Setting to make LOCAL COMPUTER default rather than DOMAIN on RDP login screen
We are using an RD Gateway and we have some machines that we would like to default to the LOCAL computer for authentication (even though they may or may not have a domain available). It seems to default to the domain on the login screen.
Example for a computer named PC:
PC\Username <-- this is what we WANT and we can login to the local PC is we type this
Domain\Username <-- this appears to be the default for all domain joined computers
It appears that (if you are using a RD Gateway) the domain setting is not passed to the RDP login screen nor is it passed if you specify the username with the PC\Username format (PC\Username WILL be used to authenticate to the RD Gateway though). With the default Credential provider you CAN pass the domain from the RDP file as
domain:s:DOMAIN or with the username
username:s:PC\Username
We tried to set the MOTP config option: domain_name=PC but that didn't seem to do anything
We set the computer's default domain via GPO -- but that did not seem to change anything
We tried to set:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName\PC
and
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultDomainName\PC
The MOTP Credential Provider seems to be grabbing the domain name for the logon screen from:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain
Does anyone have any ideas as to how to set MOTP to default to the local PC name 9such as %computername%) rather than the domain? I see that there is a plugin for pGina called the pGina Local Machine Plugin, but I'm not sure how that might relate to this situation.
Anybody have any guidance?
The default behavior (without MOTP) passes the parameters for domain (or domain\username) to the RD Gateway AND the RDP login. Is there a way to accomplish this?
If not, is there a way to set the logon screen to use the local PC as default (rather than the domain)?
Edit: Sorry about the formatting. I don't seem to have any formatting controls available. It looks better before I post.
This discussion has been closed.
Comments
Due to security reasons, we cannot retrieve the username passed from the RDP client from our third party plugin.
It could be possible to create a specific registry with a default value before the username.
Examples:
Default value = "MYPC" -> login credential used : MYPC\username
Default value = "" (empty) -> like now (Domain if in a domain, Computer if not in domain)
Is it what you would like ? Regards,