RDS on server 2016 and getting rid of the domain\

I have a server 2016 RDS deployment and it has one published app on it.  When my users log in, they are required to enter domain\username and I need to get rid of this.  I've seen several fixes on the internet but none of them are working for me for some reason.  

Does anyone know how to get rid of this so users can log in with just their username?  

This is RDS on server 2016.

Thanks

Cliff
crp0499CEOAsked:
Who is Participating?
 
Cliff GaliherCommented:
There is no way to get rid of this.  You can configure single sign-on if the user is signing in from a domain joined machine. But for BYOD, workgroup, or non SSO scenarios, the domain simply cannot be assumed. RDS has no capacity for this.
0
 
Cliff GaliherCommented:
That *only* removes the requirement from the web access page in the browser (and is basically prefilling it where IIS can manipulate the data.)  It will not remove it from any prompts in any of the RD clients, as those are outside of RDWA.  IIS can't adjust them, and there is no good process to do so in-line since the traffic is encrypted.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
crp0499CEOAuthor Commented:
Thank you, from one Cliff to another.
0
 
McKnifeCommented:
@author: can you explain again? You have published a remote app and you want single sign on with it? And your users are connecting from domain joined machines or not?
0
 
crp0499CEOAuthor Commented:
No.  None of the machines will be domain joined.  the app I publish is used by different agencies all across the US.  They just need to hit the published app and will be coming from workgroup machines, machines on different domains, notebooks in star bucks, etc.  BUT, EVERY username they use is a user in the domain that hosts the app.  So, the server is in my domain.local and every username that my end users use are users in the domain.
0
 
McKnifeCommented:
I never connected to a remoteapp from a non-domain-joined machine, but I can test that tomorrow, just to make sure there is really no way to save credentials.
0
 
crp0499CEOAuthor Commented:
I'd be curious to know what you find.  I get a LOT of "it can't be done"
0
 
Cliff GaliherCommented:
@McKnife: maybe I misunderstood the OP, but saving credentials isn't the goal. The goal is to eliminate the DOMAIN\ part of the DOMAIN\USERNAME login format when logging in.
0
 
crp0499CEOAuthor Commented:
that's correct Cliff.  I'd like the to log in with just their username and NOT have to pre-pend it with domain\
0
 
McKnifeCommented:
Ok, and why not save credentials?
0
 
crp0499CEOAuthor Commented:
i suppose saving creds is fine.  type in the domain\username and password once and not have to type it in again.
0
 
McKnifeCommented:
Do a normal mstsc based connection to your server and save credentials. Log off and then use the remoteapp.
0
 
crp0499CEOAuthor Commented:
i can't do that for 455 users spread out all across the US.
0
 
McKnifeCommented:
But they can. You offer them an instructions-2-liner e-mail with one screenshot, best effort. If they don't take that offer, well.
0
 
crp0499CEOAuthor Commented:
Yeah, that won't fly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.