Single sign-on is an authentication method that allows users with a domain account to log on once to a client computer by using a password, and then gain access to remote servers without being asked for their credentials again.

Note

This topic only covers single sign-on authentication from the Remote Desktop Connection client to an RD Session Host server. In Windows Server 2008 R2, you can enable single sign-on between Remote Desktop Web Access (RD Web Access) and RD Session Host as well. For more information about single sign-on with RD Web Access, see http://go.microsoft.com/fwlink/?LinkId=137334.

To implement single sign-on functionality in Remote Desktop Services, ensure that you meet the following requirements:

To configure the recommended settings for your RD Session Host server, complete the following steps:

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To configure authentication on the RD Session Host server
  1. Open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.

  2. Under Connections, right-click the appropriate connection (for example, RDP-Tcp), and then click Properties.

  3. In the Properties dialog box, on the General tab, verify that the Security Layer value is set to either Negotiate or SSL (TLS 1.0).

  4. On the Log on Settings tab, ensure that the Always prompt for password check box is not selected, and then click OK.

After you configure authentication on the RD Session Host server, you must allow default credential usage on the RD Session Host server by using Group Policy. The Group Policy settings can be found in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security and can be configured by using either Local Group Policy Editor or the Group Policy Management Console (GPMC).

For more information about Group Policy settings for Remote Desktop Services, see the Remote Desktop Services Technical Reference (http://go.microsoft.com/fwlink/?LinkId=138134).

For more information about security and Remote Desktop Services, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkID=138055).

Additional references