The catch is that the
participating systems must meet a few requirements before single sign-on can occur:
?–? The client must be running either Windows Vista or Windows Server 2008, and
the server must be running Windows Server 2008.
?– The user accounts you want to set up for single sign-on must have rights to log
on to both the workstation (via domain logon) and the terminal server.
?–? The client computer and terminal server must be part of a domain.
Hands-On Exercise: Configuring Single Sign-On
You need to make configuration changes to the client and the server to make single signon
work. For the server, follow these steps:
1. Choose Start | Run. Enter tsconfig.msc, and then click OK. This will open the
Terminal Services Configuration screen (Figure 9-1).
Figure 9-1. Terminal Services Configuration screen
289 Chapter 9: Terminal Services
2. In the Connections section, right-click RDP-Tcp and choose Properties.
3. On the General tab, make sure that the Security Layer value is set to either
Negotiate or SSL (TSL 1.0), as shown in Figure 9-2. Then click OK.
On the client side, you need to make some changes to the local group policy
(although you could also configure this centrally using Group Policy objects, or GPOs):
1. Choose Start | Search. Enter gpedit.msc, and then press enter.
2. Expand Computer Configuration | Administrative Templates | System |
Credentials Delegation.
Pages:
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331