I have a domain user that uses a remote desktop app. I recently reset his password via AD and although he can log in to his account he cant authenticate against the remote app anymore.
Ive checked the Remote app manager and cant see any settings for individual passwords there (dont think there is one?)
Hes setup as a remote desktop user and accesses the app through an .rdp file on his desktop..Any suggestions as to what this may be?
thanks,
I got the user to logout, reset their password and untick the 'change at next logon' requirement and log back in. This resolved their issue.
Related
I am having issues with the UI prompt which is asking me to enter my password to access the keychain credentials for proxy.
My mac is used in a local network without internet access, so I need to setup a proxy connection with username and password for browsing and all other mac services. I configured proxy including authentication in network settings. When browsing, chrome asks me once to enter credentials and it is working fine after then. If any other system service tries to connect, I am getting prompted to enter my password so proxy credentials can be fetched from keychain. I also changed the keychain entry to allow all applications to access it, but the prompt keeps on asking and asking and asking for my password. The next time, the keychain entry is changed back again to allow only some applications. Looks like it is always overriding the old entry.
Any ideas how I can fix that? Unfortunately I do not have any access on configuration of the proxy server or to change any parameters there, if it is a configuration issue of the proxy server. But there has to be a solution, I do not think entering the password hundreds of times a day can be an accepted solution.
My Mac is newly setup and running macOS Big Sur 11.2.1
Have you seen this answer https://apple.stackexchange.com/questions/106742/mac-username-password-for-proxy-settings-keep-resetting-by-itself? Usually you can move the password item in the keychain to the System section rather than the login section and this fixes the issue.
I have a similar issue but I am in a corporate environment and my issue seems to be related to NTLM https://apple.stackexchange.com/questions/292835/how-to-store-proxy-credentials-on-macos-so-they-are-used-by-system-services?rq=1
I update the company mac to the new OS big sur. It was doing fine before the login but once the update was done, the AD user is not able to login once its not connected to the corporate network or if it is on outside network. It just keeps on asking to reset the password. But if it is connected to the corporate network, it works fine. Already check with the settings, all is check, like create a mobile login and all those stuff.
I had the same issue, to fix it I had to go into our Device Management site (AirWatch, though I've heard the same things from InTune and other management tools), and disable the "Password" profile. Once AirWatch synced again it allowed me to log in without the "Reset Password" prompt.
Other things I learned:
For the first couple of days I had this issue I was able to reset the SMC and it would allow me to log in until I disconnected from the VPN again (at night).
I was able to reset the password on local accounts (I have a local test account that would accept a new password but it had weird restrictions I had never set like not being dictionary words, being over 12 characters, etc. I had to use something like 1qaz#WSX3edc$RFV for it to work.
If I logged in as a local admin account I was still locked out from using my domain joined account to perform admin functions on the computer and make server connections, it didn't give me the change password prompt, just failed like I had the wrong password.
Just putting this here for people who have to defend their choices to the higher-ups:
On a corporate domain the Password profile being set manually for Mac is redundant as long as you have the profiles in your management suite set to not allow local account logins and the password requirements are set in AD. This forces you to login with an AD account and AD will enforce the password requirements.
I setup Remote Desktop Connection and the computer says: AzureAD\username already has access:
Very good, let's try to connect using AzureAD\username:
Unfortunately it says:
Your credential did not work. Remote machine is AAD joined. If you are
signing in to your work account, try using your work email address.
Of course it didn't work. Any idea?
To successfully connect to an AzureAD joined computer using Remote Desktop, you will need to first save your connection settings to a .rdp file.
To do this, open the Remote Desktop Connection program, enter the IP Address or computer name, then click the "Save As" button at the bottom of the screen. Save it someplace convenient, since we'll need to edit this file by hand.
Next, Right-Click the saved .rdp file and open with Notepad.
Go to the very bottom of the file, add the following lines:
enablecredsspsupport:i:0
authentication level:i:2
Save the file and close.
Now, try double clicking the modified .rdp file and login using the format:
AzureAD\YourFullUsername
Screenshots, original information and credit go to bradleyschacht.com
As an updated answer, the solution is to simply open up the options for the connection, go to the Advanced tab, and check "Use a web account to sign in to the remote computer".
As long as RDP is enabled on the remote machine and the user you are trying to logon is with authorized, it should work.
The Azure Active Directory username is not exactly clear though.
Joined computer via 'FirstName#domain.com', an Azure Active Directory domain account.
Computer shows 'AzureAD\FirstNameLastName' as authorized for RDP since it's an administrator account.
Must use 'AzureAD\FirstName#domain.com' for RDP username.
No other settings changes needed, no manual editing of RDP file just had to get the username right.
from your window, it doesn't seem like you logged in with an azuread account, try with francescomantovani#yourazureaddomain.com as a username?
as per here:https://learn.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc
When you connect to the remote PC, enter your account name in this
format: AzureAD UPN. The local PC must either be domain-joined or
Azure AD-joined. The local PC and remote PC must be in the same Azure
AD tenant.
For some reason the old remote desktop connection application was throwing the same error. I tried connecting through new remote desktop application( included in windows 10 ), it connected without any problem.
The issue is related to the password, which we have set at the time of the creation of VM.
That password doesn't meet the complexity criteria that we didn't get informed about while setting the username & password firstly. Therefore we need to reset the password.
1). click on created VM --> choose reset Password from the side menu.
2). This time they will tell us about constraints for setting the password.
3). Choose the appropriate password.
4). Now login via this format as below:
username : <publicIpOfVM>/<username>
password: newPassword
I developed an Intranet application which needs to realize a "git push" from a local repository (on the disk of the web server) to a remote repository.
I launch the git process from the web server, it runs under the IIS pool identity which is a domain account member of the administrators group of the web server machine.
Git needs the user credentials to perform the push action. I integrated a custom version of git-credential-winstore. This program uses the Windows Credential Manager to store generic credentials for a web site. But when the call to the credential's write occurs, I get the error :
Failed to write credential: A specified logon session does not exist. It may already have been terminated
I checked the policy "Network access: Do not allow storage of passwords and credentials for network authentication", it is disabled.
What goes wrong here ?
Pool account needs to gain access to its user profile.
So we need to connect one time to a Windows Session to create user profile (I think it's necessary). Next in the Advanced Settings of the dedicated Application Pool, set "Load User Profile" = true.
Note about credentials : Windows credential target must be changed to manage different users in the same Windows vault. I change "git:https://remote-host" by "git_USERID:https://remote-host".
I set this property to enabled and it works now, maybe it will work for you also:
If we have a link on a users desktop to a website, is there any way to automatically log them into that website using their windows username and password?
I think you can do it using the Active Directory. Maybe this article can help you.
This: Retrieve UserName by Searching in Active Directory
The windows login system and the website have totally different mechanisms. You're windows password is stored locally on your machine however the website password is stored remotely on a server. hence it does not make sense to login on a website with your local password automatically.
You can do this only for local Intranets hosted on the current domain. If this is what your're after you need to set the authentication mode in the config file.
.NET Authentication