AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Windows terminal services 201611/8/2022 ![]()
DomainName – the domain portion of the credentials you are caching for auto-login.RDSHostName – the name of the terminal server to make these changes on.Once you run the batch file above on a target session host, you then run the following Powershell script to set (cache) specific auto-login credentials, as well as set the initial program (and its working directory) which starts immediately after connecting to the terminal server. REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f Here are those three changes, which I placed into a batch file I called “disablenla.bat.” DisableNLA.bat REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritAutoLogon /t REG_DWORD /d 0 /f The first step involved is to change a few registry settings to disable NLA, downgrade the SecurityLayer to RDP authentication, and also to permit the Powershell script to place the server into auto-login mode. For Internet connected Remote Desktop Servers, use RemoteApp with individual user authentication and NLA enabled to serve up apps to users. This severely weakens the security of the terminal server. As part of this process, you disable NLA (Network Level Authentication) and you cache login credentials on the server. #WINDOWS TERMINAL SERVICES 2016 ZIP FILE#Here are the steps I took, and I’ve bundled both the batch file and the PowerShell script in a downloadable zip file below.įirst, a big disclaimer: You should only use these techniques on internal, non-Internet connected terminal servers to run a Kiosk-style system. Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this solution.It used to be a lot easier to create an automatic, cached Kiosk-style RDP login in Server 2008 The Solution: Registry Tweaks and Powershell WMI CallsĪfter doing some research, I determined that it was possible to replicate this behavior on Windows Server 2012 and later, but that it required both some registry tweaks and some specific WMI calls via Powershell in a specific order. Close the Registry Editor and restart the RDS Server. Right click at "L$RTMTIMEBOMB…" value and select Delete.ħ. Change the permissions to Full Control and click OK.Ħ. Select the Administrators object and click Edit.ĥ. Right click at the 'GracePeriod' key and select Permissions.Ĥ. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriodĢ.Open the Registry Editor and navigate at the following key: To extend the 120 days Grace Period on RDS Licensing Server:ġ. ![]() If you want the want to use the RDS Server on a production environment then proceed and buy RD CALs. * Important: Apply the instructions below, only if you 're using the RDS Server 2016 on a testing environment. ![]() #WINDOWS TERMINAL SERVICES 2016 HOW TO#How to Reset RDS Licensing Grace Period on Server 2012 or 2016. #WINDOWS TERMINAL SERVICES 2016 INSTALL#As you may know when you install the RDS Server 2016 you have 120 days to install the RD client access licenses (RD CALs), otherwise users will no longer be able to establish RDP sessions on the RD Session Host server, with error "The remote desktop session was disconnected because there are no Remote Desktop License servers available to provide a license". If you have installed an RDS Server 2016 for testing purposes and the RDS licensing grace period has expired, then continue reading below to learn how to reset the 120 days grace period. ![]()
0 Comments
Read More
Leave a Reply. |