Does a computer need a password for Remote Desktop?

Remote-Desktop via Microsoft-Account with no password

Hey guys,

I'm just trying to use the "passwordless account"-feature of my Microsoft account, but when I tried to use RDP it seems not to work yet. I'm logged in with my Microsoft-account on both devices [Windows 11 Pro] but RDP is asking for a password instead of triggering to acknowledge the logon via my mobile device.

Any ideas?

Regards
thno

Comment

Comment · Show 1

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelTierney-6568 · Jan 18 at 11:35 PM

Miranda,

I feel your pain and am had the same experience once converting both my MS accounts to passwordless with the use of an authenticator phone app. After sifting through all the "how do I login to my machine without having to enter a password" posts to get to this actual issue, before arriving at this post thread. I'm upset but not really surprised there's no true way to login or access a system via RDP with a passwordless account scenario. My only recourse and suggestion - and forgive me if this is too obvious - was/is to create a local administrator account on the system you need remote access to and logon that way. It worked for me and isn't ideal since the local admin account is using a different user profile, but I can access the box remotely.

0 Votes 0 ·

JohanEriksson-1389 answered • Oct 18, '21 | JohanEriksson-1389 edited • Oct 18, '21

You need to configure the remote computer locally first. Not via the VPN/RDP you are tryng to configure.

1. Check that you have configured the accounts: "Limit local account use of blank passwords to console logon only policy", and set its value to Disabled. [this will let you use the RDP without password. In the GPEdit.msc.

   
   

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MirandaVeracruz answered • Oct 19, '21

@JohanEriksson-1389 - not sure if we're talking about the same thing :-]

Are you aware of the new Microsoft-Account feature "passwordless account"? Here you do not have a password. Logon-requests need to be allowed via Authenticator-App. In case of RDP I'd expect that RDP-Client triggers a push-notification in my Authenticator-App. I'm not sure if enabling the policy to allow blank passwords is useful regarding security...

Cheers

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 answered • Oct 20, '21

Hi there,

In a corporate environment, Passwordless [key-based] doesn't work with RDP, you need to use certificate-based authentication to make it Passwordless. This involves configuring Azure App Proxy and the Network Device Enrollment Service [NDES] windows role and you'd want a DMZ configured for this.

//docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs

--If the reply is helpful, please Upvote and Accept it as an answer--

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BenJordan-3831 answered • Nov 2, '21

So is there a solution that does not involve AD? Updated my personal machine to experiment with and am having the same issue. I find it mildly infuriating that MS is pushing passwordless but not actually updating the rest of the platform to accommodate it.

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MirandaVeracruz answered • Nov 2, '21

yes...mildly infuriating :-]
I absolutely agree! There are tons of new fancy features, but they forget the basics!

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MikeSchallmo-4805 answered • Nov 4, '21 | PaulinaAcosta-2999 commented • Jan 13, '22

I'm in the same boat here. Upgraded my personal desktop to Windows 11 and converted my account to passwordless. Now I can't RDP to my desktop any longer as it continues to ask for a non-existent password.

Very frustrating!

Comment

Comment · Show 1

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PaulinaAcosta-2999 · Jan 13 at 04:01 AM

Im having the same issue, did you find any solutions?

0 Votes 0 ·

StackWang answered • Nov 9, '21

Same trouble for me, and after converted Microsoft account to passwordless, I can't access shared folder neither. It seems that, all functions need login dialog can't work properly

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanielMartin-2546 answered • Nov 11, '21 | PaulinaAcosta-2999 commented • Jan 13, '22

I found a workaround for anyone interested.

From the MS Account Security Dashboard, turn Off passwordless account, and set up a new password.
On the device you are trying to log into [if you set it up without a password during install at least] reboot and click "Forgot PIN"

From the recovery screen, choose to log in with a password, do so.
When it prompts you to change your PIN just click cancel. It will log you in to the device, and now associate the password with the device.

You should now be able to RDP in with the newly set password.

Looks like they know it's an issue too. Typical.

It doesn't accomplish using passwordless auth, but it does associate a password to a device that was initially set up passwordless, and makes RDP usable again.

image.png [25.0 KiB]

Comment

Comment · Show 1

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PaulinaAcosta-2999 · Jan 13 at 04:11 AM

This is exactly what I needed! Apparently, after activating passwordless Microsoft account its messed up with remote desktop even after turning it off. But this solved it for now. Thanks.

0 Votes 0 ·

Hasan-0715 answered • Nov 13, '21

@DanielMartin-2546 you are a life saver. Was very frustrated that RDP stopped working all of a sudden. Not right after I went password-less, but recently. The workaround you suggested worked like a charm.
It's very annoying that MS is pushing passwordless in one hand and not making it compatible with its platform on the other.

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

toxaris answered • Nov 19, '21 | PaoloBarone-2477 commented • Nov 24, '21

Anyone tested some other remote tool like VNC, Teamviewer etc?

