Remote Desktop Connection Manager v2.90
- Article
- 01/27/2022
- 18 minutes to read
- 3 contributors
Is this page helpful?
Yes No
Any additional feedback?
Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.
Submit
Thank you.
In this article
By Julian Burger
Published: January 27, 2022
Run now from Sysinternals Live.
How to Allow Saved Credentials for RDP Connection?
As a result, the next time you connect to an RDP server using the same username, the password will be automatically taken from the Credential Manager and used for RDP authentication.
As you can see, if there is a saved password for this computer, the following message appears in the RDP client window:
Saved credentials will be used to connect to this computer. You can edit or delete these credentials.As an senior administrator, I usually don’t recommend users to save passwords. It is much better to use SSO in the domain for transparent RDP authentication.
If you connect from a domain computer to a computer/server in another domain or a workgroup, by default Windows doesn’t allows a user to use a saved credentials for the RDP connection. Despite the fact that the RDP connection password is saved in the Credentials Manager, the system won’t use it requiring the user to prompt the password. Also, Windows prevents you from using the saved RDP password if you connect with your local account instead of your domain one.
In this case, if you try to connect using the saved RDP password, this error message appears:
Your credentials did not work Your system administrator does not allow the use of saved credentials to log on to the remote computer CompName because its identity is not fully verified. Please enter new credentials.Windows considers the connection insecure, since there is no trust between this computer and the remote computer in another domain [or a workgroup].
You can change these settings on the computer you are trying to establish RDP connection from:
- Open the Local Group Policy Editor by pressing Win + R -> gpedit.msc;
- In the GPO editor, go to Computer Configuration –> Administrative Templates –> System –> Credentials Delegation. Find the policy named Allow delegating saved credentials with NTLM-only server authentication;
- Double-click the policy. Enable it and click Show;
- Specify the list of remote computers [servers] that are allowed to use saved credentials when accessed over RDP. The list of remote computers must be specified in the following format:
- TERMSRV/server1 — allow to use a saved credentials to access a specific computer/server over RDP;
- TERMSRV/*.woshub.com — allow to establish RDP connection with saved credentials to all computers in the woshub.com domain;
- TERMSRV/* — allow to use a saved password to connect to any remote computer.
Tip. TERMSRV must be written in uppercase, and the computer name must fully match the one you type in the RDP client connection host filed.
- Save the changes and update GPO settings using this command:gpupdate /force
Now, when connecting using RDP, the mstsc client will be able to use your saved credentials.
You can change the RDP saved credentials policy only on the local computer using the Local Group Policy Editor. If you want to apply this settings on multiple computers of the domain, use the domain GPO configured using the gpmc.msc [Group Policy Management] console.
If the user is still asked for a password during an RDP connection, try to enable and configure the Allow delegating saved credentials policy in the same way. Also, make sure that the policy Deny delegation saved credentials is not enabled, since denying policies have higher priority.