Requirements for Running Terminal Sessions with Custom User Account

This section describes the requirements for running terminal sessions when using a custom user account.

Define the security policy to allow the user credentials

To be able to define which user account should be used to run the terminal session, the Controller must create a Remote Desktop Protocol (.rdp) file with the user credentials (including password). Sometimes the security policy is defined to prevent this, in which case you need to modify the security policy.

  1. Open the Local Group Policy Editor by typing "gpedit.msc" into a Run prompt or the Start menu.

  2. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation.

  3. Open the policy “Allow Saved Credentials with NTLM-only Server Authentication” or "Allow Delegating Saved Credentials with NTLM-only Server Authentication" (for Windows 7), and select Enabled.

  4. Click Show, and enter the name of the server to which you want to connect using the stored credentials. You can use wildcard characters,for example TERMSRV/*.int.

  5. Run the command GPUpdate.exe to have the change take effect.

Back to top

If remote desktop connection fails, ensure the password in the RDP file is not ignored

The Controller creates an RDP file in which it stores the password required for creating a terminal session. If the password is ignored when attempting to connect to the remote server, you need to perform the following:

  1. Access the Controller with the Performance Center user (IUSR_METRO by default).

  2. Connect to each Performance Center host which is used as a load generator via the Controller machine using the RDP files created in %windir%\temp\. The RDP file has the format:

    <PC_User>_<LG_Machine>_<Custom_User>.RDP

  3. Make sure all “Don’t ask again for connections to this computer" and “Remember my credentials” check boxes are selected.

  4. Try to connect to the remote server again, and make sure there are no pop-up windows while connecting.

Back to top

Set permissions for a load generator accessed by a custom user

A custom user can be a member of the “Users” and “Remote Desktop Users” groups. You can set this from the Local Group Policies console.

  1. Open the Local Group Policy Editor by typing "gpedit.msc" into a Run prompt or the Start menu.

  2. Navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

  3. Open the policy “Allow log on through remote desktop services", and add the user account in question (or one of the groups to which it belongs)

  4. Open the policy "Deny log on through remote desktop services", and make sure this user account (or one of the groups to which it belong) is not mentioned.

  5. Run the command GPUpdate.exe to have the change take effect.

Back to top

See also: