Asked by:
Over riding local machine group policy for remote desktop session user

-
Background :
In a client server system , we use Remote desktop mechanism ( MS RemoteApp) to visualize the Apps launched on the server on the client . Internally application use RDP client “AxMsRdpClient8NotSafeForScripting” to establish a remote session
During installation the application creates a 'Remote session User' and sets a password .While establishing a connection the user and password are set as given below.
msRdpClient8.UserName = User;
msRdpClient8.AdvancedSettings2.ClearTextPassword = Decrypt(password);
//other parameters are set here
msRdpClient8.Connect();Issue
Due to hardening of the system , the security rules applied to remote desktop session has broken the system. The security Policies are applied at the local machine level. Few are 1) Prompt for password 2) Time Limit for active but Idle RD Service Session.
The Actual user of the system is not aware of the remote session password. Till now user is unaware of the mechanism used internally as no password were prompted . Asking password will hinter the seamless integration of the application.Don't want user to see the pop up asking for password.
I am trying to find solution for the blockers . I want to check is one the following is possible
- The Remote desktop policies are applied at the local machine level . Is it possible to set the policy in such a way that it is not applicable to ‘remote session user’ created by the application .While it is Applied to user who connects to the server system using remote desktop from outside ( ex: using mstsc ) .
2) Is it possible to configure the AxMsRdpClient8NotSafeForScripting object in such a way that it will override the local machine level policy .
Thanks for the support
somaraj
Question
All replies
-
Hi Somarajk,
Thanks for your post.
The Remote desktop policies are applied at the local machine level . Is it possible to set the policy in such a way that it is not applicable to ‘remote session user’ created by the application .While it is Applied to user who connects to the server system using remote desktop from outside ( ex: using mstsc ) .
>>>Based on my experience, there is no built-in way to achieve this.
If you want to prevent some users from running some applications, you could configure AppLocker.
2) Is it possible to configure the AxMsRdpClient8NotSafeForScripting object in such a way that it will override the local machine level policy .
>>>I am a little confused by this sentence, would you explain more?
For AxMsRdpClient8NotSafeForScripting, You can do this from the command line or directly in mstsc.exe or from a custom .RDP file.
Programatically, you access a remote desktop server via the Remote Desktop Active X control. The control can be hosted on a Web Site or in an application.For more information, you could refer to the article below.
Using multiple monitors programmatically from an RDP Active X control
Best Regards,
Jay
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
-
Hi Jay ,
thanks for the reply ,
What I meant by
"Is it possible to configure the AxMsRdpClient8NotSafeForScriptingobject in such a way that it will override the local machine level policy ."
Is the following.
The system is hardened as given below .
"HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" fPromptForPassword to 1My question was, is it possible to override this policy by setting some attribute in AxMsRdpClient8NotSafeForScriptingobject .
because we don't want this policy to apply on the remoted desktop connection make from our application to the server.
Thanks
somaraj