Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

2008 R2 RDP Password Prompt - iPad App

Posted on 2014-03-04
4
Medium Priority
?
633 Views
Last Modified: 2014-05-23
Hi,

I have a terminal server setup behind a RD Gateway instance and all is working normally with one exception.  Thru group policy I have "Always prompt for password on connection set". This option works perfectly well from any PC on the LAN or thru the RD Gateway.  My issue happens when a user is setup on their iPad using the MS Remote Desktop Connection app.  When the user creates a connection and saves the password, they are then able to connect without the prompt to enter their password.  This present a security flaw as users are allowed to use their own personal devices so we cannot enforce a screen pin unless they setup email.  I have looked at various settings to try and force the prompt and or prevent the pass thru from RD Gateway to the RD server but no success yet.
0
Comment
Question by:Minot
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:serialband
ID: 39904352
There isn't a way that I know of on the new iPad & OSX RDP client.  It's quite an obnoxious thing they've done.  You might be able to ask Microsoft to change the program so that it doesn't do it that way on the iPad.  Other than that, I don't know if there's anything you can do to block it on the iPad itself.

Maybe change the client to the free 2X Client instead and tell them not to use the Microsoft RDC.
0
 

Author Comment

by:Minot
ID: 39905183
I guess a fundamental question for someone is why does the reg key on the server side fPromptForPassword only work on Windows Clients?  It would seem that if there is a server setting it should apply no matter what client is making the connection. I do agree that this is obnoxious and worse, it really becomes a compliance issue.  With this flaw rdgateway and rdp itself (on the lan) is really unacceptable in the eyes almost any audit if there is no way to enforce being prompted for a password.  MS needs to fix this, now if we can only get their attention.
0
 
LVL 31

Accepted Solution

by:
serialband earned 1500 total points
ID: 39905245
I believe that Microsoft programmed it to save the password.  It must be saved either as plain text or, if encrypted, it's reversible.  I used it once to connect to one Server 2012 VM from a Mac, because CoRD and the old Microsoft RDC wouldn't work.  I normally use CoRD and it doesn't save passwords.  The old Mircrosoft RDP doesn't save passords unless you hard code it in the preferences, but the new one basically forces it.  I can't leave it blank to have it prompt me.  I have to delete the entry to have it clear my password from the cache.  It's their broken programming, probably done by some fresh out of college intern.
0
 

Author Closing Comment

by:Minot
ID: 40087148
No solutions have been found, I agree that the programming is suspect at best.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question