Difference between revisions of "OpenTC Development"
(Created page with "==Automatic login== The login screen where the credentials must be entered is a custom made form and is not related to any native Windows Remote Desktop functions.<br> Therefo...") |
|||
| Line 15: | Line 15: | ||
The computernames and gatewaynames must be identical to the ones in the RDP-file, otherwise it will not work.<br> | The computernames and gatewaynames must be identical to the ones in the RDP-file, otherwise it will not work.<br> | ||
| − | When the Remote Desktop connection has been established, it would be ideal to remove the saved credentials as soon as possible. OpenTC is being run under one local user account and therefore shares the same saved credentials database for | + | When the Remote Desktop connection has been established, it would be ideal to remove the saved credentials as soon as possible. OpenTC is being run under one local user account and therefore shares the same saved credentials database for anyone that uses the client computer.<br> |
| − | While | + | While the following has not been reported as a bug in OpenTC, other Remote Desktop portal products who share this same method have incidentally experienced users being suddenly able to login to other users their account. We therefore take precaution and remove the credentials as soon as possible: |
cmdkey.exe /delete:TERMSRV/<computername> | cmdkey.exe /delete:TERMSRV/<computername> | ||
cmdkey.exe /delete:<gatewayname> | cmdkey.exe /delete:<gatewayname> | ||
| Line 28: | Line 28: | ||
And on the host server: | And on the host server: | ||
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > "Always prompt for password upon connection": Not Configured / Disabled | Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > "Always prompt for password upon connection": Not Configured / Disabled | ||
| + | |||
| + | |||
| + | ===Notes=== | ||
| + | It is reported that the following registry value would overwrite the "Allow me to save credentials" option for RDP files: | ||
| + | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] | ||
| + | "fPromptForPassword"=dword:00000000 | ||
Revision as of 23:55, 4 September 2020
Automatic login
The login screen where the credentials must be entered is a custom made form and is not related to any native Windows Remote Desktop functions.
Therefore, the credentials entered in the form must somehow be passed down to establish a Remote Desktop connection without having to fill in it's own credentials form.
There are two ways to do this, one of them is to make your own Remote Desktop client by using some Remote Desktop DLL's inside your project. This option has not been chosen for OpenTC, since in order to make all it's features available you would have to completely rewrite the client like the native one.
The other option is to fool Windows that the user has logged in before and used the "Remember me" option, causing it to automatically login without having to enter any credentials.
Before this can happen the credentials must be loaded into the current user, this can be done by using the built-in application cmdkey
Load credentials
Example on how Remote Desktop credentials would be saved:
cmdkey.exe /add:TERMSRV/<computername> /user:<username> /pass:<password>
It's important that "TERMSRV/" is placed before the computer or farm name, so Windows knows its destined for that connection.
When using a Remote Desktop Gateway (RD Gateway) the credentials must also be loaded separately for it, by using the gateway name;
cmdkey.exe /add:<gatewayname> /user:<username> /pass:<password>
The computernames and gatewaynames must be identical to the ones in the RDP-file, otherwise it will not work.
When the Remote Desktop connection has been established, it would be ideal to remove the saved credentials as soon as possible. OpenTC is being run under one local user account and therefore shares the same saved credentials database for anyone that uses the client computer.
While the following has not been reported as a bug in OpenTC, other Remote Desktop portal products who share this same method have incidentally experienced users being suddenly able to login to other users their account. We therefore take precaution and remove the credentials as soon as possible:
cmdkey.exe /delete:TERMSRV/<computername> cmdkey.exe /delete:<gatewayname>
Requirements
In order for this to work, the RDP-file would need to have the "Allow me to save credentials" option checked, which inside the file would look like this:
prompt for credentials:i:0
Some Group Policies must also be set correctly (by default this is already correct), on the client the following must be set:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client > "Prompt for credentials on the client computer": Not Configured / Disabled
And on the host server:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > "Always prompt for password upon connection": Not Configured / Disabled
Notes
It is reported that the following registry value would overwrite the "Allow me to save credentials" option for RDP files:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] "fPromptForPassword"=dword:00000000
