The built-in Windows Remote Desktop Client (mstsc.exe) allows you to save the username and password for logging in to a remote computer. By using the stored RDP references, the user does not have to enter the password every time he logs into the remote office. In this message you will learn how to configure the registered credentials for your RDP connections on Windows 10, Windows Server 2012 R2/2016 and what to do if the passwords are not registered despite all settings (every time an external system asks you for your password).
Delegation of stored RDP authority via group policy
By default, Windows allows users to store their passwords for RDP connections. To do this, the user must enter the RDP computer name and username and check the Allow data to be saved checkbox in the RDP client window. As soon as the user clicks the Connect button, the RDP server asks for the password and the computer stores it in the Windows Credential Manager (not in the .RDP file).
Therefore, the next time you login to the RDP server with the same username, the password will be automatically taken over from the Credential Manager and used for RDP authentication.
As you can see, if a password is stored for this computer, the following message is displayed in the RDP client window:
Stored data is used to log in to this computer. You can change or delete these references.
As a senior administrator, I generally do not recommend that users store their passwords. It is much better to use SSO in the domain for transparent RDP authentication.
By default, Windows does not allow the user to use the stored data for an RDP connection when connecting from a domain computer to a computer/server in another domain or workgroup. Although the password for the RDP login is stored in the Account Manager, the system does not use it and asks the user to enter it. In addition, Windows does not allow the registered RDP password to be used when logging into a local account instead of a domain account.
In this case, if you try to login with the registered RDP password, you will see this error message:
Your system administrator does not allow you to use your registered data to connect to the CompName Remote computer because the data has not been fully verified. Enter the new data.
Windows believes that the connection is not secure because there is no trust between this computer and a remote computer in another domain (or workgroup).
You can change these settings on the computer from which you are trying to establish the RDP connection:
- Open the local group policy editor by pressing Win + R -> gpedit.msc ;
- In the GPO Editor, go to Computer configuration -> Administrative templates -> System -> Delegation of authority. Find a policy called Allow delegation of stored references with NTLM server authentication ;
- Double-click on the policy. Turn it on and click the Show button;
- Provide a list of remote computers (servers) that may use the data stored when accessing via RDP. The list of remote computers shall be specified in the following format:
- TERMSRV/server1 – allows the use of stored references to access a specific computer/server via RDP ;
- TERMSRV/*.contoso.com – Establishes an RDP connection to data stored on all computers in the contoso.com domain;
- TERMSRV/* – allows you to use a saved password to connect to any remote computer.
Council. TERMSRV must be in capital letters and the name of the computer must exactly match the name you enter in the RDP Client Connection Host field.
- Save the changes and update the GPO settings with the following command: gpupdate /force
If you now log in via RDP, the mstsc client can use your registered data.
You can change the RDP reference policies stored only on the local computer using the Local Group Policy Editor. If you want to apply these settings to multiple computers in a domain, use a domain GPO configured in the gpmc.msc (Group Policy Management) console. If users are always prompted to enter their passwords when logging in to RDP, try enabling and configuring stored data delegation policies in the same way. In addition, make sure that the stored denial policy for delegations is not activated because the denial policy has a higher priority.
Windows does not store RDP identifications on
If you have set up Windows according to the above instructions, but your RDP client asks you for the password every time you try to log in, check the following points
- In the RDP login window, click Show options and make sure the Always ask for references option is not selected;
- If you are using a saved .RDP file for the connection, make sure that the prompt for references is set to 0 (prompt for references:i:0) ;
- Open the GPO Editor (gpedit.msc) and go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client. You cannot enable or disable the Save Passwords function. Also make sure that this policy setting is disabled in the resulting group policy on your computer (you can use the gpresult command to generate an HTML report with the GPO application settings);
- Delete all passwords stored in the account management. Enter the User Password Manager2 and click on the Advanced tab in the User Accounts window and click Manage Passwords;
- In the next window, select Windows Credentials. Find all saved RDP passwords and delete them (they start with TERMRSV/…). In this screen you can manually add references for RDP connections. Note that the RDP server/computer name must be in TERMRSVserver_name1 format. Remember to delete all saved passwords when deleting the RDP connection history on your computer.
- You cannot connect to the registered RDP references if the remote server has not been updated for a long time and a CredSSP encryption error is displayed when attempting to connect to this server.
Users can then use the saved passwords for RDP connections.
your credentials did not work azure vm,termsrv/*,remote desktop 0x1307,rdp readcreds failed,logon attempt failed remote desktop gateway,the credentials that were used to connect to,how to save rdp password in windows 7,rdp don t save username,use rdp gateway generic credential,rdp keeps asking for password,rdp allow saving credentials,microsoft remote desktop save password mac,remote desktop login error,mremoteng your credentials did not work,remote desktop can't enter credentials,your credentials did not work remote desktop,remote desktop credentials windows 10,rdp not passing credentials,remote desktop see password,jump desktop domain,what is credential password in remote desktop,where are remote desktop credentials stored,remote desktop credentials,windows 10 remote desktop password incorrect,rdp saved credentials not working windows 10,remote desktop credentials did not work windows 10,rdp saved credentials registry,your system administrator does not allow the use of saved credentials to log on the remote computer,allow saved credentials rdp windows 10,your credentials did not work remote desktop windows server 2012,the username or password did not work remote desktop