search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.27k stars 571 forks source link

Server-wide RDP credential saving and SSDI auto RDP auth #5285

Open crsleeth opened 1 year ago

crsleeth commented 1 year ago

Is your feature request related to a problem? Please describe. There is no way to save RDP credentials server-wide. Users have to re-enter their credentials at least once per RDP device. There should be an option for users to save their RDP credentials to be used server-wide on all RDP devices. This gets very tedious when you consider organization password change policies.

Additionally, there should be an option on SSDI enabled servers to use the credentials a user logins in with when connecting to RDP devices.

Describe the solution you'd like

  1. Ability to save RDP credentials so they are applied to all of a user's devices server-wide
  2. Ability on SSDI enabled servers to assume the credentials used to login will be used on all RDP devices server-wide

Describe alternatives you've considered When admins add devices on Apache Guacamole they can set the username and password to be ${GUAC_USERNAME} and ${GUAC_PASSWORD} which has Guac attempt to connect to RDP devices with the LDAP credentials used to log in to Guac. This makes it very user friendly and just one or two clicks to connect to desktops after login.

Additional context N/A

scpcom commented 1 year ago

Thanks for the great work you put in MeshCentral. We are testing MeshCentral to see if it fits our needs.

Server-wide credential was removed here: https://github.com/Ylianst/MeshCentral/commit/753b6c240a4050449267e6b10ca7d0692eb6e257

We would like to have this feature too, maybe this could be realized by adding a button "Share Credentials" and you can select a group to share with.

si458 commented 5 months ago

ok just had another quick look at this request

if user1 saves generic creds, then user2 saves his own creds, when user3 says lets see creds, which credentials would you use?

we would have to display a list of saved credentials, and by which user, then u select which creds to use and use them

so in theory what your asking for is to have another option like allowSharingOfSavedCredentials: true

that way when we see allowSharingOfSavedCredentials == true we can then display all credentials and u pick

rather than just displaying your own credentials

scpcom commented 5 months ago

An option to allow users to to choose between multiple shared credentials may be a solution. I was thinking on a more silent (maybe less complex) way: Only users who never entered their own credentials should automatically get shared credentials as default selection. There maybe only one shared credential per node.

MrCr0a commented 4 months ago

Hello, I would really like this kind of feature too. As an admin, I would like to set credentials for a server, and then share this server to non-admin people without them having to type in or knowing the credentials. Not sure if this is possible, but thanks for your work anyway.

crsleeth commented 4 months ago

I would prefer the option to allow domain users to sign in to the website and then have that authentication carried to all computers they connect to.