Jump to content

Browser based RDP connections fail for member of the "Protected Users" group


Recommended Posts

Hey there,


as of security best practices, we are limiting Admins to Kerberos only, thus restricting NTLM logins by adding them to the "Protected Users" group.

The issue is that these accounts can no longer make use of the browser based gateway connections.

This is the event on the DC.




Do you know if it is possible to use Kerberos with your ActiveX RDP option?




Link to comment
Share on other sites

  • 3 weeks later...

Hi Sebastian,


I am sorry we didn't get back to you about this.  We can confirm this behavior is the same in our test environments, so we have now logged a call with the vendor of the Gateway to see if there is a fix for this.( A third party develops the gateway and we integrate it with our software)


We'll report back here as soon as we have more information.




Link to comment
Share on other sites



We have had feedback from the vendor, and unfortunately it is not possible to authenticate "protected users" within browsers.


There are also some restrictions in using the standard Microsoft RDP tool as well i.e. For "protected users", the local machine must be a domain member and Windows 10, 2012 R2 or later. You can not log in from Windows 7, or macOS.


Click Studios

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...