I have read tons of messages about saved RDP password problems with
shared machines, but I haven't seen this problem, though it's probably
related...

Client: Windows XP RDP
Client Domain: DomainA
TermServ: Windows 2000 Advanced Server
TermServ Domain: DomainB (no trusts between DomainA and DomainB)

Phase 1:
User saves his TermServ credentials in an rdp file.
For several weeks, user successfully uses this rdp file to autologon
to the TS.

Phase 2:
User changes his DomainA password
After the user logs off and logs on again, the RDP credentials no
longer work
If the user resaves the RDP file with the EXACT same DomainB password
as in Phase 1, autologon works again until the next DomainA password
change.


My theory:
It would appear the the user's cached DomainA credentials are used as
the encryption salt for the saved RDP password and, after changing the
password and logging off and on, the original salt is no longer
available for decrypting the saved password. Seems plausible, but I
have no idea if I'm right.

My question:
Is there any workaround for this other than installing the OCX and
scripting the OCX?

Thanks.

Steve Garwood
(E-Mail Removed)

The windows cryptography APIs we use do make use of a key derived in
part from the user's domain password. There is no true work around.

On 12 Feb 2004 12:30:22 -0800, (E-Mail Removed) (Steve
Garwood) wrote:

>I have read tons of messages about saved RDP password problems with
>shared machines, but I haven't seen this problem, though it's probably
>related...
>
>Client: Windows XP RDP
>Client Domain: DomainA
>TermServ: Windows 2000 Advanced Server
>TermServ Domain: DomainB (no trusts between DomainA and DomainB)
>
>Phase 1:
>User saves his TermServ credentials in an rdp file.
>For several weeks, user successfully uses this rdp file to autologon
>to the TS.
>
>Phase 2:
>User changes his DomainA password
>After the user logs off and logs on again, the RDP credentials no
>longer work
>If the user resaves the RDP file with the EXACT same DomainB password
>as in Phase 1, autologon works again until the next DomainA password
>change.
>
>
>My theory:
>It would appear the the user's cached DomainA credentials are used as
>the encryption salt for the saved RDP password and, after changing the
>password and logging off and on, the original salt is no longer
>available for decrypting the saved password. Seems plausible, but I
>have no idea if I'm right.
>
>My question:
>Is there any workaround for this other than installing the OCX and
>scripting the OCX?
>
>Thanks.
>
>Steve Garwood
>(E-Mail Removed)

This posting is provided "AS IS" with no warranties, and confers no rights