Programming, Security, Software, Technology, Various Languages

How to Setup RemoteApp to Connect Without a Password Prompt

With Windows Server 2008 and 2012 you can now stream applications from the server to each user’s desktop. This means that the application looks like it is running locally on the user’s machine, when in fact it is running from the server.

RemoteApp is great for centralizing applications in a corporate environment, and simplifies maintenance since the applications are running on a single machine optimized to host them rather than from each user’s machine (each possibly with different hardware, a different Operating System, and an almost unlimited number of different configuration settings).

How Does RemoteApp Work?

Behind the scenes, each client computer is using Remote Desktop (formerly called Terminal Services) to authenticate the user to the server and then stream the application back to the client.

If you are looking to set up this sort of a system for the applications in your company, then here is a step-by-step article about how to set up a Windows 2008 Server to serve Remote Applications:

This link below is also a great guide for setting up and configuring Remote Apps

Setting up Automatic Authentication

Things get a bit tricky once you want to update your authentication system. By default users will be prompted to enter their passwords when they click to access an application that you have distributed to them via .RPD or .MSI file.

If you want the user to have a seamless experience in which the user credentials are passed to the server directly without the user needing to type in their password, you will have to set the user’s Local Group Policy settings. Here are the steps you need to take to do so in Windows 7:

  1. On the user’s computer, type gpedit.msc into the start menu or into a DOS command prompt.
  2. You will now see the Local Group Policy Editor window.
  3. On the left hand side, use the tree-view navigation to expand the following folders:
    1. Local Computer Policy
    2. Administrative Templates
    3. System
    4. Credentials Delegation
  4. In Credentials Delegation you will need to edit and enable the two settings titled:
    • Allow Delegating Default Credentials with NTLM-only Server Authentication
    • Allow Delegating Default Credentials
  5. In each, first click the Enabled radio button
  6. Then enter a comment (such as the word Enabled)
  7. Now comes the important part… you will need to click the Show button beside the label ‘Add servers to the list
  8. When you have clicked the button you will see a text input area where you can enter the name of the server that will serve up the applications
  9. The naming that happens behind the scenes can get tricky. For starters, try:
    • TERMSRV/[YourServerNameHere]*
    • As you can see, even though Terminal Services has been renamed Remote Desktop, the old syntax remains the same.
    • Don’t forget the star at the end, it is a wildcard match that will accept anything further that may be appended to your server name.
  10. If you just want to test the connection and don’t care much about how, you can enter another entry into the servers list where you place the wildcard after TERMSRV:
    • TERMSRV/*
    • Setting the TERMSRV/* setting is less secure, but is a good way to test if your seamless sign-on will work. You can test narrowing down the naming later.
  11. Click the OK button to save your list.
  12. On the Enable page, make sure that the checkbox titled ‘Concatenate OS defaults with input above‘ is checked.
  13. Click the Apply button
  14. ** Now enable the other credentials setting exactly the same way. **
  15. Next you will need to open up a command prompt (or the Address bar text input area) and type in gpupdate in order for your changes to the Local Group Policy to take effect.
  16. Finally, click on your .RDP file to test connecting to your server.

If you entered the name of your server correctly, then you should not see a password prompt… authentication should be invisible and your application should appear to start automatically.


6 thoughts on “How to Setup RemoteApp to Connect Without a Password Prompt”

  1. Hi,
    I have been having issue with SSO for RDweb app. Using Hyper-V Server 2012 with VMs (Pooled and Personal) Win7 64bit. Remote Client has ThinPC Windows 7 with RDP 8.1.
    Ideally once user logs into ThinPC , IE opens up to rdweb link. Under RemoteApp and Desktop, there are 2 icons that said Pooled VM and Personal VM. A user clicks on Personal and it should automatically rdp to the Win7 64bit VM without any credentials.
    Everything works, until it gets to the Win7 64bit VM, user must enter their password which I do not want. It should use the Windows Authentication password when she logs in first time for ThinPC (domain joined).
    I have tried everything, Delegation Credentials, IE Trusted Site Termsrv/* But once user clicks on the Personal or Pool VM, it gets to the VM and ask for password.
    Please advise. Do you do support?

  2. Tuan,

    it is because any VDI with windows 7 and below will prompt for password. Windows 8 and up will not ask for password for VDI pools. try a windows 8 vdi pool and it should work. better yet, try a windows 10, since windows 8 is no good.

  3. I’ve tried this method and everything but still no luck for me. Please help doing this for weeks now.

    1. Hey Edwin, you ever figure it out? I’m having the same problem. Tried domain policy, local policy, NTM-only, regular, saved credentials, default credentials, TERMSRV/*, FQDN, default domain policy not overridding. Still asking for a damn password!?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s