Allow Saved Credentials for RDP Connections

Allow Saved Credentials for RDP Connections

By default Windows doesn’t allows a user to use a saved credentials for the RDP connection. Despite the fact that the RDP connection password is saved in the Credentials Manager, the system won’t use it requiring the user to prompt the password. Also, Windows prevents you from using the saved RDP password if you connect with your local account instead of your domain one.

Open the GPO Editor setting using this command: gpedit.msc;

Local Group Policy Editor console go to the section Local Computer Policy –> Computer Configuration > Administrative Templates > System > Credentials Delegation. Find the policy named Allow delegating saved credentials with NTLM-only server authentication;

Enable policy, then click Show button.

Add the list of servers/computers that are explicitly allowed the saved credential usage when connecting over RDP.

The list of allowed systems must be specified in the one of the following formats:
  • TERMSRV/remote_pc — allow to save login credentials for a specific computer
  • TERMSRV/*.acme.com — allow to use the saved credentials for all computers in the domain theitbros.com
  • TERMSRV/* — allow to use saved RDP credentials for all computers, without exception.
TERMSRV must be written in uppercase, and the computer name must fully match the one you type in the RDP client connection host filed.
Save the changes and update GPO setting using this command: gpupdate /force

Now, when connecting using RDP, the mstsc client will be able to use your saved credentials.

You can change the RDP saved credentials policy only on the local computer using the Local Group Policy Editor. If you want to apply this settings on multiple computers of the domain, use the domain GPO configured using the gpmc.msc (Group Policy Management) console.

  1. On the remote computer, run the local GPO editor – gpedit.msc;
  2. Go to the GPO section Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security;
  3. Locate and change the policy value ‘Always prompt for password upon connection‘ to Disabled;

rdp allow saved credentials

  1. Reboot your server.

Save the changes and update GPO setting using this command: gpupdate /force

If the user is still asked for a password during an RDP connection, try to enable and configure the Allow delegating saved credentials policy in the same way. Also, make sure that the policy Deny delegation saved credentials is not enabled, since denying policies have higher priority.