Jump to content
  • 0

Force Published Desktop to Prompt for Credentials

Cameron Gladman1709153679

Asked by Cameron Gladman1709153679,

Question

Cameron Gladman1709153679 Apprentice

Cameron Gladman1709153679

Posted
Posted

We have a custom built server that is separate from our regular Published Desktop. The idea is this is used for Engineering applications that require users to use a separate account for. We want that Published Desktop to prompt for alternate credentials, rather than accepting SSO.

 

Is there a way to effectively do this?  I'm aware of this policy:

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

Always prompt for password upon connection

 

...but not sure if there's a "Citrix" policy to do this.

Link to comment

4 answers to this question

Recommended Posts

  • 0
vipin sharma1709153607 Contributor

vipin sharma1709153607

Posted
Posted

 You are pretty much covered it yourself :10_wink: Under the hood it's Remote desktop services only so AD GPOs/local policies should work same way,  For a quick test i created a local policy on my test Citrix VDA and upon launching desktop, It did ask for credentials instead of SSO. One more thing, When i didn't supply credentials, desktop session timed out itself. 

Hope it clarified doubts if any. Good luck !!

 

test.PNG

Link to comment
  • 0
Darryl Sakach Rising Star

Darryl Sakach

Posted
Posted

I do not know of any Citrix Policy that will do this for you. My first suggestion would have been the AD Group Policy setting you suggested.

 

We handle this situation by using the Receiver for Web Site URL when we want to log onto a resource as a different user. Using the Web URL you specify the 'other' credentials and then pass-through uses those 'other' credentials for all resources opened through that browser.

Link to comment
  • 0
Jochen Koch1709156562 Newbie

Jochen Koch1709156562

Posted
Posted

Hello, rather than creating a new topic i think i can post an upcoming question here. Following this approach i am not able to use different credentials to logon because of this error:

 

ICA Connection request denied because the current user is not the owner of the Session

 

And then the session is terminated. Is this some kind of security feature we can switch off to allow a different user to use the ICA connection? We don' want the user to enter his administrator credentials on the webinteface because we think this is not really safe. Therefore we tried to use the "normal" credentials for the webinterface and to start the shared server desktop and then the user should be able to logon with its administrator credentials.

Link to comment
  • 0
Sabine Ludewig1709156713 Enthusiast

Sabine Ludewig1709156713

Posted
Posted
On 1/27/2022 at 8:17 AM, Jochen Koch1709156562 said:

Hello, rather than creating a new topic i think i can post an upcoming question here. Following this approach i am not able to use different credentials to logon because of this error:

 

ICA Connection request denied because the current user is not the owner of the Session

 

And then the session is terminated. Is this some kind of security feature we can switch off to allow a different user to use the ICA connection? We don' want the user to enter his administrator credentials on the webinteface because we think this is not really safe. Therefore we tried to use the "normal" credentials for the webinterface and to start the shared server desktop and then the user should be able to logon with its administrator credentials.

 

Did you manage to get this work? We are facing a similar situation and want o use the same approach.

Thanks

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to question listing

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...