Storing Identifiers in maestro*CLOUD

Objective

This document describes how to improve the user experience of maestro*CLOUD by minimizing system identification requests.

After connecting to the Cloud environment, entering your credentials a second time may be necessary when starting the maestro* application. This behaviour is not desirable: you should be able to connect to maestro* without re-identifying yourself.

This document is specifically for maestro*CLOUD users who are organized in a domain, such as those who use a computer provided by their company or directly on-site: these are the users who encounter the problem of double identification. Users who connect to the Cloud environment from their personal computer without going through a domain do not have this issue.

 

Summary

• First Connection to maestro*CLOUD
  • Automatic Opening of RDP Sessions
  • Basic Identifiers Memorization
• Subsequent Connections to maestro*CLOUD
• Force password memorization for RDP connections

 

Steps

First Connection to maestro*CLOUD

The first time a user logs on to maestro*CLOUD, they can perform the following two short operations: they will save time and clicks.

1. Open the address https://maestro.maestrocloud.com/ in a web browser.
2. Enter your username (email address) and password and click on Connection.
3. In the menu on the left, click Maestro. An RDP session wil be downloaded.
4. Follow the steps described in the next section.

Automatic Opening of RDP Sessions

This operation Applies only to Chrome browser. automatically launches RDP sessions as soon as they are downloaded. Thus, there is no need to open the download folder and launch the sessions manually.

5. Right-click on the freshly downloaded file that appears in the top right corner of your web browser.
6. Select the Always open file of this type option.

7. Follow the steps in the next section.

Basic Identifiers Memorization

When starting a maestro* RDP session, the system again prompts the user to enter their login details.

8. Check the Remember me box, as shown below. The system will remember your login details and should not request them again.

9. Click on OK.

Maestro* starts, you are taken to the companies menu.

 

Subsequent Connections to maestro*CLOUD

If everything is working properly and you have completed the previous steps, here is how your subsequent connections to maestro*CLOUD should work:

1. Open the address https://maestro.maestrocloud.com/ in a web browser.
2. Enter your username (email address) and password and click Connection.
3. In the menu on the left, click Maestro*.

At this point, the maestro* application should launch itself, without asking for anything more.

 

Force Password Memorization for RDP Connections

If the system continually asks you to enter your login information each time you want to access maestro*, you can "force" it not to do so:

1. Use the Win+R shortcut keys and run the "gpedit.msc" command to open the Local Group Policy Editor.
2. Expand the structure tree and locate: Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation.
3. Double-click on the line Allow delegating saved credentials with NTLM-only server authentication.
4. In the window that opens, click Enabled to activate the setting.

5. You must add servers to the list in the Options section of the same window: click on the View... button.
6. List the servers or computers to which saving credentials is authorized. Use the following formats:
   1. TERMSRV/remote_pc : allow you to save RDP credentials for access to a specific computer (IP address, hostname or wildcards can be used);
   2. TERMSRV/*. domainname.com: allow credentials to be used to access hosts in the specified domain;
   3. TERMSRV/* : enable the use of RDP credentials for all computers without exception.

7. Close all windows for this configuration.
8. Still in the Credentials Delegation folder, locate and open the Allow delegating saved credentials configuration.

9. DIn the window that opens, click on Enabled to activate the setting.
10. In the Options section of the same window, click the Show... button to add the same server configuration as in point 6. Then, close the windows for this configuration.
11. Still in the Credentials Delegation folder, ensure that the following group strategies are disabled or not configured:
    1. Deny delegating default credentials
    2. Deny delegating fresh credentials
    3. Deny delegating saved credentials

12. Close the Local Group Policy Editor.
13. In the Windows command propt (Win+R > "cmd"), navigate to the system32 directory and run the "gpupdate /force" command.

You can now launch the maestro* application after logging in to the Cloud environment without re-entering your password.

 

See Also

• Proper Logout Method for Users in maestro*CLOUD
• Multi-Factor Authentication in maestro*CLOUD

 

Last Modificiation March 27, 2024