How does Remote Desktop handle Smart card and NLA?
2 years ago
Originally Published: 2010-06-07
Article Number
000058004
Applies To
Windows Network Level Authentication (NLA)
Remote Desktop Protocol (RDP)
RSA Authentication Client (RAC)
RSA Smart Card Middleware
RSA SID800
RSA SecurID SID800 Hardware Authenticators
Issue
How does Remote Desktop handle Smart card and NLA?
Resolution

  

RDP User Experience for Various Configurations of Network Level Authentication (NLA)

NLA configured on Local system?[1]

NLA configured on remote system?[2]

MS Password CP filtered on remote system?[3]

System where user is prompted for credentials

Smart card removal policy on remote system is enforced?

No

No

N/A

Yes

No

Yes

N/A

Remote system (subject to remote system policy)[4]

Yes

Yes

No

N/A

Remote system (subject to local policy)[5]

Yes

Yes

Yes

No

Local system

No

Yes

Yes

Yes

 

Both local system and remote system

Yes

 

 


[1] OS must be Windows Server 2008, Vista (any edition), Windows 7 or XP SP3 with CredSSP support explicitly enabled

[2] OS must be Windows Server 2008, Vista (any edition) or Windows 7

[3] Third-party providers cannot be configured to accept the passed-through credentials.  Only the MS credential providers are supported for this purpose.

[4] Connection is only possible if Remote Desktop policy on the remote system is configured to allow non-NLA connections

[5] To handle the case where NLA is unavailable on the remote system, RDC policy can be set to 1. ) silently connect; 2.) allow the connection after warning the user; 3.) do not allow the connection

 


Related Articles

Trending Articles

Don't see what you're looking for?