windows Clients?  It would seem that if there is a server setting it should apply no matter what client is making the connection. I do agree that this is obnoxious and worse, it really becomes a compliance issue.  With this flaw rdgateway and rdp itself (on the lan) is really unacceptable in the eyes almost any audit if there is no way to enforce being prompted for a password.  MS needs to fix this, now if we can only get their attention.
0
 
LVL 29

Accepted Solution

by:
serialband earned 500 total points
ID: 39905245
I believe that Microsoft programmed it to save the password.  It must be saved either as plain text or, if encrypted, it's reversible.  I used it once to connect to one Server 2012 VM from a Mac, because CoRD and the old Microsoft RDC wouldn't work.  I normally use CoRD and it doesn't save passwords.  The old Mircrosoft RDP doesn't save passords unless you hard code it in the preferences, but the new one basically forces it.  I can't leave it blank to have it prompt me.  I have to delete the entry to have it clear my password from the cache.  It's their broken programming, probably done by some fresh out of college intern.
0
 

Author Closing Comment

by:Minot
ID: 40087148
No solutions have been found, I agree that the programming is suspect at best.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question