SPS TIP: Windows settings that interfere with username extraction in SPS

This is an excerpt from the SPS documentation, located here:

https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-sessions/5.11.0/administration-guide/53



When processing RDP connections, SPS attempts to extract the username from the connection. For example, you need the username to:

  • Use gateway authentication for the connection. 

  • Use usermapping policies. In this case, SPS compares the username on the server with the username on the gateway.

  • Search or filter connections by the username on the SPS search interface, or create automatic statistics based on the username.
  • Find the connection of the user on the Four Eyes and Active Connections pages.

  • Usernames are also essential if you want to use One Identity Safeguard for Privileged Analytics


The following settings on the Windows client or server can prevent SPS from correctly extracting the username from the RDP connection. As a result, the username is not visible on the Search, Four Eyes and Active Connections pages.

  • The DontDisplayLastUserName option is enabled on the server. The DontDisplayLastUserName security setting of Windows servers specifies whether the username from the last successful login is displayed on the login screen as a default for the next login. To disable the DontDisplayLastUserName security setting, do one of the following.

  • There is no server-side authentication. To avoid this problem, ensure that your server requires authentication from the users.

  • If the server is Windows 2003 Server or Windows XP and the Allow to save credentials or Remember my credentials options are enabled in the Remote Desktop client application. In this case, disable these options on the client, and delete any credentials that have already been saved on the client.