Open R-Adrian opened 6 years ago
Thanks for the detailed description of the two different RDP use cases, it's something we'll consider in the tooling moving forward. Current behavior over RDP is more of a consequence of how smart cards can be forwarded on Windows, not a feature the tool was designed to support.
ok, i finally managed to make the certificates usable in windows on both my computers (issue #24), but...
when i am connected via remote desktop to my laptop, PIV manager cannot detect the locally-connected Yubikey 4 and will instead use remote USB via RDP, it detects and manages the key connected via USB at the remote (RDP Client) USB controlling computer instead of the locally-connected key (on the RDP Server)
Remote USB is sometimes useful, but not always - please allow us to select WHICH USB devices to manage or at least do not ignore devices connected to the RDP server's local ports if PIV manager is running with administrative rights. It might or might not be advisable to allow access to locally-connected tokens on the RDP server for non-elevated users, but for adminstrative use this is necessary when setting up the security key(s) that are connected directly on the RDP server device... i'd have to use 3rd party tools like TeamViewer or RealVNC to avoid such remote USB functions but then it's less secure.
set-up:
When YK4-B is not plugged in then PIV Manager that's running on the RDP server cannot detect that YK4-A is connected locally on the laptop and will complain that no key is connected.
When i connect YK4-B to the remote computer, then PIV manager that is running on the RDP server will detect the key as if it was connected locally directly to the RDP server's USB ports and manages the key normally, ignoring the fact that YK4-A is also present and directly connected to an USB port on the RDP server.
When i configure the remote desktop client to not forward USB via RDP (every checkbox under "local devices and resources" is left as NOT checked in the client's configuration) then PIV Manager even if it's running elevated with administrative rights on the computer acting as RDP server tells me it cannot detect ANY Yubikey 4, even if both the RDP Server and the remote desktop have one yk4 connected. At this point i wouldn't expect it to use the remote key, but at least the local (on the RDP server) key should be usable, right?