For users to connect to internal network resources (computers) through RD Gateway, two levels of authentication are required. The first level of authentication must occur successfully for users to connect to the RD Gateway server. The second level of authentication must occur successfully for users to connect to remote computers (internal network computers). For each level of authentication, users are prompted for credentials, unless one or more of the following credentials are available to the users:
- Locally-logged on credentials
- Saved credentials
- Shared credentials
Credential sharing is available with the Remote Desktop Connection (RDC) 6.1 client. RDC 6.1 supports Remote Desktop Protocol 6.1.
When credential sharing is enabled, users can enter the same set of credentials for authenticating to both the RD Gateway server and the remote computer. In this case, the user is prompted to provide credentials only once.
By default, credential sharing is enabled for RD Gateway, but you can disable credential sharing if the security policies of your organization require that you do so. You can enable or disable credential sharing in either of the following two ways:
- Editing connection settings on the Remote
Desktop Services client (Remote Desktop Connection). On the client,
the credential sharing setting is configured by selecting or
clearing the Use my RD Gateway credentials for the remote
computer check box, as described later in this topic.
- Editing RDP file settings. In the RDP file,
the credential sharing setting is configured by adding or modifying
the PromptCredentialOnce:i line, as described later in this
If credential sharing is enabled, when users attempt to connect to a computer through RD Gateway, a Windows Security dialog box appears that prompts users once for credentials and informs them that the credentials that they provide will be used to connect to both the RD Gateway server and the remote computer (the internal network computer). The names of both computers are noted in the Windows Security dialog box.
The Windows Security dialog box also includes the Remember my credentials check box. If users select this check box after they supply their credentials, their credentials will be saved both for the RD Gateway server and the remote computer. The same credentials will be used in subsequent connections to the same RD Gateway server and remote computer.
Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure.
|To edit client settings to enable or disable credential sharing|
Open the Remote Desktop Connection client. To open the Remote Desktop Connection client, click Start, point to All Programs, point to Accessories, and then click Remote Desktop Connection.
In the Remote Desktop Connection dialog box, click Options to expand the dialog box and view settings.
On the Advanced tab, in the Connect from anywhere area, click Settings.
In the RD Gateway Server Settings dialog box, in the Logon settings area, select the Use my RD Gateway credentials for the remote computer check box.
Verify and configure additional client connection settings for RD Gateway as needed, and then click OK to close the dialog box. For information about how to configure additional client settings, see Configure Remote Desktop Connection Settings for Remote Desktop Gateway.
Do one of the following:
- To save the settings and close the Remote
Desktop Connection dialog box, on the General tab, click
Save, and then click Cancel. The settings will be
saved as an RDP file to a default location (by default, the file is
saved to Drive:\<Username>\Documents).
- To save the RDP file to a specified location
(you can customize and distribute the file later to multiple
clients as needed), click Save As. In the Save As
dialog box, in the File name box, specify the file name and
location, and then click Save.
- To save the settings and close the Remote Desktop Connection dialog box, on the General tab, click Save, and then click Cancel. The settings will be saved as an RDP file to a default location (by default, the file is saved to Drive:\<Username>\Documents).
To proceed with a connection to an internal network resource, on the General tab, configure the settings under Logon settings as needed, click Save, click Connect, and then enter your credentials when prompted.
Alternatively, as mentioned, you can edit settings directly in the RDP file.
|To edit an RDP file to enable or disable credential sharing|
Open the RDP file that you want to edit by using a text editor, such as Notepad.
Do one of the following:
- To disable credential sharing, add the
following line (or ensure that any existing
PromptCredentialOnce:i line appears as follows):
- To re-enable credential sharing, edit the
PromptCredentialOnce:i line so that it appears as follows:
- To disable credential sharing, add the following line (or ensure that any existing PromptCredentialOnce:i line appears as follows): PromptCredentialOnce:i:0
Save and then close the file.