13

I'm trying to use RDP and save my credentials in a file so I don't have to enter it each time I connect.

I remember doing it before and it involved changing a group policy setting. What exactly do I need to change in Group Policy within Windows 7 in the host & client machines to accomplish this?

kenorb
  • 24,736
  • 27
  • 129
  • 199
barfoon
  • 986
  • 2
  • 11
  • 24

5 Answers5

13

Open the Group Policy editor (Start > Run > gpedit.msc) and navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client

For value Do not allow passwords to be saved, change to Disabled.

When connecting to a machine in Remote Desktop Connector, expand the Options panel and confirm that Allow me to save credentials is checked.

Neil
  • 435
  • 3
  • 4
13

Actually found a link (archive.org) that solved this problem:

  1. Hit Start –> Run and type "gpedit.msc".
  2. Navigate to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation.
  3. Double click the policy "Allow Delegating Default Credentials with NTLM-only Server Authentication".
  4. Set the policy to “Enabled”.
  5. Click the Show button and enter the string “TERMSRV/*” into the list. You can also be more specific here in case you don’t want to allow the use of saved credentials with all remote machines but rather just a select few.
  6. Click OK twice to close the policy. Repeat steps 3–6 for the following policies:
    1. "Allow Delegating Default Credentials"
    2. "Allow Delegating Saved Credentials with NTLM-only Server Authentication"
    3. "Allow Delegating Saved Credentials"
bkaid
  • 103
  • 3
barfoon
  • 986
  • 2
  • 11
  • 24
  • 1
    +1 As it is links to a very comprehensive answer. This is the kind of answer that should be redone on SuperUser. It is, after all, supposed to be a cross between a forum and a Wiki – Ian Boyd Sep 09 '10 at 17:06
  • @IanBoyd: The recommendation is to make a Community Wiki post with a link to the original content. This is especially helpful when both the original posts have gone dead. – Guvante Jan 02 '13 at 23:55
  • 1
    @Guvante And now that the link **has** gone dead; the useful answer is lost forever. – Ian Boyd Jan 03 '13 at 14:38
  • 1
    Available here: https://web.archive.org/web/20091004021911/http://www.perceptible.net/post/2009/02/03/How-To-Enable-Use-of-Saved-Credentials-with-Remote-Desktop-to-Almost-Fully-Authenticated-Machines.aspx – bkaid Mar 25 '14 at 16:52
  • After completing above, run Command Prompt as Administrator and Write. GPUpdate /force – Jes Gudiksen Jun 18 '21 at 04:39
4

I had an issue where Windows 10 would permanently ask for a password when I try to connect to a new machine.

First, the password line in the RDP must be named:

password 51:b:myEncryptedPassword

And the pass must by encrypted. You can use cryptRDP5 to convert it

cryptRDP5.exe yourpassword
mashuptwice
  • 2,929
  • 2
  • 12
  • 25
Makusensu
  • 141
  • 3
  • This didn't work for me. I still get prompted for the password with the dialog stating that "Your credentials did not work. Please enter new credentials. The logon attempt failed." My rdp file contains something like password 51:b:01000000d08c9d... With the encrypted password generated using cryptRDP5. If I enter the password in the dialog it works. – Milind May 30 '21 at 05:50
  • @Milind Not sure if it is your case, but the encrypted password is linked to the machine that generated it. If you try to use the same on another one it is invalidated. – Makusensu Jun 02 '21 at 09:34
3

You can store the hostname/ip and credentials as key from PowerShell using the command :

cmdkey /generic:<ip or hostname> /user:<username> /pass:<password>

For viewing your saved keys
Note: The saved password will not be visible in any case.:

cmdkey /list

For deleting a key:

cmdkey /delete:<hostname>

This works for running a RDP session from command prompt as well as the RDP client.

Hope this helps.

For more details you can visit the Technet page

xeon
  • 141
  • 3
0

I've converted @barfoon answer to a registry script, to allow its automated deployment... Or just saving the hassle of navigating through gpedit.msc:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services]
"DisablePasswordSaving"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation]
"AllowDefaultCredentials"=dword:00000001
"AllowDefaultCredentialsWhenNTLMOnly"=dword:00000001
"ConcatenateDefaults_AllowDefault"=dword:00000001
"AllowSavedCredentials"=dword:00000001
"ConcatenateDefaults_AllowSaved"=dword:00000001
"AllowSavedCredentialsWhenNTLMOnly"=dword:00000001
"ConcatenateDefaults_AllowSavedNTLMOnly"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]
"1"="TERMSRV/*"

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials]
"1"="TERMSRV/*"

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly]
"1"="TERMSRV/*"

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentialsWhenNTLMOnly]
"1"="TERMSRV/*"

Just save this in a filename.reg file, double click it and enjoy.

Evengard
  • 1,764
  • 15
  • 26