Last Updated: February 25, 2016
· steve-jansen

Faster logins to remote Windows servers

Are you enduring the lack of SSH access to remote Windows servers?

Do you frequently use Windows Terminal Services client (Start > Run > mstsc)?

Well mstsc.exe has a little known configuration option to quickly login to remote servers using your current host/local login. This setting uses Kerberos delegation and group policy under the hood.


Here is a simulated screenshot of how mstsc would look when my current login can be delegated to a remote server named

Simulated Screenshot of Kerberos automatic logins to a server named


  • Start > Run > gpedit.msc

  • Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation

  • Open the Allow Delegating Default Credentials

  • Set the state to Enabled

  • In the options, click the Show button for add servers to list

  • Enter TERMSRV/* for any server in the subdomain, or enter TERMSRV/ for a single server.

Note: This setting assumes your workstation and servers are part of the same AD forest, and that your current login has terminal server access to the remote server.





See MSDN "How to enable Single Sign-On for my Terminal Server connections".