windows 10
  »  How to Allow Saved Credentials for RDP Connection

How to Allow Saved Credentials for RDP Connection


When you are connecting to remote system using native Microsoft RDP client (mstsc.exe), you have the ability to save login credentials in order to not to enter them each time. Also there is one more important thing. If your connection is from domain computer to remote computer in a workgroup or another domain, it is impossible to use saved credential to access RDP server. Remote Desktop client refuses usage of saved credentials, each time forcing you to re-enter your password. Your system administrator does not allow the use of saved credentials problem occurs in Windows Vista and higher.

You will receive the following error message:

[Start]Your Credentials did not work

Your system administrator does not allow the use of saved credentials to log on to the remote computer server_name because its identity is not fully verified. Please enter new credentials.

The logon attempt failed

[/End]

Your system administrator does not allow the use of saved credentials

Your system administrator does not allow the use of saved credentials what does it mean?

The fact is that using of saved login credentials when connecting to a remote computer is forbidden by default domain policy, because there is no trust relationship between your computer and the server in a remote domain (or workgroup). However, this settings can be changed.

On the computer from which you are performing the Remote Desktop connection, press Win + R, type the following command and then click OK.

gpedit.msc

Additionally, you may need to enter an Administrator password or confirm the elevation (depending on the UAC policy).

gpedit

In the new window of Local Group Policy Editor, go to section Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation. We are interested in the policy Allow delegating default credentials with NTLM-only server authentication.

RDP Allow Saved Credentials

Open policy and enable it, then click Show button.

RDP Your system administrator does not allow the use of saved credentials

In the new window you need to set the list of servers that are explicitly allowed the saved credential usage when connecting over RDP.

The list of allowed systems must be specified in following formats:

  • TERMSRV/remote_pc — allow to save login credentials for a specific computer
  • TERMSRV/*.theitbros.com — allow to use the saved credentials for all computers in the domain theitbros.com
  • TERMSRV/* — allow to store saved credentials for all computers, without exception.

Note. Use TERMSRV in uppercase, as in the example. If you specify a specific computer, remote_pc value must exactly match the name entered in the “Computer” field of rdp-client.

termsrv/*

Press OK to save changes and then close the Group Policy Editor. Open Command prompt and apply current Group Policy settings by running:

gpupdate /force

gpupdate Your system administrator does not allow the use of saved credentials

Now you should connect to Remote Desktop with saved credentials without providing password over and over again.

allow saved credentials rdp

So, we allowed to save the login credentials only on one particular computer using Local Group Policy. For multiple computers it will be better to create a separate domain OU and attach to it appropriate domain policy. Hope this was useful!

You may also like:

 Deploy LGPO with MDT 2013 Local Group Policy (LGPO) of computer is configured through gpedit.msc snap-in, which does not provide the possibility to export/import settings. That...
Configure NTP Time Sync Using Group Policy The Windows Time service (despite its apparent simplicity) is the basis for the normal functioning of Active Directory domain. In properly configured ...
Add, modify and delete Registry keys using Group P... The settings of most applications and a lot of Windows features do not require centralized management by using Group Policy (GPO). But you have to kno...
Deploy Printers in Domain using Group Policy One of the most important features of Group Policies usage in Active Directory Domain environment is the possibility to connect a shared network print...
Config Remote Desktop Easy Print on Server 2012 R2 TS Easy Print technology was first introduced in Windows Server 2008 as an alternative to the use of traditional printing subsystem on Remote Desktop ...
Comments
  1. Posted by John Bennett

    Awesome! Thank you…

    Reply
    • Posted by TheITBros

      We are glad that you like it!

      Reply
  2. Posted by Cameron Scott

    Very helpful, thank you!

    Reply
  3. Posted by Paul Farmer

    I have tries this on several computers, and it still will not let me save credentials. Anything else I should try.

    Reply
    • Posted by Leroy Bagwell

      I had the same problem, but using these instructions went back in and also amended “Allow delegating saved credentials with NTLM-only server authentication.” and now it works 🙂

      Reply
  4. Posted by Angelique Hart

    I followed the instructions as well as editing the entry specified by Leroy Bagwell but gpudpate /force fails because the computers I am doing this to are located in a remote office away from the domain controller so I get an error about not having network connectivity to the domain controller. Is there any way around this?

    Reply
  5. Posted by Neal Rollins

    “Allow delegating saved credentials with NTLM-only server authentication.” work for me also

    thanks Leroy for comment on IT Brothers Post

    Reply
  6. Posted by Dirk

    It doesn’t appear to work under Windows 10.

    Reply
    • Posted by Mark Anthony

      @ Dirk

      For Windows 10, this did not work. What did work was going to Credential Manager, deleting the entry from the section Windows Credentials and adding it to Generic Credentials.

      Reply
  7. Posted by Kamran

    Thanks its working for me.

    Reply
  8. Posted by Danny

    The one I needed was ‘Allow delegating saved credentials with NTLM-only server authentication’.

    Windows 10, domain PC to non domain pc.

    Reply

Add Your Comment