15
4
My W8 machine is connected to domain zen
. If I rdp to the W8 machine, I can log in as a local user without problems. If I try to log in as a domain user, I am prompted for a smart card instead of a password.
Any ideas why?
Note that Interactive login: require smart card
is disabled in group policy:
And here is the output from rsop.msc:
Some additional information on this one. If my connecting machine is on the same domain/network as the W8 machine, then I am prompted for a password as usual. If the machine is remote, on a different domain, then I am prompted for a smart card. In addition, the machine I am connecting from that gets the smartcard prompt is an XP box - so it may be an issue confined to mstsc.exe version 6.0.x - with 6.1 the authentication is managed prior to the rdp gui session being established.
I haven't isolated exactly which of these factors triggers the different response.
I'm having the same issue except that it is occurring even if I'm logging into a Windows 8.1 workstation via RDP directly from the domain server itself (Windows 2012 R2). The "require smart card" GPO setting is disabled and shows as such in RSOP, but the only way I can log in is by selecting "Other user". Very strange... – nextgentech – 2015-02-17T20:24:50.847
Where did you get that screen shot from? Are you sure the policy is being applied? Run
rsop.msc
on the target machine to get the "Resultant Set of Policy". Check to see if required logon is enabled or disabled when you do that. – Scott Chamberlain – 2012-10-22T23:58:33.970@ScottChamberlain Updated with the output from rsop. "Required Logon" isn't an option I can see, and require smart card is undefined. I would expect this to default to "require" if undefined. What policies is this a result of - it must be the local and domain group policies right? I don't have a domain level group policy. – Paul – 2012-10-23T00:07:58.147
I meant to type "Require Smart Card" instead of "require login". But this is the effective policy on the computer adding together local computer polices, local user policies, domain computer polices, and domain user policies. When it is not defined it defaults to disabled. Also, was that RSOP screenshot from your computer or the server (when you are logged in as you)?
– Scott Chamberlain – 2012-10-23T00:26:33.230Just for curiosity sake, see if you can logon as a local user, then do the RSOP in a
run as ...
as the domain user. Perhaps the setting is being applied on the domain user level, and if you ranrsop.msc
on the local user level it would not pick up the setting. – Scott Chamberlain – 2012-10-23T00:34:56.810I don't think I can - mmc requires elevation, so if I runas the domain user, it tells me I need to elevate, which would then just run as administrator (the domain user is in the administrators group) – Paul – 2012-10-23T00:47:38.953
I have the exact problem when doing remote desktop from a Linux machine. RD from a Windows machine works as normal. So probably the problem is caused by the client, but I'm also puzzled as to why it happens! – JorgeGT – 2013-01-10T15:00:27.593