Skip to content

Configuring the computer service account for use in an AD silo environment

Attention

The configuration for connecting to RDP servers siloed at the AD level generally requires that administrator accounts have been placed in the Protected Users group and that Kerberos shielding has been implemented.
If this is the case, additional configurations are required:

Configuring the Edge Gateway to enable Kerberos authentication
Configurations for Kerberos shielding support

With AD siloing and Kerberos shielding, it is necessary to create a service computer account per silo.

To do this:

  1. Go to the Active Directory Administration Center, then Authentication > Authentication Policy Silos.
  2. Next, select the silo and add the corresponding account.
  3. To verify the addition, for each account:
    1. Select the account from the list.
    2. Check in the Authentication Policy Silos section that the assignment is checked and that the drop-down list selection corresponds to the correct silo.
  4. Then authorize each service account to request Kerberos tickets for user accounts.