Your network consists of a single Active Directory domain.
The network contains a Remote Desktop Session Host Server that runs Windows Server 2008 R2, and client computers that run Windows 7.
All computers are members of the domain.
You deploy an application by using the RemoteApp Manager.
The Remote Desktop Session Host Server’s security layer is set to Negotiate.
You need to ensure that domain users are not prompted for credentials when they access the application.
What should you do?
A. On the server, modify the Password Policy settings in the local Group Policy.
B. On the server, modify the Credential Delegation settings in the local Group Policy.
C. On all client computers, modify the Password Policy settings in the local Group Policy.
D. On all client computers, modify the Credential Delegation settings in the local Group Policy.
Correct Answer: D
Explanation/Reference:
Configuration
CredSSP policies, and by extension the SSO functionality they provide to Terminal Services, are configured via Group Policy. Use the Local Group Policy Editor to navigate to Local Computer PolicyComputer ConfigurationAdministrative TemplatesSystemCredentials Delegation, and enable one or more of the policy options.
Source: http://technet.microsoft.com/en-us/library/cc749211(WS.10).aspx
One needs to enable the policy on the client computers, because one want to allow the client computer to reuse the credentials.
Navigate to Computer Configuration | Administrative Templates | System | Credentials Delegation Enable the Allow Delegating Default Credentials Setting
Select Enabled and click Show.. to add all servers who are trusted for Credential Delegation.
Add all servers who are trusted for Credential Delegation.
Source: http://technet.microsoft.com/en-us/library/cc749211(WS.10).aspx
