10.10. Usernames in RDP connections

When processing RDP connections, PSM attempts to extract the username from the connection. For example, you need the username to:

PSM can record the username automatically in the following situations if the RDP connection is using Network Level Authentication (CredSSP), and usually in other scenarios as well. The known scenarios that interfere with RDP usernames are listed in Section Windows settings that interfere with username extraction.

To ensure that your users can access the target servers only when their username is recorded, you can configure PSM to terminate RDP connections if it cannot reliably extract the username. To terminate such connections, disable the RDP Control > Settings > Permit unreliable usernames option.

Windows settings that interfere with username extraction

The following settings on the Windows client or server can prevent PSM from correctly extracting the username from the RDP connection. As a result, the username is not visible on the Search, Four Eyes and Active Connections pages.

  • The DontDisplayLastUserName option is enabled on the server. The DontDisplayLastUserName security setting of Windows servers specifies whether the username from the last successful login is displayed on the login screen as a default for the next login. To disable the DontDisplayLastUserName security setting, do one of the following.

  • There is no server-side authentication. To avoid this problem, ensure that your server requires authentication from the users.

  • If the server is Windows 2003 Server or Windows XP and the Allow to save credentials or Remember my credentials options are enabled in the Remote Desktop client application. In this case, disable these options on the client, and delete any credentials that have already been saved on the client.