Solved

2008 R2 RDP Password Prompt - iPad App

Posted on 2014-03-04
4
606 Views
Last Modified: 2014-05-23
Hi,

I have a terminal server setup behind a RD Gateway instance and all is working normally with one exception.  Thru group policy I have "Always prompt for password on connection set". This option works perfectly well from any PC on the LAN or thru the RD Gateway.  My issue happens when a user is setup on their iPad using the MS Remote Desktop Connection app.  When the user creates a connection and saves the password, they are then able to connect without the prompt to enter their password.  This present a security flaw as users are allowed to use their own personal devices so we cannot enforce a screen pin unless they setup email.  I have looked at various settings to try and force the prompt and or prevent the pass thru from RD Gateway to the RD server but no success yet.
0
Comment
Question by:Minot
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:serialband
ID: 39904352
There isn't a way that I know of on the new iPad & OSX RDP client.  It's quite an obnoxious thing they've done.  You might be able to ask Microsoft to change the program so that it doesn't do it that way on the iPad.  Other than that, I don't know if there's anything you can do to block it on the iPad itself.

Maybe change the client to the free 2X Client instead and tell them not to use the Microsoft RDC.
0
 

Author Comment

by:Minot
ID: 39905183
I guess a fundamental question for someone is why does the reg key on the server side fPromptForPassword only work on Windows Clients?  It would seem that if there is a server setting it should apply no matter what client is making the connection. I do agree that this is obnoxious and worse, it really becomes a compliance issue.  With this flaw rdgateway and rdp itself (on the lan) is really unacceptable in the eyes almost any audit if there is no way to enforce being prompted for a password.  MS needs to fix this, now if we can only get their attention.
0
 
LVL 29

Accepted Solution

by:
serialband earned 500 total points
ID: 39905245
I believe that Microsoft programmed it to save the password.  It must be saved either as plain text or, if encrypted, it's reversible.  I used it once to connect to one Server 2012 VM from a Mac, because CoRD and the old Microsoft RDC wouldn't work.  I normally use CoRD and it doesn't save passwords.  The old Mircrosoft RDP doesn't save passords unless you hard code it in the preferences, but the new one basically forces it.  I can't leave it blank to have it prompt me.  I have to delete the entry to have it clear my password from the cache.  It's their broken programming, probably done by some fresh out of college intern.
0
 

Author Closing Comment

by:Minot
ID: 40087148
No solutions have been found, I agree that the programming is suspect at best.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question