Using Dynamic Local User Policy in Windows Server 2008 R2 Remote Desktop Session Host

0 Likes

Written by: Venkata Kumar Gorantla, Hannatti Sanjeevkumar, Sambit Dash

Reviewed by: Anju Dagliya



Note: The Remote Desktop Session Host on a Windows Server 2008 R2 device is the same as Terminal Server on a Windows Server 2003 device.



If you launch a remote desktop session from a Windows Vista or a Windows 7 Device to a Windows Server 2008 R2 device, you are prompted to specify the Windows credentials. This is because the Network Level Authentication feature of the RDC client 6.1 or higher requires Windows user credentials to be specified before the remote desktop session is launched. However, the Windows credentials are not available at this point of time for Dynamic Local Users.



The goal of this article is to enable the Dynamic Local Users to log into the Windows Server 2008 R2 Remote Desktop Session Host.



Prerequisite




  1. Ensure that Remote Desktop services are installed on the Windows Server 2008 R2 device.

  • A Dynamic Local User Policy that has Use user source credentials and Manage existing user account (if any) options enabled is already created.



Method 1



Steps:



  1. On the Windows Server 2008 R2 device, create local user account for all the existing eDirectory users. The account must be created with the same name as the eDirectory username and the User must change password at next logon option selected.

  • Make each of the users a member of Remote Desktop Users.

  • Do the following, to change the Windows password to match with Novell Client password:

    1. Right-click Novell Client.

  • Click Novell Client Properties.

  • Click Advanced Login and set the Show login Windows Password Synchronization setting On.


  • Perform the following steps to enable the TSAUTOADMIN logon policy on the device:

    1. Open the registry editor.

  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login and add the following:

    Value Type=REG_SZ, Name=TSClientAutoAdminLogon, Data=1

    Value Type=REG_SZ, Name=DefaultLoginProfile, Data= Default

  • Close the registry editor.


  • From a Windows Vista or Windows 7 device, launch a Remote Desktop session to the Windows Server 2008 R2 device and specify the Windows user credentials you created in Step 1.

  • A Novell Client window is displayed. Click Cancel.

  • In the next screen, click Novell Logon.

  • Enter the Novell logon credentials to authenticate to eDirectory.

  • In the Novell Login screen, specify the context and eDirectory server and click Apply.

    The following warning message is displayed:

    The Local Computer username or password is not valid

  • Click OK.

  • Specify the Windows credentials and select the Change your Windows password to match your Novell password after a successful login option.

    The password of the existing user is synchronized with the eDirectory password and the DLU policy settings are applied to the user account.



Method 2



Steps:



  1. On the Windows Server 2008 R2 device, create a user who has the minimum required rights to launch a Remote Desktop session. Communicate these credentials to all the eDirectory users.

  • From a Windows Vista or Windows 7 device, launch a RDP session to the Windows Server 2008 R2 device and specify the user credentials you created in Step 1.

  • A Novell Client window is displayed. Click Cancel.

  • In the next screen, click Novell Logon.

  • Enter the DLU user credentials. On successful login, a DLU user is created.


Note: This method poses a security risk because the credentials of the user account created in step 1 has been communicated to all the eDirectory users.



Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended