Faster logins to remote Windows servers

Are you enduring the lack of SSH access to remote Windows servers?

Do you frequently use Windows Terminal Services client (Start > Run > mstsc)?

Well mstsc.exe has a little known configuration option to quickly login to remote servers using your current host/local login. This setting uses Kerberos delegation and group policy under the hood.

Example

Here is a simulated screenshot of how mstsc would look when my current login can be delegated to a remote server named mysever.datacenter.example.com:

Configuration

• Start > Run > gpedit.msc

• Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation

• Open the Allow Delegating Default Credentials

• Set the state to Enabled

• In the options, click the Show button for add servers to list

• Enter TERMSRV/*.datacenter.example.com for any server in the datacenter.example.com subdomain, or enter TERMSRV/myserver.datacenter.example.com for a single server.

Note: This setting assumes your workstation and servers are part of the same AD forest, and that your current login has terminal server access to the remote server.

Screenshots:

Reference

See MSDN "How to enable Single Sign-On for my Terminal Server connections".