Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Fix: Saved RDP Credentials Didn’t Work in Windows

October 18, 2019 Group PoliciesWindows 10Windows Server 2016

Fix: Saved RDP Credentials Didn’t Work in Windows

The built-in Windows Remote Desktop client (mstsc.exe) allows you to save the username and password used to connect to the remote computer. Using a saved RDP credentials, the user doesn’t need to enter the password each time to connect to the Remote Desktop. In this article, we will look at how to configure saved credentials for your RDP connections in Windows 10, Windows Server 2012 R2/2016 and what to do if passwords are not saved in spite of all settings (each time the remote system prompts you for password).

Contents:
  • RDP Saved Credentials Delegation via Group Policy
  • Windows is not saving RDP credentials

RDP Saved Credentials Delegation via Group Policy

By default, Windows allows users to save their passwords for RDP connections. To do it, a user must enter the name of the RDP computer, the username and check the box “Allow me to save credentials” in the RDP client window. After a user has clicked the “Connect” button, the RDP server asks for the password and the computer saves it to Windows Credential Manager (not to the .RDP file).

mstsc rdp client - Allow me to save credentials

As a result, the next time you connect to an RDP server using the same username, the password will be automatically taken from the Credential Manager and used for RDP authentication.

As you can see, if there is a saved password for this computer, the following message appears in the RDP client window:

Saved credentials will be used to connect to this computer. You can edit or delete these credentials.

remote desktop client: Saved credentials will be used to connect to this computer. You can edit or delete these credentials

As an senior administrator, I usually don’t recommend users to save passwords. It is much better to use SSO in the domain for transparent RDP authentication.

If you connect from a domain computer to a computer/server in another domain or a workgroup, by default Windows doesn’t allows a user to use a saved credentials for the RDP connection. Despite the fact that the RDP connection password is saved in the Credentials Manager, the system won’t use it requiring the user to prompt the password. Also, Windows prevents you from using the saved RDP password if you connect with your local account instead of your domain one.

In this case, if you try to connect using the saved RDP password, this error message appears:

Your credentials did not work
Your system administrator does not allow the use of saved credentials to log on to the remote computer CompName because its identity is not fully verified. Please enter new credentials.

Your rdp credentials did not work Your system administrator does not allow the use of saved credentials to log on to the remote computer 

Windows considers the connection insecure, since there is no trust between this computer and the remote computer in another domain (or a workgroup).

You can change these settings on the computer you are trying to establish RDP connection from:

  1. Open the Local Group Policy Editor by pressing Win + R -> gpedit.msc;
  2. In the GPO editor, go to Computer Configuration –> Administrative Templates –> System –> Credentials Delegation. Find the policy named Allow delegating saved credentials with NTLM-only server authentication; gpo - Allow delegating saved credentials with NTLM-only server authentication
  3. Double-click the policy. Enable it and click Show; add delegated rdp servers
  4. Specify the list of remote computers (servers) that are allowed to use saved credentials when accessed over RDP. The list of remote computers must be specified in the following format:
    • TERMSRV/server1 — allow to use a saved credentials to access a specific computer/server over RDP;
    • TERMSRV/*.woshub.com — allow to establish RDP connection with saved credentials to all computers in the woshub.com domain;
    • TERMSRV/* — allow to use a saved password to connect to any remote computer.termsrv record to use rdp delegation credentials
      Tip. TERMSRV must be written in uppercase, and the computer name must fully match the one you type in the RDP client connection host filed.
  5. Save the changes and update GPO settings using this command:gpupdate /force

Now, when connecting using RDP, the mstsc client will be able to use your saved credentials.

rdp connection window

You can change the RDP saved credentials policy only on the local computer using the Local Group Policy Editor. If you want to apply this settings on multiple computers of the domain, use the domain GPO configured using the gpmc.msc (Group Policy Management) console.

If the user is still asked for a password during an RDP connection, try to enable and configure the Allow delegating saved credentials policy in the same way. Also, make sure that the policy Deny delegation saved credentials is not enabled, since denying policies have higher priority.

