windows 10

How to Allow Saved Credentials for RDP Connection?


When you are connecting to the remote Windows host using native Microsoft RDP client (mstsc.exe), you have the ability to save your login credentials in order to not to enter them each time. You just need to tick the “Remember me” option in the RDP connection windows. In this case, Windows will save your Remote Desktop password to the Windows Credentials Manager.

Also there is one more important thing. If you trying to establish an RDP connection from a domain computer to a remote computer in a workgroup or another domain, it is impossible to use saved credential to access RDP server. Remote Desktop client refuses usage of saved credentials, each time forcing you to re-enter your password with the following error message: Your system administrator does not allow the use of saved credentials.

Remote Desktop Doesn’t Allow Saved Credentials

In some cases, when you try to connect to the Remote Desktop, you may receive the following error message:

Your Credentials did not work

Your system administrator does not allow the use of saved credentials to log on to the remote computer server_name because its identity is not fully verified. Please enter new credentials.

The logon attempt failed

your system administrator does not allow the use of saved credentials

Your System Administrator Does Not Allow the Use of Saved Credentials — What Does This Mean?

The fact is that using of saved login credentials when connecting to a remote computer is forbidden by default Windows security settings, because there is no trust relationship between your computer and the server in a remote domain (or workgroup). However, this settings can be changed.

Configure Group Policy to Allow the Use of Saved Remote Desktop Credentials

Run the Local Group Policy Editor on a computer from which you are performing the Remote Desktop connection. Press Win + R, type the following command and then click OK.

gpedit.msc

Additionally, you may need to enter an Administrator password or confirm the elevation (depending on the UAC policy settings).

your system administrator does not allow the use of saved credentials to log on the remote computer

In the Local Group Policy Editor console go to the section Local Computer Policy –> Computer Configuration > Administrative Templates > System > Credentials Delegation. Find the policy named Allow delegating default credentials with NTLM-only server authentication.

system administrator does not allow the use of saved credentials

Open the policy item and enable it, then click Show button.

your administrator does not allow the use of saved credentials

In the new window you need to add the list of servers/computers that are explicitly allowed the saved credential usage when connecting over RDP.

The list of allowed systems must be specified in the one of the following formats:

  • TERMSRV/remote_pc — allow to save login credentials for a specific computer
  • TERMSRV/*.theitbros.com — allow to use the saved credentials for all computers in the domain theitbros.com
  • TERMSRV/* — allow to use saved RDP credentials for all computers, without exception.

Note. Use TERMSRV in uppercase, as in the example. If you specify a specific computer, remote_pc value must exactly match the name entered in the “Computer” field of the rdp client.

your system administrator does not allow the use of saved credentials to log on to the remote computer

In the same Credentials Delegation GPO section find and enable the policy “Allow delegating saved credentials with NTLM-only server authentication”. Add the same TERMSRV/ values to the policy setting as mentioned above.

the system administrator does not allow the use of saved credentials

Press OK to save changes and then close the Group Policy Editor. Open Command prompt and update the Group Policy settings by running:

gpupdate /force

allow saved credentials rdp

Now you should connect to the Remote Desktop with saved credentials without providing password over and over again.

your system administrator does not allow

So, we allowed to save the login credentials only on one particular computer using Local Group Policy.

If you can’t connect to the remote computer using saved RDP credentials, try to delete all old saved credentials using the Credential Manager (Control Panel\All Control Panel Items\Credential Manager\Windows Credentials). Delete all the saved entries from the Windows Credentials and Generic Credentials. Then you can manually add your RDP creds under Generic Credentials (to make it work, put the prefix “TERMSRV” in the Internet or Network Address” before RD host name).

your system administrator does not allow you to connect to this remote computer

In order to allow saved RDP credentials usage for multiple domain computers it will be better to create a separate domain OU. Then use the Group Policy Management Console (GPMC.msc) to create and link the new GPO with the settings above to the computers’ OU.

Server Authentication Policy Does not Allow Saved Credentials

In some cases, you may see the following error message when you trying to use the saved RDP credentials:

Windows Security

Your credentials did no work

The server’s authentication policy does not allow connection requests using saved credentials. Please enter new credentials.

rdp your system administrator does not allow the use of saved credentials

This error message indicates that the remote server does not allow the use of saved RD password to connect. To fix this error, you need to make changes to the settings of the remote computer/RDS server.

  1. On the remote computer, run the local GPO editor – gpedit.msc;
  2. Go to the GPO section Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security;
  3. Locate and change the policy value ‘Always prompt for password upon connection‘ to Disabled;

rdp allow saved credentials

  1. Reboot your server.

If this policy is enabled, Remote Desktop Services must always prompt a client for passwords upon RDP connection.

You can also change this parameter on the RDS server with one command in the elevated cmd:

REG add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fPromptForPassword /t REG_DWORD /d 0 /f

Hope this was useful!

Comments
  1. Posted by John Bennett
    • Posted by TheITBros
  2. Posted by Cameron Scott
  3. Posted by Paul Farmer
    • Posted by Leroy Bagwell
      • Posted by Chris Wiltshire
      • Posted by Bruce
      • Posted by James
  4. Posted by Angelique Hart
  5. Posted by Neal Rollins
  6. Posted by Dirk
    • Posted by Mark Anthony
      • Posted by LG
        • Posted by AG
  7. Posted by Kamran
  8. Posted by Danny
  9. Posted by Branson
  10. Posted by Justin
  11. Posted by fix
  12. Posted by Oz Edri

Add Your Comment