Support for Remote Guard function for RDP

markus_k · August 28, 2018, 8:42am

I’d love to be able to use the /remoteGuard switch for mstsc.exe with Royal TS.

It allows to so a remote sign in with Kerberos and does not expose the Credentials to the remote host.

So it is similar to /restrictedAdmin (which is already available in Royal TS), but with some differences.

The main advantage is that you are actually using your own credentials instead of the network service of the remote host, so you can access more network resources.

The main disadvantage is, that is does not support to supply credentials, it’s always used in the security context that it’s started in, so you could not use the credential objects in RoyalTS with it directly.

I’d still like, if it was available as an option, though

stefan_koell · August 28, 2018, 9:38am

Hi Markus,

we are using the Microsoft RDP ActiveX control which ships with Windows and as far as I know, there’s no API to run the ActiveX in /remoteGuard

If MS implements this API, we can easily implement that into Royal TS…

Regards,
Stefan

markus_k · September 1, 2018, 12:21pm

Thanks for the reply, then I hope that MS provides this at some point in the future

thomas_sindal · November 5, 2018, 5:58pm

I would love to see this feature as well. Do you know of any Feature Requests at Microsoft, that we could subscribe to or where to create such a feature request?

stefan_koell · November 6, 2018, 7:13am

Hi Thomas,

maybe this uservoice space is appropriate for such feature requests:

https://remotedesktop.uservoice.com/forums/266795-remote-desktop-services

Regards,
Stefan