Single Sign On with Mandatory Profiles

Discussion in 'Parallels Client for Windows' started by Enigmaeon, Jan 8, 2014.

  1. Enigmaeon


    I admin a school environment that is setup on 2X, and the students, in order to lock things down, have very restricted access through group policy, and mandatory profiles so that changes they make when logged in don't remain. When creating the profile, I install 2X with the SSO component, I log off, then log back in to activate the SSO. I save the profile and set it to mandatory, then when logging back in to test with another user one of three things would happen:

    1) Saves the user ID used to create the profile, but does not login

    2) Pulls up the correct ID, but will not login with SSO

    3) Saves the user ID and password used to create the profile, and logs in as that user.

    I decided to dig into the registry and see what I could find, SSO was checked as active, the UserName was saved from the initial user, SavePassword was active, and the Password and Password_Proxy were both filled, I'm assuming with the password from the initial user, but it's in binary data, ie 37 4f ae B7 98 79 6f a0, so I can't be sure where the password is coming from.

    I change the UserName entry to be the Windows wildcard of %username% which helps me always get result 2 above.

    If I completely delete both the Password and Password_Proxy registry entries, when I open 2X and make the connection it simply prompts for password. If I delete the data while leaving the keys in place, I get an error message saying that the 2X server could not be found, then when I click OK I get the login screen, and I enter the password and connect without issue.

    Is there any way to edit those Password registry entries so that they pull the information needed per user?=, and not keep the initial configuration?
  2. woqz


    I believe the password is encrypted and is generated when the user attempts to login.

    To my knowledge, it cannot be pre-populated manually.
  3. jpc

    jpc Kilo Poster

    With SSO on, the client should use the currently logged in user to authenticate. This seems like an issue with the SSO component itself. I would suggest to register this as a support ticket.

Share This Page