>

Enable the use of saved credentials with remote desktop connection

When using remote desktop connection to connect to windows server 2008, 2008 R2, sbs 2008, vista or windows 7 and would use saved credentials. This doesn’t work when you start the connection you get the following error:

“Your system administrator does not allow the use of saved credentials to logon to the remote computer computername/ipadress because its identity is not fully verified. Please enter new credentials.” “The logon attempt failed”

Solution: This happens when trying to connect to a computer / server in another domain and no trust relationships exists. Windows then steps back to use NTLM and the default domain machine policy prohibits use of saved credentials. You can change this domain based or for a individual machine:

Start local group policy editor, start – run – gpedit.msc
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
Enable the policy, click Show and enter the value “TERMSRV/*” into the list.

Do the same thing for the following policies:
“Allow Delegating Saved Credentials”, “Allow Delegating Default Credentials with NTLM-only Server Authentication” en “Allow Delegating Default Credentials”

Close the policy editor,
open a command prompt and use “gpupdate /force” to apply the policy directly

33 Responses to “Enable the use of saved credentials with remote desktop connection”

  1. Embo says:

    You a diamond, geezer.

  2. Bruce says:

    I tried this on SBS 2008 Server and the problem remains – any other ideas?

    Thanks!
    Bruce

  3. RedaDZ says:

    Hi, Do you have to do this on the Client machine or on the Server 2008? it’s confiusing..:-(

    Thanks for your reply

  4. Darrkon says:

    Thanks for this.. worked like a charm!

  5. Peter says:

    You are my Hero! 😉

  6. jim says:

    if you somehow figured this out on your own you are some kind of sorcerer. thanks for the tip! it was really annoying me 🙂

  7. Peter the second says:

    Everyone: this works. Thank you for finally resolving this issue.

  8. Jason Anderson says:

    Thanks a ton!!!!!!!!!!!!!!!

  9. Lukas says:

    This saved me a lot of headaches!!! Thanks so much! The article on http://www.microsoft.com was good, but this gave me additional info that helped me finally resolve the issue. Thanks, again!

  10. Raj Sahae says:

    Fantastic tip! Worked perfectly for me when I wasn’t able to connect to a Win7 VM from another Win7 client. Great find.

  11. d'oh says:

    Yep – this worked for me too. It took me a few tries to get the server name right in the “TERMSRV/” step. Just keep playing with it until you find the magic.

  12. itso says:

    Can this be configured on Windows Server 2003 under GP?

    • ronnypot says:

      That should not be a problem, if the GPO is not included within 2003 you need to create a so called central store. You should create a management station on a windows 7 or 2008 R2 server to administrator the GPO’s

  13. Sonam says:

    Just wanted to say that this has perfectly worked. I want you to know that tips like this from you is giving lots of relief for many like me. Thanks

  14. Phil says:

    Just want to say thanks, this worked a treat on a Win 7 Pro machine trying to RDP into a Win 2012 Essentials Home Server.

  15. Manel says:

    Great!!! It works!! Thanks a lot.

  16. Dan says:

    This is not working for me unfortunately.
    I have two machines, both with Windows 7 SP1 x64.
    None of them has the above policy set.
    On one of them i can remote login with saved credentials while on the second one i got the error message.
    I followed the above steps on the second machine, force the policy update but no luck..
    Any idea on this?

    thanks.

  17. Rolmha says:

    Thank You so much.
    This has been bugging me for ages.
    I can now work much more efficiently and I don’t have to have all the passwords written down for reference.

  18. Buddhi says:

    You are life sever geezer 🙂

  19. Dean says:

    Awesome. Made me famous 🙂

  20. Dan says:

    Perfect !
    It was boring me for months 🙁
    Everything is ok now

    Thank you

  21. Niels says:

    I’m currently experiencing this problem, however i do not have the registry string you placed here. any ideas?

    • Niels says:

      followup, starting from “”Credentials Delegation Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication” Enable the policy, click Show and enter the value “TERMSRV/*” into the list. – See more at: http://blog.ronnypot.nl/?p=247#comment-191013“” i can’t get any further, credentials delegation doesnt exsist

  22. Prageeth says:

    Am trying to RDP using powershell.. even after doing all these am still asked for a password… any idea ?

  23. OldLost says:

    Unfortunately this didn’t work for me. All the computers I’m trying to connect to are in the same domain, not cross domain like it talks about above. Any ideas for resolution?

  24. Dean Moncaster says:

    You should specify that this should be done on the local PC rather than the server to make it more obvious to new users.

  25. Arnold says:

    No luck in Windows 10.. Tried also to remove the saved credentials from the credentialmanager.

  26. tarun says:

    it’s worked

    but the credential only save one user ,when i login and logoff the system and login again with different user system ask again password.

    pls reply

Leave a Reply

Sharing Buttons by Linksku