We get new external users that need initial password set up. We have a Windows 7 virtual machine that we allow users to log into for the first time that doesn't require NLA and has TLS disabled (RDP only). This allows users to connect to the workstation so that they can get prompted to change their password if it is new or expired. When users connect from other Windows systems they connect fine. When they connect from MAC systems using the Remote Desktop Connection Client (version 2.1), they cannot connect if RDP is the only available protocol. The only way our solution works is if only RDP is available. Windows 7 allows you to require NLA, but I cannot find a method to disable it completly. If TLS is available, client will use it and be rejected from accessing the workstation to change their password. Our basic problem is that we need users to change their password the first time they logon, and we cannot see a way for that to happen when NLA is enabled or TLS is used. Is there an option I am over looking, or is it simply not possible for a MAC remote desktop user to connect to a Windows 7 and change their password when the password is expired or required to be changed at next logon? Initially we were putting people on the good faith system where they were asked to change their password after we gave it to them. To many didn't do it, so we need a system that forces them to change their password the first time they logon. We have not been able to find another cost effective way to accomplish this. I am very familiar with that document and the details of the group policy settings. Hello, Oldguard, It isn't clear to me that it is the same problem, but I recently had a issue with Mac RDC and found that it was necessary to configure: Computer Configuration Windows Settings Security Settings Local Policies User Rights Assignment Access this computer from the network This allowed Mac RDC to connect in situations where Windows 7 RDC would connect fine, so you might want to give it a try. (You may first want to try a quick test to see if Mac RDC will connect if the user is a local administrator on the Windows machine.) The documentation for the GPO setting that I found implied it should not affect RDP connections; however, my experience indicates otherwise when Mac RDC is involved. Anyway, I hope that helps, Michael. Hello, Oldguard, I am curious to know if there have been any updates on your issue. Please let us know if you get the chance. I don't know if you've tried my suggestion yet, but I'm including a link to the (resolved) support thread I created on my issue in case you want to compare notes. Your situation is definitely different than mine, but your problem sounds consistent with mine. Also, if you'd prefer a non-technical solution: assign robust initial passwords in the first place. This will both set a good example and mitigate the security implications if users do not change them. ![]() ![]() Dec 12, 2018 - Microsoft Remote Desktop 10.2.4 - Connect to Windows machines. Download the latest versions of the best Mac apps at safe and trusted. While it might be tempting to assign excessively complicated passwords to encourage users to change them, be aware that this might just cause users to write passwords down. A third option is to check up on users to determine if they have complied. You can use the following command to determine when a user's password was last set. (It is also possible to query the information using a script. Password notification scripts are available for download on the Internet.) net user /domain username Michael. I have spent some time today trying to figure out how I would implement the rights change. The MAC user is on a local account on the MAC because the system is remote from us and not fully under our control (not my design, just the way it is). The user is never prompted for a user name and password, so the user doesn't really have a way to identify who they are for network level authentication. They never get a logon screen of any kind. When network level authentication is enabled, the user is rejected because the password must be changed at next logon. If they know the password and the password is not expired, they connect just fine to NLA based RDP sessions. It is our need to have users reset passwords remotely, or the initial password setup that caused us to have problems. Like I said, Windows to Windows works just fine. The MACs only have problems going to the password reset system.
0 Comments
Leave a Reply. |
АвторНапишите что-нибудь о себе. Не надо ничего особенного, просто общие данные. Архивы
Март 2019
Категории |