Domain – How to force RDP to accept the stored credentials, when the computer is under a domain

credentialsdomainrdp

So i've setup TERMSRV/* in the Group Policy Editor, but RDP will still not allow me to use saved credentials because the computer is under a domain. I found this by reading the description in the policy editor: "If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine".

I understand this is a "security" feature but it is pretty stupid in my case. Is there is a way to bypass it?

Kind regards

Best Answer

I know this is an 8 month old post, but I just found my self on the same situation. Well, the solution (at least for me) was really simple. But this has to be done in the DC, you have to edit your Default Domain Policy or create a new one with the following:

Computer Configuration > System > Credentials Delegation
- Allow delegating default credentials with NTLM-only server authentication
- Enabled > Add servers to the list > Show > add TERMSRV/*

The same goes to "Allow delegating saved credentials with NTLM-only server authentication"

Computer Configuration > System > Credentials Delegation
- Allow delegating saved credentials with NTLM-only server authentication
- Enabled > Add servers to the list > Show > add TERMSRV/*

After this, in the DC just force a gpupdate and do the same on the computer you need to use the saved credentials.

This worked for me in an Windows Server 2012 R2 environment.

Hope it helps in the future.

Regards!

Best Answer

Related Solutions

Domain – Allow Domain Users to install software on their computers

RDP – System Administrator Restricts Use of Saved Credentials for Remote Login

Related Topic