Posts: 17
Threads: 2
Joined: Nov 2014
Reputation:
0
I've run into two issues with the Windows Account encryption method.
1. I cannot figure out how to remove encryption from my standard file based environment. I had changed it to Windows Account encryption but then ran into the issue below and now cannot find a way to remove that. I do not want any encryption, is there anyway to change that to remove it?
2. It appears that the Windows account used for encryption is being passed onto the RDP sessions to Windows clients even though they have specific (and different) login Credentials in the Connection Properties. I know this because I am getting Microsoft "Fix Me" account warnings on the remote client now that I am using Windows Account encryption, but it's displaying my ASG login credentials (i.e. Windows Account encryption credentials), not the credentials used to access the client. Since the Connection Properties allows for a different login, this sounds like a possible bug?
Posts: 11,250
Threads: 102
Joined: Aug 2006
Reputation:
206
1. To change the encryption of ASGRD local file environment just choose "Environment=>Encryption=>..." - no encryption for passwords is not supported so you have to choose any of the choices - if you use Standard you won't need a password...
2. No - why should the windows account be passed to any session? That's normally not supported - you can configure your environment to use SSO but this must be enabled on client and server side.
But perhaps I do not really understand - you always say "Windows Account encryption credentials" - what do you mean with that? And what is "Fix me" account warnings? If you provide creds with correct username/password it should be always passed to the destination.
Btw - what version of ASGRD are you using?
Regards/Gruss
Oliver
Posts: 17
Threads: 2
Joined: Nov 2014
Reputation:
0
20-01-2021, 09:59 PM
(This post was last modified: 20-01-2021, 10:00 PM by Kim A.)
1. Thank you, I think I misunderstood what Standard encryption meant. It appears to have resolved my issue.
2. What I was trying to share is that the Windows account that I was using to open ASG (with Windows Account encryption mode), i.e. Kim, is different than the Connection Credentials used to log on to a remote Windows PC, let's say Joe, yet my personal Windows account is being passed through to the remote Windows PC because it is causing account issues on that PC, and when I attempt to use the Fix Me in Settings > Shared experiences, it was trying to authenticate to my personal Windows account (Kim), not the account used to log onto the PC (Joe). So somehow it is comingling this information. Let me know if I can share any additional details to help explain this further.
Posts: 11,250
Threads: 102
Joined: Aug 2006
Reputation:
206
You can check if you habe enabled "Session polling" this could try to query information from your configured connections using not only the assigned credentials - goto Settings=>Connections => Polling interval to discover the session information - set to 0 if you don't want that
If you just logon to any of your connections your "Windows Account" won't be used as long you didn't assign it to the connection object
Regards/Gruss
Oliver
Posts: 11,250
Threads: 102
Joined: Aug 2006
Reputation:
206
In session polling of course the assigned credentials are used - but we checked this some time ago that Windows do some strange things when query session information - and we see that in some cases it also uses the Windows Account... so it was just a suggestion - if disabled that will not be the reason
Are you sure that the logins come from ASGRD? Because we never use the Windows Account for any action...
Regards/Gruss
Oliver
Posts: 17
Threads: 2
Joined: Nov 2014
Reputation:
0
I believe we have identified the source of the issue, unrelated to ASG, so I am going to monitor to see if this solves the problem. So I believe for now this ticket is resolved. Thank you also for your help with removing the encryption.