Enable the use of saved credentials with remote desktop connection
When using remote desktop connection to connect to windows server 2008, 2008 R2, sbs 2008, vista or windows 7 and would use saved credentials. This doesn’t work when you start the connection you get the following error:
“Your system administrator does not allow the use of saved credentials to logon to the remote computer computername/ipadress because its identity is not fully verified. Please enter new credentials.” “The logon attempt failed”
Solution: This happens when trying to connect to a computer / server in another domain and no trust relationships exists. Windows then steps back to use NTLM and the default domain machine policy prohibits use of saved credentials. You can change this domain based or for a individual machine:
Start local group policy editor, start – run – gpedit.msc
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
Enable the policy, click Show and enter the value “TERMSRV/*” into the list.
Do the same thing for the following policies:
“Allow Delegating Saved Credentials”, “Allow Delegating Default Credentials with NTLM-only Server Authentication” en “Allow Delegating Default Credentials”
Close the policy editor,
open a command prompt and use “gpupdate /force” to apply the policy directly
Tags: remote desktop services, sbs 2008, terminal services, windows 2008, windows 2008R2
You a diamond, geezer.
I tried this on SBS 2008 Server and the problem remains – any other ideas?
Thanks!
Bruce
Hi, Do you have to do this on the Client machine or on the Server 2008? it’s confiusing..:-(
Thanks for your reply
Hi,
You have to do this on your client machine.
Thanks for this.. worked like a charm!
You are my Hero! 😉
if you somehow figured this out on your own you are some kind of sorcerer. thanks for the tip! it was really annoying me 🙂
Everyone: this works. Thank you for finally resolving this issue.
Thanks a ton!!!!!!!!!!!!!!!
This saved me a lot of headaches!!! Thanks so much! The article on http://www.microsoft.com was good, but this gave me additional info that helped me finally resolve the issue. Thanks, again!
Fantastic tip! Worked perfectly for me when I wasn’t able to connect to a Win7 VM from another Win7 client. Great find.
Yep – this worked for me too. It took me a few tries to get the server name right in the “TERMSRV/” step. Just keep playing with it until you find the magic.
Can this be configured on Windows Server 2003 under GP?
That should not be a problem, if the GPO is not included within 2003 you need to create a so called central store. You should create a management station on a windows 7 or 2008 R2 server to administrator the GPO’s
Just wanted to say that this has perfectly worked. I want you to know that tips like this from you is giving lots of relief for many like me. Thanks
Just want to say thanks, this worked a treat on a Win 7 Pro machine trying to RDP into a Win 2012 Essentials Home Server.
Great!!! It works!! Thanks a lot.
[…] This link might help, instead. […]
The link doesn’t work anymore.
which link are you talking about, there isn’t any link in the article as far as I can see.
This is not working for me unfortunately.
I have two machines, both with Windows 7 SP1 x64.
None of them has the above policy set.
On one of them i can remote login with saved credentials while on the second one i got the error message.
I followed the above steps on the second machine, force the policy update but no luck..
Any idea on this?
thanks.
Thank You so much.
This has been bugging me for ages.
I can now work much more efficiently and I don’t have to have all the passwords written down for reference.
Legend!
You are life sever geezer 🙂
Awesome. Made me famous 🙂
Perfect !
It was boring me for months 🙁
Everything is ok now
Thank you
I’m currently experiencing this problem, however i do not have the registry string you placed here. any ideas?
followup, starting from “”Credentials Delegation Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication” Enable the policy, click Show and enter the value “TERMSRV/*” into the list. – See more at: http://blog.ronnypot.nl/?p=247#comment-191013“” i can’t get any further, credentials delegation doesnt exsist
Am trying to RDP using powershell.. even after doing all these am still asked for a password… any idea ?
Unfortunately this didn’t work for me. All the computers I’m trying to connect to are in the same domain, not cross domain like it talks about above. Any ideas for resolution?
You should specify that this should be done on the local PC rather than the server to make it more obvious to new users.
No luck in Windows 10.. Tried also to remove the saved credentials from the credentialmanager.
it’s worked
but the credential only save one user ,when i login and logoff the system and login again with different user system ask again password.
pls reply
It worked. Thanks a lot