Configuring Remote Desktop Passthrough Authentication

  1. Create a new GPO named RDP-Passthrough
  2. Edit the policy and navigate to “Computer Configuration->Policies->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Security
  3. Set the “Require Use of specific security layer for remote connections” to enabled and choose “Negotiate” as the security layer
  4. In that same policy navigate to¬†“Computer Configuration->Policies->Administrative Templates->System->Credentials Delegation
  5. Enable the setting “Allow delegating default credentials” and add your servers to the list. Examples below
    1. TERMSRV/192.168.1.100
    2. TERMSRV/*.domain.com
    3. TERMSRV/*
  6. Next select “Allow delegating default credentials with NTLM-only server authentication and list the same items you listed in Step 5
    1. TERMSRV/192.168.1.100
    2. TERMSRV/*.domain.com
    3. TERMSRV/*
  7. Save the policy and link it to any OU that has the servers in which you want Passthrough authentication configured.
Advertisements