Last Updated: February 25, 2016
·
683
· steve-jansen

Faster logins to remote Windows servers

Are you enduring the lack of SSH access to remote Windows servers?

Do you frequently use Windows Terminal Services client (Start > Run > mstsc)?

Well mstsc.exe has a little known configuration option to quickly login to remote servers using your current host/local login. This setting uses Kerberos delegation and group policy under the hood.

Example

Here is a simulated screenshot of how mstsc would look when my current login can be delegated to a remote server named mysever.datacenter.example.com:

Simulated Screenshot of Kerberos automatic logins to a server named myserver.datacenter.example.com

Configuration

  • Start > Run > gpedit.msc

  • Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation

  • Open the Allow Delegating Default Credentials

  • Set the state to Enabled

  • In the options, click the Show button for add servers to list

  • Enter TERMSRV/*.datacenter.example.com for any server in the datacenter.example.com subdomain, or enter TERMSRV/myserver.datacenter.example.com for a single server.

Note: This setting assumes your workstation and servers are part of the same AD forest, and that your current login has terminal server access to the remote server.

Screenshots:

screenshot

screenshot

Reference

See MSDN "How to enable Single Sign-On for my Terminal Server connections".