Remote Desktop Protocol (RDP) is used while connecting to remote devices over a network. In an RDP setup, a computer/client connects to another computer running RDP server software. The client computer creates an RDP file for storing the connection settings to the server. The client has to open only the RDP file to connect to the server in the future. In this article, I will show you how to Disable credential Prompts for Remote Desktop Connections. Please see these exciting articles: How to allow saved credentials for RDP connection, and How to Prevent the Saving of RDP Credentials in Windows 10. Also, see how to fix “Remote Desktop cannot find the computer this in the specified network: Verify the computer name and domain that you are trying to connect“.
What does this Policy “Always Prompt for Password Upon Connection” do?
This policy setting specifies whether Remote Desktop Services will always prompt the client for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. You must be signed in as an administrator to enable or disable always prompt for password upon connection.
The recommended state for this setting is: Enabled.
Some Remote Desktop Users have the option to store both their username and password when they create a new Remote Desktop Connection shortcut. Some organisations do not permit this! If the server that runs Remote Desktop Services allows users who have used this feature to log on to the server, but not enter their password. This implies, when an attacker gains physical access to the user’s computer, he/she could connect to a Remote Desktop Server through the Remote Desktop Connection shortcut, even though they may not know the user’s password.
Impact of disabling credential Prompts for Remote Desktop Connection
Users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They will be prompted for a password to log on. To establish the recommended configuration via Group Policy, please set the following UI path to
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Always prompt for password upon connection
Note: This Group Policy path is provided by the Group Policy template
TerminalServer.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates. Please see how to fix Remote Desktop can’t connect to the remote computer for one of these reasons, and how to “View RDP Configuration Settings: Connect automatically on an RDP session“.
As you can see below, this policy is currently set to
enabled. In the next section, I will be showing you how to disable it if you still wish to proceed with it 🙂
Default Value: Disabled. (Remote Desktop Services allows users to automatically log on if they enter a password in the Remote Desktop Connection client.) But if this setting has been enabled previously, please follow the steps below to have it disabled.
Next, apply gpupdate to ensure the policies are immediately applied. To learn more about this, please see “Group Policy GPUpdate Commands“.
Disable credentials from Remote Desktop
To disable credentials from Remote Desktop in Windows. Kindly open Group Policy Editor and navigate to the following UI path.
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
In the right pane, double-click on Always prompt for password upon connection. Ensure this is set to Disabled. Do not forget to apply your settings or click on Ok on the fly.
Disable Always Prompt for Password upon Remote Desktop Connection via Windows registry
To do this, please navigate to the following Registry path below. If the following DWORD does not already exist. Please create it “
PromptForPassword“, and set it to
0 to have it disabled.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Connect to Devices via RDP
To test this setting, you can use the Remote Desktop Connection (mstsc.exe) or Microsoft Remote Desktop app to connect to and control your device from a remote device.
I hope you found this article useful on how to Disable credential Prompts for Remote Desktop Connections. Please let me know in the comment section if you have any questions.