After you create an unauthenticated access user, you can enable hybrid logon for the user. Enabling hybrid logon provides unauthenticated access users domain access to network resources such as fileshare or network printers without the need to enter credentials. Hybrid logon is supported on Windows Server 2019 and earlier with Terminal Services (RDSH) installed.
Note: The hybrid logon feature uses the same domain user for all logged on users for a given unauthenticated access user configured for hybrid logon.
Note: If you use the user profile tab to set the home directory as a network path from the RDS host machine, by default the administrative user interface on Windows removes all existing permissions on the home directory folder and adds permissions for the administrator and local user with full control. Use the administrator account to remove the local user from the permissions list and then add the domain user with the permissions that you need to set for the user.
Prerequisites
- Verify that you selected the Hybrid Logon custom option when you installed Horizon Agent on the RDS host. For more information on Horizon Agent custom setup options for an RDS host, see the Setting Up Published Desktops and Applications in Horizon Console document.
- Verify that you created an unauthenticated access user. See, Create Users for Unauthenticated Access.
- Verify that Kerberos DES encryption is not enabled for the user account in the domain. Kerberos DES encryption is not supported for the hybrid logon feature.
Procedure
What to do next
Entitle the user to published applications. See, Entitle Unauthenticated Access Users to Published Applications.