"Do not display last username" with Remote Desktop on Server 2008

  • Thread starter Thread starter Timothy
  • Start date Start date
T

Timothy

Guest
I just deployed my first Server 2008 box in our internal environment for
testing. We do nearly all management via remote desktop. One of our
corporate security policies is to NOT show the last logged on user, to
prevent information disclosure of our admin usernames. We use a GPO in our
domain to control the "Interactive logon: Do not display last username"
setting to set it to ENABLED for all servers. This works on all Server 2003
boxes flawlessly. The Server 2008 box works when you are at the physical
console, but when you remote desktop, you are presented with the "logon
icons" where you can select the last user or "other user." This behavior
violates our corporate security policy.

I double checked the setting by running rsop.msc. The policy is being
applied and is set to "ENABLED." I also checked the Local Security Policy,
which shows it set to enabled as well, and the little "policy" icon is there
to show group policy governs this setting (so it is not changable).

Is there a new setting specific to terminal services? I went to the
Terminal Services administrative template and didn't see anything there that
might be helpful. I also went to the Terminal Services Configuration MMC,
nothing was helpful there either.

I'm thoroughly lost here, because from what I read, all you need to do is
set the "Do not display last user name" and all will be well. But it's not
working.
 
Re: "Do not display last username" with Remote Desktop on Server 2008

Hello Timothy,

If you are fill in the mstsc/remote desktop window the username it will be
automatically saved on the local machine, so make sure that the username
is not set there if you close mstsc/remote desktop. Leave the username field
empty.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I just deployed my first Server 2008 box in our internal environment
> for testing. We do nearly all management via remote desktop. One of
> our corporate security policies is to NOT show the last logged on
> user, to prevent information disclosure of our admin usernames. We
> use a GPO in our domain to control the "Interactive logon: Do not
> display last username" setting to set it to ENABLED for all servers.
> This works on all Server 2003 boxes flawlessly. The Server 2008 box
> works when you are at the physical console, but when you remote
> desktop, you are presented with the "logon icons" where you can select
> the last user or "other user." This behavior violates our corporate
> security policy.
>
> I double checked the setting by running rsop.msc. The policy is being
> applied and is set to "ENABLED." I also checked the Local Security
> Policy, which shows it set to enabled as well, and the little "policy"
> icon is there to show group policy governs this setting (so it is not
> changable).
>
> Is there a new setting specific to terminal services? I went to the
> Terminal Services administrative template and didn't see anything
> there that might be helpful. I also went to the Terminal Services
> Configuration MMC, nothing was helpful there either.
>
> I'm thoroughly lost here, because from what I read, all you need to do
> is set the "Do not display last user name" and all will be well. But
> it's not working.
>
 
Re: "Do not display last username" with Remote Desktop on Server 2

Re: "Do not display last username" with Remote Desktop on Server 2

I am not filling in the username or password on my terminal service client
(I'm using RD Tabs, which you can turn off NLA and also elect to not supply a
username/password) but even on older mstsc.exe (RDP 5.x) I get the logon
screen and have a choice between two icons, the admin user and "other user."
I cannot get it to STOP showing the admin user after I connect.
 
Re: "Do not display last username" with Remote Desktop on Server 2008

jay_oasis <jay_oasis.3gnvrc@DoNotSpam.com> wrote:
> did you ever solve this?
>
> I am in the same position.

Hi - you've posted a reply to a message that doesn't seem to be on the
server any longer, and you haven't quoted the original text in your message,
so it's unlikely that anyone will know what you're talking about.

I suggest you stop using the forum web interface you're using and try a news
client, such as Forte Agent, Thunderbird, or even Outlook Express, rather
than the pretty clunky web interface to the newsgroups. It's a lot easier to
do nearly everything that way. You can mark messages to be watched, filter
the views so you can see replies to your posts easily, and search.

The Microsoft public news server is msnews.microsoft.com and you can
subscribe to as many groups as you like; no authentication is required.

The following is from a post by MVP Malke ...

-------------------------------------------------------
Here's information on Usenet and using a newsreader:

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlo...ssnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/defaul...wto/default.asp
- Set Up Newsreader

http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Some newsreaders for Windows
http://www.forteinc.com/agent/index.php - for Forte
http://www.mozilla.org (Thunderbird does newsgroups)
http://gravity.tbates.org/

-------------------------------------
 
Re: "Do not display last username" with Remote Desktop on Server 2008

Hello jay_oasis,

To what posting are you replying?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> did you ever solve this?
>
> I am in the same position.
>
> http://forums.techarena.in
>
 
Back
Top