This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SGN Guest on Remote Desktop

Hello,

 I have some virtual machines with SafeGuard Client and I'm trying to enable users to access them via RDP.

My problem is that when a new user log in using RDP his user status is always SGN guest, so I have to go and manually add the user to the machine using the Management Center only then he gets a SGN Windows user/ SGN user status and is able to use his keyring. But if a new user is using TeamViewer he gets a SGN Windows User status and the keyring is available, so I dont have to do anything on the Management Center.

How can I make log in with RDP the same as TeamViewer for new users? I have already read a lot of posts in this forum and have already created a specific machine settings policy with "Allow registration of new SGN users for" as Everybody and "Enable registration of SGN Windows users" and applied to the OU containing the virtual machines, but new RDP users are still getting SGN guest status.

 Thanks for the help!



This thread was automatically locked due to age.
Parents
  • Hi  

    It is a very interesting issue. I'd request you to check whether the user is able to log in through team viewer with SGN user when he is getting SGN guest status when it tries to login through the RDP.

    Also, I'd suggest you apply the above-mentioned setting on the users OU as well and check the result.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Jasmin, thanks for looking into my problem.

     


    It is a very interesting issue. I'd request you to check whether the user is able to log in through team viewer with SGN user when he is getting SGN guest status when it tries to login through the RDP.


    Yes, when the same user logs in through TeamViewer he gets SGN user status. But the next thing I noticed is that if that same user now logs in through RDP he gets the Safeguard Logon window, asking to complete the logon. Inserting the password and clicking ok unlocks the user keyring and all is fine. That said, now I believe that when the users are logging in via RDP it isn't using the Safeguard credential provider(that's why the Safeguard logon window is showing up), so in the first login it isn't able to do the initial configuration, because the Safeguard credential provider isn't called. Is there a way to force login in the machine (including RDP) to use only the safeguard credential provider?

     


    Also, I'd suggest you apply the above-mentioned setting on the users OU as well and check the result.


    I already tried that but no luck.

     

    Thanks!

  • Hi  

    There is no way to force login for Safeguard Credential provide for the users but if Microsoft Credential provider is not available, the user will only be prompted through Safeguard Cred provider.

    To hide the Microsoft Cred Provider, we have this document which will help you complete this task. I'd suggest you perform this on the one test computer and you can implement on others if it gets completed successfully.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Jasmin,

     I followed the instructions in the link you sent and was able to remove the Microsoft Credential Provider, so now every time I connect via RDP I'm not automatically logged in: I'm presented with the windows log in screen and the only Credential Provider available is Safeguard's.

    Even with this configuration I'm still facing the same problem when a new user logs in: they only get SGN guest status until they log in using TeamViewer.

    To verify that the Safeguard Credential Provider was indeed being called I did the following test: With a new user I did the first log in with TeamViewer, got the message saying that the initial configuration was successful and got SGN user status, then restarted the machine and connected via RDP. As per the new configuration I didn't logged in automatically and had to log in using the Sophos Credential Provider. When I did log in, this time, I wasn't prompt by the Safeguard log in window like I was before doing this configuration and got SGN user status, so I think the Sophos Credential Provider is working ok now.

    How can I force the initial registration/configuration to trigger using RDP?

    Thanks!

Reply
  • Hi Jasmin,

     I followed the instructions in the link you sent and was able to remove the Microsoft Credential Provider, so now every time I connect via RDP I'm not automatically logged in: I'm presented with the windows log in screen and the only Credential Provider available is Safeguard's.

    Even with this configuration I'm still facing the same problem when a new user logs in: they only get SGN guest status until they log in using TeamViewer.

    To verify that the Safeguard Credential Provider was indeed being called I did the following test: With a new user I did the first log in with TeamViewer, got the message saying that the initial configuration was successful and got SGN user status, then restarted the machine and connected via RDP. As per the new configuration I didn't logged in automatically and had to log in using the Sophos Credential Provider. When I did log in, this time, I wasn't prompt by the Safeguard log in window like I was before doing this configuration and got SGN user status, so I think the Sophos Credential Provider is working ok now.

    How can I force the initial registration/configuration to trigger using RDP?

    Thanks!

Children