Remote Desktop Services – Windows XP Single Sign On

I recently experienced an issue with getting RemoteApp single sign on working from Windows XP workstations. When launching a published RemoteApp through either an .RDP or MSI file, users were prompted for authentication even though they had already authenticated on login. In order to stop this from occurring, the following actions were performed.

1. Ensure that the Windows XP workstation is running service pack 3 and ensure that the Remote Desktop Connection 7.0 Client is also installed. The Remote Desktop Connection 7.0 client can be obtained from here.

2. Install the Credential Security Support Provider (CredSSP) package. This enables credentials to be passed to target servers. The CredSSP package can be obtained from here.

3. Ensure that at least .NET Framework 3.5 SP1 is also installed on the workstation.

4. Configure a computer level Group Policy on a domain controller to enable delegating default credentials. A detailed explanation of how to configure the group policy object is detailed here.

5. The final step is to apply hotfix KB953760 which address a particular single sign on issue with Windows XP SP3 based workstations. The hotfix can be directly downloaded from here. When the hotfix has been applied reboot the workstation.

That’s it, you should hopefully now no longer be prompted for authentication when opening published RemoteApp’s on Windows XP SP3 workstations.