How to Allow Saved Credentials for RDP Connection

When you are connecting to remote system using native Microsoft RDP client (mstsc.exe), you have the ability to save login credentials in order to not to enter them each time. Also there is one more important thing. If your connection is from domain computer to remote computer in a workgroup or another domain, it is impossible to use saved credential to access RDP server. Remote Desktop client refuses usage of saved credentials, each time forcing you to re-enter your password. Your system administrator does not allow the use of saved credentials problem occurs in Windows Vista and higher.

You will receive the following error message:

[Start]Your Credentials did not work

Your system administrator does not allow the use of saved credentials to log on to the remote computer server_name because its identity is not fully verified. Please enter new credentials.

The logon attempt failed

[/End]

Your system administrator does not allow the use of saved credentials

Your system administrator does not allow the use of saved credentials what does it mean?

The fact is that using of saved login credentials when connecting to a remote computer is forbidden by default domain policy, because there is no trust relationship between your computer and the server in a remote domain (or workgroup). However, this settings can be changed.

On the computer from which you are performing the Remote Desktop connection, press Win + R, type the following command and then click OK.

gpedit.msc

Additionally, you may need to enter an Administrator password or confirm the elevation (depending on the UAC policy).

gpedit

In the new window of Local Group Policy Editor, go to section Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation. We are interested in the policy Allow delegating default credentials with NTLM-only server authentication.

RDP Allow Saved Credentials

Open policy and enable it, then click Show button.

RDP Your system administrator does not allow the use of saved credentials

In the new window you need to set the list of servers that are explicitly allowed the saved credential usage when connecting over RDP.

The list of allowed systems must be specified in following formats:

  • TERMSRV/remote_pc — allow to save login credentials for a specific computer
  • TERMSRV/*.theitbros.com — allow to use the saved credentials for all computers in the domain theitbros.com
  • TERMSRV/* — allow to store saved credentials for all computers, without exception.

Note. Use TERMSRV in uppercase, as in the example. If you specify a specific computer, remote_pc value must exactly match the name entered in the “Computer” field of rdp-client.

termsrv/*

Press OK to save changes and then close the Group Policy Editor. Open Command prompt and apply current Group Policy settings by running:

gpupdate /force

gpupdate Your system administrator does not allow the use of saved credentials

Now you should connect to Remote Desktop with saved credentials without providing password over and over again.

allow saved credentials rdp

So, we allowed to save the login credentials only on one particular computer using Local Group Policy. For multiple computers it will be better to create a separate domain OU and attach to it appropriate domain policy. Hope this was useful!

You may also like:

Deploy LGPO with MDT 2013 Local Group Policy (LGPO) of computer is configured through gpedit.msc snap-in, which does not provide the possibility to export/import settings. That...
Manage Start Screen with Group Policy in Windows 1... Hello guys! In this tutorial we will show you how to export an existing start screen for Windows 10 and then use the Group Policy to ensure those sett...
How to remove the Welcome to your new Office scree... Hey guys! Today we are going to show you a little bit about MS Office 2013 and Group Policies. We have been deploying MS Office 2013 to some clients a...
Configure Legal Notices on Domain Computers using ... In this article, we are going to show how to configure Legal Notices on domain computer by using Group Policy.So let’s get started.We have our...
Add, modify and delete Registry keys using Group P... The settings of most applications and a lot of Windows features do not require centralized management by using Group Policy (GPO). But you have to kno...
  • John Bennett

    Awesome! Thank you…

  • Cameron Scott

    Very helpful, thank you!

  • Paul Farmer

    I have tries this on several computers, and it still will not let me save credentials. Anything else I should try.

    • Leroy Bagwell

      I had the same problem, but using these instructions went back in and also amended “Allow delegating saved credentials with NTLM-only server authentication.” and now it works 🙂