Tuesday, September 14, 2010

Terminal Server - 2008 R2 - Force Domain Login

So you've built your shiny new Windows Server 2008 R2 Terminal Server, virtualised it and it's all going well, except for one thing.

Every time you RDP to it, you get presented with the local login, not the domain login!

(Above: Login screen to the Terminal Server, with a computer name of 'ORION')

So all the users have to type Domain\Username , or username@domain. Which is fine, if they are a little comptuer savvy, however forcing the Terminal Server to logon to the domain first time is much nicer!

So here are the steps to force the RDP session to open with your domain instead of the local machine as the authentication target!

First login to the TS (Terminal Server) with a user with administrative privileges.

Then open Remote Desktop Session Host Configuration:

(Above: Launching the application from the start menu)

Once you're in, navigate to the 'RDP-Tcp' connection, located under connections.

(Above: Remote Desktop Session Host Configuration main screen)

Now right click on RDP-TCP and select properties.

(Above: Right click menu on 'RDP-Tcp')

Once the Properties window comes up, navigate to the "Log on Settings" tab.

(Above: General Tab of RDP-Tcp properties window)

(Above: Log on Settings tab of RDP-Tcp properties window)

This is the page where you can specify your domain, which will force the TS to have "log on to: domain" when the user connects via RDP.

(Above: Filled out Log on Settings tab of RDP-Tcp properties window)

Remember to click 'Always prompt for password' and leave the Username field blank, as this will ensure the user still has to login, while providing the domain for them so they do not have to remember to type it in.

Once that is complete, simply click ok, close all your windows and attempt and RDP session and you should see your domain on the login screen!

(Above: Success! "Log on to: Domain" instead of log on locally!)

And that's it. It just.. works. Well, so I've found at least. :)


Christian Conservative said...

One thing I've noticed however... the system I'm working on then requires a double login. We're using thin clients, and don't want the user to enter credentials on the thin client, and then again on the server, we just want the server. Doing some research, this can be accomplished by adding/changing the RDP file (in notepad) with the following settings:

authentication level:i:0
prompt for credentials:i:0

Anonymous said...

I have been searching for days looking for a solution to the problem you describe here. I did enter the DOMAIN into the Host Server Configuration as you described. I had such high hopes, but my students still get the Log on to: I am so frustrated. Any other ideas?

Jason Christenson said...

Thanks for posting this, it is exactly what I have been trying to accomplish.

Jerome Acosta said...

Are you using NTLM authentication? If so there are client site settings to enable NTLM via RDP connection.
Also SSO via RDS requires RDP client 7.1 and greater.

Jerome Acosta said...