I recently had a challenging experience with Windows XP clients using single-sign-on (SSO) for terminal server (TS) 2008 RemoteApp.

After Windows XP service pack 3 is applied, you are able to “turn on” the feature by following an article such as this…Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3. Note that while the article says you can’t control the client’s settings for SSO servers, you can…if you upgrade your group policy objects on your sysvol share and use Vista or Windows 2008 to manage group policy! You must follow the article to enable SSO, but you can control which server connections make use of it via a GPO.

This magic is already present in Vista and 7 when used as TS clients for RemoteApp.

My experience was different, as I applied the proper registry tweaks…but my RemoteApp window was still prompting users for login to the TS environment instead of merely passing the username/password on!

After banging my head on my desk for awhile, I finally “googled” the right combination of words to find a nifty hotfix for credssp and the exact issue I was experiencing!

Behold (it is properly named!) – When you enable SSO for a terminal server from a Windows XP SP3-based client computer, you are still prompted for user credentials when you log on to the terminal server.

I created a batch file to apply both hotfixes silently at start up…seems to do the trick…the magic now works as stated!