Link to home
Create AccountLog in
Avatar of Ja Che
Ja Che

asked on

Prevent RDP Credentials from being saved

Hello, we have a centralized SQL database that the company runs off of. Employees use Access as the front end and connect remotely (if offsite) using RDP. My main concern is that users are storing credentials, which can cause obvious security issues.

1.

Is there a way to prevent credentials from saving in RDP? Users access from home, iPhones, iPads, and other non-company machines, is there any way to stop credential saving in this scenario?

2.

We utilize OpenVPN for client/workstation connectivity. Only a few users currently have access. How could I use this as a gateway to prevent the credential saving scenario if users are remote?
Thank you in advance.
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of oBdA
oBdA

Yes, that's possible.
Apply a policy to the server where the following setting is enabled: "Always prompt for password upon connection" in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.
The server will now refuse connection attempts with saved credentials and always prompt.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
There is absolutely no need to control that on the client side.
The policy I described above is applied to the server, and once applied, the server will now refuse RDP logons with saved credentials from any client, managed or not.
The server will ignore any password sent with the connection attempt, and a password prompt will always pop up, even when an utterly unmanaged Linux client tries it.
Avatar of Ja Che

ASKER

Great, Thanks!