Jump to content
Welcome to our new Citrix community!
  • 0

Force Published Desktop to Prompt for Credentials


Question

We have a custom built server that is separate from our regular Published Desktop. The idea is this is used for Engineering applications that require users to use a separate account for. We want that Published Desktop to prompt for alternate credentials, rather than accepting SSO.

 

Is there a way to effectively do this?  I'm aware of this policy:

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

Always prompt for password upon connection

 

...but not sure if there's a "Citrix" policy to do this.

Link to comment

4 answers to this question

Recommended Posts

  • 0

 You are pretty much covered it yourself :10_wink: Under the hood it's Remote desktop services only so AD GPOs/local policies should work same way,  For a quick test i created a local policy on my test Citrix VDA and upon launching desktop, It did ask for credentials instead of SSO. One more thing, When i didn't supply credentials, desktop session timed out itself. 

Hope it clarified doubts if any. Good luck !!

 

test.PNG

Link to comment
  • 0

I do not know of any Citrix Policy that will do this for you. My first suggestion would have been the AD Group Policy setting you suggested.

 

We handle this situation by using the Receiver for Web Site URL when we want to log onto a resource as a different user. Using the Web URL you specify the 'other' credentials and then pass-through uses those 'other' credentials for all resources opened through that browser.

Link to comment
  • 0

Hello, rather than creating a new topic i think i can post an upcoming question here. Following this approach i am not able to use different credentials to logon because of this error:

 

ICA Connection request denied because the current user is not the owner of the Session

 

And then the session is terminated. Is this some kind of security feature we can switch off to allow a different user to use the ICA connection? We don' want the user to enter his administrator credentials on the webinteface because we think this is not really safe. Therefore we tried to use the "normal" credentials for the webinterface and to start the shared server desktop and then the user should be able to logon with its administrator credentials.

Link to comment
  • 0
On 1/27/2022 at 8:17 AM, Jochen Koch1709156562 said:

Hello, rather than creating a new topic i think i can post an upcoming question here. Following this approach i am not able to use different credentials to logon because of this error:

 

ICA Connection request denied because the current user is not the owner of the Session

 

And then the session is terminated. Is this some kind of security feature we can switch off to allow a different user to use the ICA connection? We don' want the user to enter his administrator credentials on the webinteface because we think this is not really safe. Therefore we tried to use the "normal" credentials for the webinterface and to start the shared server desktop and then the user should be able to logon with its administrator credentials.

 

Did you manage to get this work? We are facing a similar situation and want o use the same approach.

Thanks

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...