Benjamin Schieder


2015 September 10


12:37 < blindcoder> fcu kthis piece of shit fsckcrap windows bbullshit crap fuck 
12:37 < blindcoder> I'm so fcucking SICK of windows
12:38 < blindcoder> all I want it for anRDP session to get the login screen SERVERSIDE
12:38 < blindcoder> so I can choose another credential provider
12:38 < blindcoder> but NO
12:38 < blindcoder> it's apparently non-trivial nto disable the entering of rcedentials client side
12:38 < blindcoder> beacuse there's literally SERO information about it the internte
12:38 < blindcoder> godfskcing piece of garbage fsckcrapsoftware
12:42 < blindcoder> god, what a piece of fscking stinking shit
12:42 < blindcoder> you can only do this if you are joined to a dmoain
12:42 < blindcoder> WHYEVER you'd need to
12:42 < blindcoder> BUT there's a workaround
12:43 < blindcoder> opening the .rdp file with a text editor and adding  enablecredsspsupport:i:0 to it allows you to do this
12:43 < blindcoder> WHYWHYWHYWHYWHY?

(typos not corrected from original state of mind)

##Long version##

I have an application that provides its own Credential Provider for Windows 2012 R2. That means that authentication must happen server side. Windows added something called “Network Level Authentication” that requires clients to authenticate BEFORE the RDP connection is established at all. Unfortunately, those credentials are then used to authenticate the user directly to his desktop withouth choosing another Credential Provider.

I obviously disabled NLA and everything else that I could find for client-side authentication in the Local Group Policy Editor (server is not member of a domain), but RDP simply didn’t care.
After googling long and hard I found the solution here:

It’s not really a solution but more of a crappy workaround around Windows idiocy, but it works. Sadly.


Category: blog

Tags: windows rdp credentials serverside