0

Good day to you all!

Guys tell me what I can not find, in short, there is a domain theme - right-click on the account = change password, check the box: The user must change the password... Type a temporary password for example 123456

Ideally and on many DC machines with mstsc or other client, type in the address of the RDS machine, 1. A logon window appears and then you are asked to enter your login and password, we enter our login and password 123456, then in the same logon it asks you to change your password... This is configured in the GPO and so on, but here's the thing, there are controllers or PCs which terminal server is configured so that the logon window is not issued and immediately at the above request to change the password this window is issued: https://i.stack.imgur.com/PAk4V.jpg

AlexPebody
  • 21
  • 4
  • Guys, PLEASE, who knows anything about the farm, absolutely: 1. Doesn't work with policy: network level authentication - disabled, restarting the desktop id service. 2. Doesn't work with tsconfig.msc on ALL machines in the farm setting protocol: RDP instead of NLA (negotiation), restart desktop account service. Doesn't work when unchecked: only connect when client is running on network authentication..., set on ALL farm machines, restart desktop services. – AlexPebody Nov 10 '21 at 05:20

1 Answers1

0

In short! Here's the solution!

  1. Make an account that will not be in any group of the domain, or rather make the group empty and put it the main user, removing even from the group domain users.

  2. We add this user to the remote desktop group on the farm gateway only.

  3. Then we write in ANY client properties of this user together with login, password, domain, ONLY in the gateway section.

  4. In the same connection settings write the PC (usually the 1st PC in the farm), which needs to connect.

Everything. Profit. Thank you all. The solution was found by the collective mind of my team, for which she and I, including a BIG THANK YOU!

AlexPebody
  • 21
  • 4