Comment

Comment · Show 1

Comment

5 |1600 characters needed characters left characters exceeded

▼

• Visible to all users
• Visible to the original poster & Microsoft
• Viewable by moderators
• Viewable by moderators and the original poster
• Advanced visibility

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PaoloBarone-2477 · Nov 24, 2021 at 04:15 PM

I use Google Remote Desktop and that works. The others you mentioned should as well as they don't rely on Windows authentication

0 Votes 0 ·

Unattended Access

Table of Contents

The home office idea is rapidly expanding and users cannot always rely on a user on the physical remote device to accept their connection request.

Furthermore, on login screens such as those on Windows and macOS, only background services are available so that GUI-based windows such as AnyDesk's Accept Window cannot be displayed.

With this in mind, AnyDesk provides the ability to connect to a remote device using a password which bypasses the need for a user to accept the connection request.

Note: While not required, it is highly recommended that AnyDesk is installed on the device where Unattended Access has been configured. This ensures connectivity with the device even after a system restart or the account has been logged out of.

Back to top

Setup

By default, Unattended Access is disabled on the AnyDesk client and will not allow unattended connections to the device. In this case, connection requests need to be manually accepted or rejected using the Accept Window of the client being connected to.

Unattended Access settings can be found in Settings > Security > Unattended Access for non-Windows versions of AnyDesk or versions of AnyDesk for Windows before AnyDesk 7.

For AnyDesk 7 for Windows and newer, Unattended Access can be enabled in Settings > Security > Permissions > Permission Profile on a per profile basis.

Back to top

Permissions [Pre-AnyDesk 7]

Override standard permissions: When disabled, the permissions from "Settings" > "Security" > "Standard Permissions of Remote Users" are used instead.

Allow the connecting user to:

• Hear my computer's sound output
• Control my computer's keyboard and mouse
• Access my computer's clipboard
• Access my computer's clipboard to transfer files
• Lock my computer's keyboard and mouse
• Restart my computer
• Use the File Manager
• Lock account on session end
• Request system information
• Print out my documents on their printer [See Remote Print]
• Draw on computer's screen [See Whiteboard]
• Create TCP tunnels [See TCP-Tunneling]
• Enable privacy mode [See Screen Privacy]
• Show a colored mouse pointer when the connecting user does not have permission to control my device

Back to top

Permissions [AnyDesk 7+]

Please see Permission Profiles.

Back to top

Two-Factor Authentication

See Two-Factor Authentication.

Back to top

Enabling Unattended Access

By enabling "Enable Unattended Access", a prompt will appear where the user can set the password used for Unattended Access. An existing password can be changed by clicking "Set password for unattended access".

Password Constraints:

• At least 8 characters.
• At least sufficiently safe [no consistently repeating characters or basic identifiable passwords [e.g. "password"]].
• Recommended: A mix of letters, numbers, and symbols.

Caution:

The password should be very secure. Anyone who knows the password and your AnyDesk ID can potentially have full access to your computer depending on the available permissions. A password that exceeds at least 12 characters is highly recommended.

AnyDesk also supports Two-Factor Authentication for the best security.

Always double-check when a third-party contacts you and demands your AnyDesk Address. We [AnyDesk Software] will never ask for your password and legitimate companies will never contact you without you having initiated the communication first. In case you are seeking the help of a PC repair service, please make sure you know the vendor.

Back to top

Automatic Login

Enabling "Allow other computers to save login information for this computer" will allow users connecting to the client via Unattended Access to select "Login automatically from now on".

When this option is selected and the Unattended Access password is correct, the connecting client will receive a token from the remote AnyDesk client. With this token, future connections from the connecting client to the remote client will allow the connecting client to have his requests accepted automatically without the need of typing the Unattended Access password for subsequent sessions.

Resetting the Token

The token can be reset by the remote device by selecting "Clear all tokens", or changing the unattended access password.

Resetting the token will force all Unattended Access users to manually type in the Unattended Access password again.

You can disable the feature to allow login information [the password] by unticking "Allow other computers to save login information for this computer". Please note that already existing tokens will remain functional, but no new tokens will be generated.

Back to top

Security Considerations

• This feature does not save the password itself. Instead, the remote machine generates a specific token. This token can only be used by the authorized client. A client can only get authorization if the correct password was entered.

• Even if someone has full access to your client that has this feature enabled, there is no way to gain access to your password in cleartext.
• Changing the password to the same password will also invalidate all tokens. This is useful if you have entered the password on the client in the past, but the owner of the client does not know the password.

Back to top

Exclusive Unattended Access

To force the AnyDesk client to only be accessible using the Unattended Access password, "Never show incoming session requests" can be enabled in Settings > Security > Interactive Access.

Back to top

Access another computer with Chrome Remote Desktop

You can use a computer or mobile device to access files and applications on another computer over the Internet with Chrome Remote Desktop.

Chrome Remote Desktop is available on the web on your computer. You will need to download the Chrome Remote Desktop app to use your mobile device for remote access.

How To

• Security Center
• How To
• Remote computer access: What is it and what are the risks?