Login VSI - RDPConnect - Automatically add and remove Windows Credentials during connections

Note: this article is provided as-is for convenience. The contents herein are unsupported.

Summary & purpose:

The attached ConnectorWrapperScript.ps1 can be used to prevent the initial prompt for target username and password when going through an RD gateway.

Example:

Bypassing the prompt is beneficial, as the connections from Login VSI launcher -> target can now get through automatically, without either human intervention or having to store Windows credentials in Credential Manager.

This script is essentially a pass-through script, which utilizes Login VSI's RDPconnect.exe connector and Microsoft's CredMan.ps1 script (which programmatically stores and deletes credentials)

This script will

1. Setup local Windows Credentials via the CredMan.ps1 command-line tool
   (source/credit: https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde )
2. Connect to target environment with the Login VSI connector, RDPconnect.exe
3. Wait for RDPconnect to finish
4. Delete the Windows Credentials for clean-up

Steps to setup

1. Form the RDPconnect.exe connection command line which will successfully connect to the target environment from the Login VSI or PI launchers
2. Manually discover and note which target user credentials need to be added to the Windows Credentials store on a Login VSI or PI launcher host, in order to prevent the RDP input credentials dialog, when attempting to connect to the targets
3. Download the attached ConnectorWrapperScript.ps1 off of this article. Download Microsoft's CredMan.ps1
4. The ConnectorWrapperScript.ps1 will need to be edited in the following parts to reflect the adding and removing of credentials appropriately, and according to the documented CredMan.ps1 usage and syntax:
   1. "Adding creds to local Windows Credentials store using CredMan.ps1"
   2. "Removing the cached Windows Credentials"
5. Place ConnectorWrapperScript.ps1 and CredMan.ps1 on the launcher(s). They need to be in the same directory. If using Login PI 2 then in %programfiles%\Login VSI\Login PI Launcher\Connectors
   Ensure the Set-Location path in the script is correct
6. Manually form the command line that successfully invokes the ConnectorWrapperScript.ps1. The setup of the attached ConnectorWrapperScript.ps1 will work with the following command-line format and parameter order (note the curly-brackets are just placeholders for the actual parameters needed):

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file "C:\Program Files\Login VSI\login pi launcher\Connectors\ConnectorWrapperScript.ps1" {Windows Credentials store hostname} {Windows Credentials store username} {Windows Credentials store password} "{path to RDPConnect.exe}"  /server {target server address} /user {target username} /password {target password} /rdgateway {RD gateway address} /rdgatewayuserlogin {RD gateway username} /rdgatewayuserpassword {RD gateway user password} /nowarning /rdusecredentials {true or false} /rdbypasslocal {true or false} /rdlogon {Select, ask, smartcard, or provide} /rdgatewaymode {None, auto, or manual} /loadbalanceinfo tsv://{address}

   1. Verify this command line invoking ConnectorWrapperScript.ps1 works manually when ran on a Login VSI or PI launcher.
   2. Note: the script might need to be edited to be compatible with the RDPConnect connection command line which works
7. Setup this connection command-line in Login VSI or PI. Verify script functionality via invoking a test in either Login VSI or Login PI.