On the Pulse Connect Secure (PCS) versions 8.1R6 and 8.2R1 and below, we didn't rely on <USER> attribute to pull the Domain value. The default domain for the remote desktop is automatically pre-poulated in the Pulse Secure Windows Terminal Services (WTS) client after remote desktop window is opened.
In PCS versions 8.1R7+ and 8.2R1+, Pulse Secure WTS client utilizes the native Microsoft Remote Desktop Protocol (RDP) client. Microsoft RDP includes features and capabilities such as Network Level Authentication (NLA) which we can now be supported in conjunction with the PCS WTS client. The Microsoft RDP client will always prompt for the DOMAIN\USERNAME and PASSWORD before opening the remote desktop window. However, the default DOMAIN for the remote desktop is "not" automatically pre-populated using NLA with Microsoft RDP client integration.
In 8.1R7 or 8.2R1, end users would see the following prompt which includes the username field pre-populated:
In order to pre-populate the DOMAIN in the remote desktop, the following values can be configured in the Administrator Web UI under Users > User Roles > [ROLE_NAME] > Terminal Services > Sessions > [SESSION_NAME]
- Configure the Username value with the varibable <USER> attribute. This attribute equates to the DOMAIN and the USERNAME if Active Directory / Windows NT Authentication Server (Authentication > Auth. Servers) is use as the User Directory/Attribute Server in the Realm (Users > User Realms > [REALM_NAME] > General).
- Configure the Username value with the static DOMAIN name and the varibable <USERNAME> attribute (Ex: ACMEGIZMO\<USERNAME>). The <USERNAME> variable equates to the USERNAME entered by the end user when logging in to the PCS.
- Configure the Username value with any other variable attribute which equates to end user's domain name in addition to the varibable <USERNAME> attribute (Ex: ACMEGIZMO\<USERNAME>).
After upgrading to 8.1R8 and 8.2R1.1, end users will notice the username field is no longer pre-populated with the DOMAIN\USERNAME for terminal service sessions even when the above options are implemented.