Dec 31 2021 07:40 AM
Dec 31 2021 07:40 AM
I'm running different Host-pools for our consultants for connecting to our customers within each host-pool is one Virtual Machine with it's own personal local credentials that no one else needs to know. Because of that i want that particular username/password entered in the RDP-properties, but it keeps returing with logging in with my own azure account.
Below the latest RDP-properties i've tried:
prompt for credentials:i:0;username:s:user;promptcredentialonce:i:0;connect to console:i:1;gatewaycredentialssource:i:2;password 51:b:system.byte;drivestoredirect:s:*;audiomode:i:0;videoplaybackmode:i:1;redirectclipboard:i:1;redirectprinters:i:1;devicestoredirect:s:*;redirectcomports:i:1;redirectsmartcards:i:1;usbdevicestoredirect:s:*;enablecredsspsupport:i:1;use multimon:i:1
I've also tried with the normal Password RDP-propertie, but the RDP-properties keeps adjusting the password without the capital letters (and doesn't work either)
Jan 03 2022 05:15 PM - edited Jan 03 2022 05:18 PM
I believe those credentials, saved into Remote Desktop (especially the password) is saved in the Windows Credential Manager, specific to each user, if you open:
Credential Manager, select Windows Credentials you should be able to see your TERMSRV entries, but it is encrypted on that PC only (unless you exported the backup and imported to another machine as a test).
Saving username and passwords in plain text in an RDP file would be a 'no no', I believe you might be able to save the username, but don't think the password will work.
Depending on the resources you want and for better security and auditability you may be able to use Azure AD Privileged access groups that are delegated to application/host groups: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-featur... allowing your consultants to request access to specific hosts when they need it the most.
Jan 03 2022 11:24 PM
As you can see, i don't save the credentials in plain-text. The password is encrypted so it isn't available for no one. Besides that. That RDP-properties are not offloaded to the personal workstation.
If it's not possible to store those credentials in de Azure Virtual Desktop Host-Pool properties. Then again it isn't possible to enable the option: Save Credentials. The next time i will return to that Virtual Desktop, it askes for credentials again.