Tuesday, September 14, 2010

Terminal Server - 2008 R2 - Force Domain Login

So you've built your shiny new Windows Server 2008 R2 Terminal Server, virtualised it and it's all going well, except for one thing.

Every time you RDP to it, you get presented with the local login, not the domain login!

(Above: Login screen to the Terminal Server, with a computer name of 'ORION')

So all the users have to type Domain\Username , or username@domain. Which is fine, if they are a little comptuer savvy, however forcing the Terminal Server to logon to the domain first time is much nicer!

So here are the steps to force the RDP session to open with your domain instead of the local machine as the authentication target!

First login to the TS (Terminal Server) with a user with administrative privileges.

Then open Remote Desktop Session Host Configuration:

(Above: Launching the application from the start menu)

Once you're in, navigate to the 'RDP-Tcp' connection, located under connections.

(Above: Remote Desktop Session Host Configuration main screen)

Now right click on RDP-TCP and select properties.

(Above: Right click menu on 'RDP-Tcp')

Once the Properties window comes up, navigate to the "Log on Settings" tab.

(Above: General Tab of RDP-Tcp properties window)

(Above: Log on Settings tab of RDP-Tcp properties window)

This is the page where you can specify your domain, which will force the TS to have "log on to: domain" when the user connects via RDP.

(Above: Filled out Log on Settings tab of RDP-Tcp properties window)

Remember to click 'Always prompt for password' and leave the Username field blank, as this will ensure the user still has to login, while providing the domain for them so they do not have to remember to type it in.

Once that is complete, simply click ok, close all your windows and attempt and RDP session and you should see your domain on the login screen!

(Above: Success! "Log on to: Domain" instead of log on locally!)

And that's it. It just.. works. Well, so I've found at least. :)