By default, Windows allows users to save their passwords for RDP connections. To do it, a user must enter the name of the Remote Device, and the Username. Then check the box Allow me to save credentials in the RDP client window. Here is a guide on how to prevent the saving of RDP Credentials in Windows 10. In this article, I will be showing you how to prevent users from saving RDP credentials on Windows 11. Please see How to allow saved credentials for RDP connection, how to remove saved RDP connections in Windows, and how to Automatically Log Out After a Period of Inactivity on Mac.
When this setting is enabled for Remote Desktop Connection, users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not set, the user will be able to save them using Remote Desktop Connection. Also, see how to fix Remote Desktop cannot find the computer this in the network: Verify the computer name and domain that you are trying to connect.
Why Should You Prevent Users from Saving RDP Passwords on Windows 11
Preventing users from saving Remote Desktop Protocol (RDP) credentials on Windows 11 enhances security and help protects against unauthorized access. Below are some reasons why it is advisable to disable the saving of RDP credentials:
- Unauthorized Access: Saving RDP credentials can pose a security risk if the device or user account is compromised. If an unauthorized person gains access to the saved credentials, they can use them to connect to remote systems without requiring further authentication. By disabling the saving of these details, you add an extra layer of protection against potential unauthorized access.
- Credential Theft: Malicious software or attackers may target the saved RDP details to steal them. They can extract the credentials from the system and use them for unauthorized remote connections. Disabling the saving of credentials reduces the chances of such theft and helps prevent the risk of credential compromise.
- User Accountability: Disabling the saving of RDP credentials encourages users to enter them manually each time they establish an RDP connection. This promotes better security practices and ensures that users are accountable for their authentication details. It reduces the likelihood of users sharing their credentials, thereby leaving them exposed.
- Compliance Requirements: In some organizations, security regulations or compliance standards may prohibit the saving of RDP credentials for specific systems. Following these requirements is essential for maintaining regulatory compliance and protecting sensitive information.
By preventing users from saving RDP credentials, you enforce the principle of “least privilege” and limit the potential attack surface. You may want to read about “Implementing Least-Privilege Administrative Models” in greater detail. Users will need to provide their credentials each time they establish an RDP connection, reinforcing the authentication process and reducing the risk of unauthorized access.
Disable the Saving of RDP Credentials
These steps are simple and very straightforward using Group Policy either local or per Domain. These steps to disable the saving of RDP credentials may differ from various Windows editions in the future as Microsoft often makes configuration changes. It is recommended to consult the official Microsoft documentation or the system administrator for guidance on implementing the right security measure.
Please see How to configure user resource limits and Restrictions in Linux, How to configure user resource limits and Restrictions in Linux, and learn more about Windows 11 System Requirements. Also, see how to fix Git GUI/gitk won’t open and complains of missing Tcl/Tk Aqua libraries, and how to Create a Simple Notification Service (SNS) Notification on AWS.
In this short guide, I will be disabling the feature to have passwords saved via the Local Group Policy. These steps are pretty similar to implementing them in the domain. To do this, run the command below to launch the Local Group Policy Editor.
gpedit.msc
Locate the User Configuration, Administrative Templates, Windows Components, Remote Desktop Services, and Remote Desktop Connection Clients Settings.
In the Setting, you will see that “Do not allow passwords to be saved”. As you can see, this has not been configured and as such, users can still save their RDP credentials.
Double-click and set it to enabled. This ensures users will not be able to save RDP credentials any longer.
To ensure this applies immediately, run GPUpdate. For more information on GPO switches, see all about GPUpdate switches – GPUpdate vs GPUpdate /force.
I hope you found this blog post helpful on how to Prevent users from saving RDP credentials on Windows 11. Please let me know in the comment section if you have any questions.