Skip to content
This repository has been archived by the owner on Nov 17, 2020. It is now read-only.

Interactive logon question #8

Open
chr00ted opened this issue Apr 2, 2020 · 3 comments
Open

Interactive logon question #8

chr00ted opened this issue Apr 2, 2020 · 3 comments
Labels
bug help wanted

Comments

@chr00ted
Copy link

chr00ted commented Apr 2, 2020
edited
Loading

This isnt so much a "bug", I have a 2016 RDP host that will be used as a terminal server, but rather than logon with username password, users will be using their respective smart card. This works as expected prior to hardening, after hardening I get a prompt: the system administrator has restricted the types of logon (network or interactive) that you may use. I revert back to the snapshot taken prior to hardening and all is well.
I see you have have variables such as win_security_SeRemoteInteractiveLogonRight. I am listed in the local admins group prior to the change. Not sure after.
I tried with:
--extra-vars "win_security_SeNetworkLogonRight=S-1-1-0" and still had issues
@chr00ted
Copy link
Author

chr00ted commented Apr 2, 2020

My question is how do I go about allowing RDP sessions again?

@rndmh3ro
Copy link
Member

rndmh3ro commented Apr 2, 2020

Good question @chr00ted, I'll have to check, it's been some time since I last used Windows.

@crsuarez
Copy link

from your fork try removing this:

---
- name: Windows Remote Desktop Configured to Always Prompt for Password | windows-rdp-100
  win_regedit:
    path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
    name: "fPromptForPassword"
    state: absent

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crsuarez @rndmh3ro @chr00ted