![]() Select ‘ Automatic logon with current username and password’ from the dropdown list. Next, you need to enable the Logon options policy under User/Computer Configuration -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security -> Trusted Sites Zone. Specify the FQDN of the RD Connection Broker hostname and set Zone 2 (Trusted sites).Enable the policy Site to Zone Assignment List.Go to the GPO section User/Computer Configuration -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page.Then, to prevent a window warning that the remote application publisher is untrusted, add the address of the server running the RD Connection Broker role to the trusted zone on the client computers using the policy “ Site to Zone Assignment List” (similar to the article How to disable Open File security warning on Windows 10): If the NTLM authentication protocol is not disabled in the domain, you must configure the Allow delegation default credentials with NTLM-only server authentication policy in the same way. The above policy will work if you are using Kerberos authentication. This is outside the scope of this article (you can generate a self-signed SSL certificate yourself, but you will have to deploy it to the trusted cert on all clients using the group policy). The procedure for obtaining an SSL certificate for RDS deployment is not covered. ![]() ![]() The certificate’s Enhanced Key Usage (EKU) must contain the Server Authentication identifier. rdp publishers using GPO.Įnable SSO Authentication on RDS Host with Windows Server 2022/2019/2016įirst, you need to issue and assign an SSL certificate to your RDS deployment. Add the RDS certificate thumbprint to the trusted.Configure credential delegation group policy.Web SSO has to be enabled on the RDWeb server.You need to issue and assign an SSL certificate on RD Gateway, RD Web, and RD Connection Broker servers.The single sign-on setup process consists of the following steps: The RDP Security Layer in the connection settings should be set to Negotiate or SSL (TLS 1.0), and the encryption mode to High or FIPS Compliant.SSO works only with password authentication (smart cards are not supported).The RDP 8.0 or later must be used on the RDP clients.SSO works only in the domain environment: Active Directory user accounts must be used, the RDS servers and user’s workstations must be joined to the same AD domain.You can use Windows 11,10,8.1 with Pro/Enterprise editions as client workstations.The Connection Broker server and all RDS hosts must be running Windows Server 2012 or newer.Configure Remote Desktop Single Sign-on on Windows Clients.Enable SSO Authentication on RDS Host with Windows Server 2022/2019/2016.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |