For users to connect to internal network resources (computers) through RD Gateway, two levels of authentication are required. The first level of authentication must occur successfully for users to connect to the RD Gateway server. The second level of authentication must occur successfully for users to connect to remote computers (internal network computers). For each level of authentication, users are prompted for credentials, unless one or more of the following credentials are available to the users:

Note

Credential sharing is available with the Remote Desktop Connection (RDC) 6.1 client. RDC 6.1 supports Remote Desktop Protocol  6.1.

When credential sharing is enabled, users can enter the same set of credentials for authenticating to both the RD Gateway server and the remote computer. In this case, the user is prompted to provide credentials only once.

By default, credential sharing is enabled for RD Gateway, but you can disable credential sharing if the security policies of your organization require that you do so. You can enable or disable credential sharing in either of the following two ways:

If credential sharing is enabled, when users attempt to connect to a computer through RD Gateway, a Windows Security dialog box appears that prompts users once for credentials and informs them that the credentials that they provide will be used to connect to both the RD Gateway server and the remote computer (the internal network computer). The names of both computers are noted in the Windows Security dialog box.

The Windows Security dialog box also includes the Remember my credentials check box. If users select this check box after they supply their credentials, their credentials will be saved both for the RD Gateway server and the remote computer. The same credentials will be used in subsequent connections to the same RD Gateway server and remote computer.

Important
  • The Remember my credentials setting is ignored in either of the following cases: if users have already saved their credentials, or if the Group Policy setting to allow users to specify their locally logged-on credentials for RD Gateway is enabled.
  • When users have saved their credentials, during their next connection attempt to the same RD Gateway server and remote computer, a message will appear in the RD Gateway Server Settings dialog box on the client stating that the saved credentials will be used to connect to the RD Gateway server. Users can edit or delete these credentials. (To open the RD Gateway Server Settings dialog box, on the client computer, in the Remote Desktop Connection dialog box, click Options, and then on the Advanced tab, in the Connect from anywhere area, click Settings.)
  • If you have enabled the Group Policy setting to allow users to specify their locally-logged on credentials for RD Gateway, when the user attempts the connection, a message will appear in the RD Gateway Server Settings dialog box that states that the credentials of the currently logged on user will be used to connect to the RD Gateway server. For information about how to enable the Group Policy setting to allow the use of locally-logged on credentials for RD Gateway, see Set the Remote Desktop Gateway Server Authentication Method.

Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure.

To edit client settings to enable or disable credential sharing
  1. Open the Remote Desktop Connection client. To open the Remote Desktop Connection client, click Start, point to All Programs, point to Accessories, and then click Remote Desktop Connection.

  2. In the Remote Desktop Connection dialog box, click Options to expand the dialog box and view settings.

  3. On the Advanced tab, in the Connect from anywhere area, click Settings.

  4. In the RD Gateway Server Settings dialog box, in the Logon settings area, select the Use my RD Gateway credentials for the remote computer check box.

  5. Verify and configure additional client connection settings for RD Gateway as needed, and then click OK to close the dialog box. For information about how to configure additional client settings, see Configure Remote Desktop Connection Settings for Remote Desktop Gateway.

  6. Do one of the following:

    • To save the settings and close the Remote Desktop Connection dialog box, on the General tab, click Save, and then click Cancel. The settings will be saved as an RDP file to a default location (by default, the file is saved to Drive:\<Username>\Documents).

    • To save the RDP file to a specified location (you can customize and distribute the file later to multiple clients as needed), click Save As. In the Save As dialog box, in the File name box, specify the file name and location, and then click Save.

  7. To proceed with a connection to an internal network resource, on the General tab, configure the settings under Logon settings as needed, click Save, click Connect, and then enter your credentials when prompted.

Alternatively, as mentioned, you can edit settings directly in the RDP file.

To edit an RDP file to enable or disable credential sharing
  1. Open the RDP file that you want to edit by using a text editor, such as Notepad.

  2. Do one of the following:

    • To disable credential sharing, add the following line (or ensure that any existing PromptCredentialOnce:i line appears as follows): PromptCredentialOnce:i:0

    • To re-enable credential sharing, edit the PromptCredentialOnce:i line so that it appears as follows: PromptCredentialOnce:i:1

  3. Save and then close the file.