RDM Run As Credential & RDP Authentication.
Is it possible to configure a RDP session to use the credential that RDM (Remote Desktop Manager) was run under to auto login to a RDP session?
I’m setting up the Enterprise version of RPM for a large IT department. Since all system administrators have two Active Domain accounts, a standard user for their work desktop (email, web browsing, & etc) and an administrator account for system administration, I want to use the “Run As” or “Run with different credentials” option in the RDM shortcut to allow the administrators to launch RDM using their administrator account. This way when they launch a Windows tool or RDP session from within RDM it uses their administrator account. I have test this and it appears to work for the Windows tools, but I cannot get RDM to pass the “Run As” credentials to the remote login for an RDP (Remote Desktop) session. Our RDM installation uses a MS SQL database for RDM data source. The SQL Server data source is configured for “Integrated Security” which works great with the “Run As” shortcut configuration since only the administrator accounts can access this database. The administrators are prompted for the “Run AS” credentials, once entered correctly RDM runs with no further login prompts. If the RDP sessions could auto login using the “Run AS” credential this would make work life a lot easier for the administrators since they would only need to login once for Windows related administration.
edited by Kattywumpus on 8/1/2012
edited by Kattywumpus on 8/1/2012
All Comments (8)
I think that you will need to configure the "User Specific Setting" for both users. Have you tried that?
David Hervieux
Sorry I don't understand you reply. I trying to delivery a predefined list of RDP sessions for all our administrators, but for security reason each Windows administrator must use his or her's administrator account. Since we have over 300 windows servers we would prefer not to have each administrator define a session specific credential for each RDP sessions. Passing the "Runs As" credentials would greatly reduce RDM administration. Maybe using a predefined credential entry is the solution and I just don't fully understand how RDM Credentials entry function for a large environment But it appears to me even if the an RDM Credential entry was the solution this would still be more administration then using the "Run As" credentials but less the defining a session specific credentials for each RDP session.
edited by Kattywumpus on 8/2/2012
Could you send me a print screen because I'm not sure what you mean by the run as? Do you mean when you start RDM?
David Hervieux
The problem with that is that RDM don't know the credentials related to the user. Windows does not allow the application to retrieve the password so we can't send it to the session.
David Hervieux
When you click the shortcut to run Remote Desktop Manager this dialog windows will display before executing the command to load RDM. If you decide to run RDM with the current user I have found you need to uncheck "Protect my computer and data from unauthorized program activity" to allow RDM to run. Normally I select "The following user:" and enter my domain administrator account since my current user is just a basic domain user account. 
Ok, then if RDM can't use the "run as" account for auto RDP login then what would you recommend for a RDP session configure be considering we have over 300 servers and a IT staff of over 200 people that will all need varying level of access to different servers. Many only need RDP access to 2 or 3 servers, but Windows administrators will need RDP access to all servers. I need to configure RDM in a way that minimize administration. Maybe I missed it, but I guess what I need is a white paper on configure RDM for the enterprise. Like a best practices white paper.
edited by Kattywumpus on 8/3/2012
I think that you could do this
1. create one credential entry named "Run As Administrator". Don't enter any credentials into this entry.
2. Link this session to all your RDP entries
3. Use the "Edit User Specific Settings" for each of your admin to enter their own credential. You apply this only on the newly created credential entry.
I hope this help
David Hervieux