Windows is not saving RDP credentials

If you have configured Windows following the instructions above, but your RDP client prompts you to enter your password each time you try to connect, it is worth to check the following:

  1. Click “Show Options” in the RDP connection window and make sure that “Always ask for credentials” option is not checked; uncheck "Always ask for credentials"
  2. If you are using the saved .RDP file for connection, make sure that the value of ‘prompt for credentials’ parameter is 0 (prompt for credentials:i:0); rdp file: prompt for credentials:i:0
  3. Open the GPO Editor (gpedit.msc) and go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client. ‘Do not allow passwords to be saved’ must be not set or disabled. Also make sure that this policy setting is disabled in the resulting Group Policy on your computer (you can create an HTML report with the applied GPO settings using the gpresult command); disable the policy "Do not allow passwords to be saved"
  4. Delete all saved passwords from the Credential Manager. Type control userpasswords2 and in the User Accounts window go to the Advanced tab and click Manage Passwords; manage saved passwords in windows
  5. In the next window select Windows Credentials. Find all saved RDP passwords and delete them (they start with TERMRSV/…). windows credentials - saved rdp passwords TERMSRV item
    In this window you can manually add credentials for RDP connections. Please note that the name of an RDP server/computer must be specified in the TERMRSV\server_name1 format. Don’t forget to delete all saved passwords when you clear the RDP connection history on your computer.add rdp saved credentials
  6. You won’t be able to logon with the saved RDP credentials if the remote server has not been updated for a long time, and when trying to connect to it, you will see the error CredSSP encryption oracle remediation.

After that users will be able to use their saved passwords for RDP connections.

8 comments
7
Facebook Twitter Google + Pinterest
previous post
VMware ESXi: How to Kill an Unresponsive (Stuck) Virtual Machine
next post
How to Use AD Photo as User Profile Picture in Windows 10?

Related Reading

How to Deploy Windows 10 (11) with PXE...

June 27, 2022

Checking Windows Activation Status on Active Directory Computers

June 27, 2022

Configuring Multiple VLAN Interfaces on Windows

June 24, 2022

How to Disable or Enable USB Drives in...

June 24, 2022

Adding Domain Users to the Local Administrators Group...

June 23, 2022

8 comments

agus November 3, 2020 - 3:34 pm

i follow your step but still need password

Reply
Stefan November 4, 2020 - 10:15 am

Same for me. Still need to type in password.
I always could use saved passwords. But then suddenly some weeks ago, it didn’t work any more. Certainly with some Windows update

Reply
agus November 4, 2020 - 2:35 pm

after i test again, my problem is after join domain i cant save my credential but if workgroup i can save my RDP cred. my GPO on server not yet apply to new domain user

Reply
SAL January 23, 2021 - 5:07 pm

Sorry to disappoint, but although this post may have been valid in October of 2019, it no longer works.

Some “helpful” update to Windows 10 has made this not work. Like others above have said, “suddenly it doesn’t work any more”.

Call Bill Gates.

Reply
Will February 17, 2021 - 9:57 am

This got me where I needed to go – thanks a million

Reply
tyson April 1, 2021 - 7:15 am

hmmmm my problem is that i have two accounts on my server and problem with RDP as it just save only one account like if i enter account1 : password it will save it and when i enter account2 : password then it will erase account1 details , so i wish is there any fix around to save multiple account ?
thanks

Reply
Stephanie April 8, 2021 - 9:30 am

Tyson try creating a 2nd saved RDP Connection and just give them a different name each one with one specific username / password and that should work?

Reply
Stephanie April 8, 2021 - 9:29 am

Hi.

Thanks, Brand new Windows10 Pro pc with all the latest updates in our AD wouldn’t save the password the first solution worked perfectly for it.

Cheers

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • How to Deploy Windows 10 (11) with PXE Network Boot?

    June 27, 2022
  • Checking Windows Activation Status on Active Directory Computers

    June 27, 2022
  • Configuring Multiple VLAN Interfaces on Windows

    June 24, 2022
  • How to Disable or Enable USB Drives in Windows using Group Policy?

    June 24, 2022
  • Adding Domain Users to the Local Administrators Group in Windows

    June 23, 2022
  • Viewing a Remote User’s Desktop Session with Shadow Mode in Windows

    June 23, 2022
  • How to Create a Wi-Fi Hotspot on your Windows PC?

    June 23, 2022
  • Configuring SSH Public Key Authentication on Windows

    June 15, 2022
  • How to Run a Program as a Different User (RunAs) in Windows?

    June 15, 2022
  • FAQ: Licensing Microsoft Exchange Server 2019/2016

    June 14, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Backup/Restore and Export Local Group Policy Settings to Another Computer
  • Reset Local Group Policy Settings in Windows
  • How to Delete Old User Profiles Using GPO and PowerShell?
  • Changing Default File Associations in Windows 10 via GPO
  • Changing Desktop Background Wallpaper in Windows through GPO
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top