000027221 - How does Remote Desktop handle Smart card and NLA?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000027221
Applies ToWindows Network Level Authentication (NLA)
Remote Desktop Protocol (RDP)
RSA Authentication Client (RAC)
RSA Smart Card Middleware
RSA SID800
RSA SecurID SID800 Hardware Authenticators
IssueHow does Remote Desktop handle Smart card and NLA?
Resolution

  

RDP User Experience for Various Configurations of Network Level Authentication (NLA)

NLA configured on Local system?[1]

NLA configured on remote system?[2]

MS Password CP filtered on remote system?[3]

System where user is prompted for credentials

Smart card removal policy on remote system is enforced?

No

No

N/A

Yes

No

Yes

N/A

Remote system (subject to remote system policy)[4]

Yes

Yes

No

N/A

Remote system (subject to local policy)[5]

Yes

Yes

Yes

No

Local system

No

Yes

Yes

Yes

 

Both local system and remote system

Yes

 

 



[1] OS must be Windows Server 2008, Vista (any edition), Windows 7 or XP SP3 with CredSSP support explicitly enabled

[2] OS must be Windows Server 2008, Vista (any edition) or Windows 7

[3] Third-party providers cannot be configured to accept the passed-through credentials.  Only the MS credential providers are supported for this purpose.

[4] Connection is only possible if Remote Desktop policy on the remote system is configured to allow non-NLA connections

[5] To handle the case where NLA is unavailable on the remote system, RDC policy can be set to 1. ) silently connect; 2.) allow the connection after warning the user; 3.) do not allow the connection

 

Legacy Article IDa51253

Attachments

    Outcomes