Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, August 22, 2016 12:30 PM
I found few links that talk about changing Group policies about credential policies but these are no working on windows 10. These policies were working fine on windows 8.1. I am trying to connect to a windows 7 desktop which is not domain joined. System is not remembering the passwords for RDP when RDP is done from domain to domain computers using non domain system local accounts..
Regards Atul Kumar
All replies (12)
Tuesday, August 23, 2016 6:14 AM ✅Answered
Hi Atul Kumar [IN],
". I am trying to connect to a windows 7 desktop which is not domain joined. System is not remembering the passwords for RDP when RDP is done from domain to domain computers using non domain system local accounts.. "
I am a little confused of the exact environment.
Do you mean the credential could be remembered when we remote to a machine which is not joined to the domain but the credential won`t be remembered when we remote to the machines which are in the domain?
Please try ReginRavi`s suggestion and run "rsop" to ensure the gpo has been applied to the machine.
Check the "credential manager" for any saved credentials. Try to delete it and save a new one.
Best regards
Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Monday, August 22, 2016 12:43 PM | 1 vote
Hello
On your local machine Open Windows command prompt type: gpedit.msc -> Press Enter -> a new window will popout
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Double Click on “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
By default it will be “not configured”
You will see radio buttons -> Enable the policy
Click the “Show” button in the options window below and enter the value “TERMSRV/*” (without quotes) into the list.
Click Apply button
Do the same thing for the following policies:
Allow Delegating Saved Credentials
Allow Delegating Default Credentials with NTLM-only Server Authentication
Allow Delegating Default Credentials
Close all windows
Open a command prompt and use “gpupdate /force” command to apply the policy directly
Regards, Regin Ravi
Thursday, March 2, 2017 6:32 PM | 4 votes
...On your local machine Open Windows command prompt type: gpedit.msc -> Press Enter -> a new window will popout
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Double Click on “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
By default it will be “not configured”
You will see radio buttons -> Enable the policy
Click the “Show” button in the options window below and enter the value “TERMSRV/*” (without quotes) into the list.
Click Apply button
Do the same thing for the following policies:
Allow Delegating Saved Credentials
Allow Delegating Default Credentials with NTLM-only Server Authentication
Allow Delegating Default Credentials
Close all windows
Open a command prompt and use “gpupdate /force” command to apply the policy directly...
I was having this same issue, and tried this fix. What finally worked for me, in addition to what's quoted, was making sure the "Always ask for credentials" box was unchecked.
Friday, September 22, 2017 9:35 AM | 2 votes
The original poster clearly said that the group policy changes did not work. And clearly said Windows 10.
Friday, September 22, 2017 10:37 AM
Tried all of these and nothing worked. GP not getting applied. I only described my use case, no idea about other use cases. This use case used to work fine in Windows 8.1. In any case, I have given up trying to solve this problem.
Regards Atul Kumar
Friday, September 22, 2017 10:37 AM
I have not tried the last part, but has given up giving more time to this issue now. Thanks for detailed response though.
Regards Atul Kumar
Friday, September 22, 2017 10:40 AM
It was clear from my question that I have already tried these steps and these did not work. This solution was easy to find through web search but I asked here after it failed. In any case, I am no longer interested in fixing this issue.
Regards Atul Kumar
Thursday, January 18, 2018 9:22 PM
I'm having a similar problem, I've run rsop and it looks like the GPO is applied - this is a local GPO, no domain GPO, with the Allow Delegating Saved Credentials (4 entries) configured as listed below - this worked on all machines until some magical change roughly 6 months ago.. When I edit the saved .RDP and uncheck the "Always ask for credentials" checkbox, my logged in domain username automatically appears (email address format) and is grayed out. Under the Username the wording "Your Windows logon credentials will be used to connect". There is no way to change this to specify the correct domain\user credentials for the RDP connection - and the login fails because I need to login as a different user. If I check the "Always ask for credentials" box, the correct domain\user appears however of course, I can't then save the password. This is a recent change, within the last 6 months or so, before the Creator's update (which did not correct the problem). It happens on all PCs, on my domain or on someone else's. How do I remove this "pass through" of my domain login credentials and configure what I want? Side-note, on all computers that I access (domain or not), my access is always with an account that is a Domain Admin.
Thursday, February 15, 2018 8:33 AM | 1 vote
This link solved my problem: RD Gateway and saved credentials
Windows 10 Pro (1709) on a Windows Server 2016 (1607) domain.
I have added the credentials to the specific user:
Network address: TERMSRV/rds.ad.contoso.com
User name: DOMAIN\user
Password: ****
Before doing this I have tried to apply all 4 entries of GPO, but same problems occur as Sid-IS.
I will further test if these steps are also neccessary.
Thursday, June 7, 2018 1:33 PM
I observed when adding a new machine to remote, the "Always ask for credentials" it instead says "Let me save my credentials" and you can remove saved credentials if you entered them wrong to get a new chance to add them.
The Default.rdp file is hidden in your Documents folder (turn on "show hidden files" to see it).
I don't know if it's the same when you are connected to a domain.
Saturday, October 27, 2018 8:19 PM
Try this it worked for me.
https://nishantrana.me/2018/10/28/fixed-windows-10-remote-desktop-rdp-not-saving-credentials/
Nishant Rana(My Blog and My Tweets)
[If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click 
"Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]
Monday, December 30, 2019 5:15 PM
If anyone is stomped and nothing else works try checking if you have a different policy enabled :
Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Do not allow storage of passwords and credentials for network authentication"
If this policy is enabled, or in-fact was enabled at any point, you won't be able to save credentials no matter what you do.
To check if it was ever enabled check the regkey HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
Value Name: DisableDomainCreds
Value Type: REG_DWORD
Value: 0x00000001 (1)
if this value is set to 1 you cannot save credentials. Change it to 0 and you should be good.