cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
474
Views
0
Helpful
3
Replies

Limitations on Windows and AnyConnect supplicants.

Antonio Macia
Participant
Participant

Hi there,

 

During our ISE deployment we are trying to fit two simple requirements: machine and user authentication as well as centralized Windows computer administration, however, it does not seem to be a standard way to meet such a simple scenario:

 

  • User authentication over RDP sessions: Not supported by the Windows supplicant, so we moved to AnyConnect, but then:
  • Force user log-off by administrators and Windows Remote Management (WRM) for troubleshooting purposes: Not supported by AnyConnect NAM. Any workaround like registry modification? and...
  • Avoid twice credentials prompt on RDP: AnyConnect drawback. Any workaround like registry modification?

Can't understand why such a simple scenario can't be met by a single supplicant. 

Any feedback?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Mike.Cifelli
VIP Advisor VIP Advisor
VIP Advisor

Additional info that may assist you with your requirements:

 

You can add a reg hack to disable EnforceSingleLogon which will allow NAM to handle multiple users if needed.  Basically I can login using NAM, lock screen, switch user, and you can login.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B12744B8-5BB7-463a-B85E-BB7627E73002}

Add a DWORD named EnforceSingleLogon, and give it a value of 1 or 0. 1 enables it, and 0 disables it.

 

This isn't specifically for your RDP issues but I think it is good to know that you have this option. HTH!

View solution in original post

3 REPLIES 3

pan
Cisco Employee
Cisco Employee

For Avoid twice credentials prompt on RDP please check below link. It's not drawback of AnyConnect.

 

https://blogs.msdn.microsoft.com/winsdk/2009/07/14/rdc-and-custom-credential-providers/

Mike.Cifelli
VIP Advisor VIP Advisor
VIP Advisor

Additional info that may assist you with your requirements:

 

You can add a reg hack to disable EnforceSingleLogon which will allow NAM to handle multiple users if needed.  Basically I can login using NAM, lock screen, switch user, and you can login.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B12744B8-5BB7-463a-B85E-BB7627E73002}

Add a DWORD named EnforceSingleLogon, and give it a value of 1 or 0. 1 enables it, and 0 disables it.

 

This isn't specifically for your RDP issues but I think it is good to know that you have this option. HTH!

Thanks Mike,

I'll give it a try and let you know.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: