AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Ja Che
Ja Che
 asked on

Prevent RDP Credentials from being saved

Hello, we have a centralized SQL database that the company runs off of. Employees use Access as the front end and connect remotely (if offsite) using RDP. My main concern is that users are storing credentials, which can cause obvious security issues.

1.

Is there a way to prevent credentials from saving in RDP? Users access from home, iPhones, iPads, and other non-company machines, is there any way to stop credential saving in this scenario?

2.

We utilize OpenVPN for client/workstation connectivity. Only a few users currently have access. How could I use this as a gateway to prevent the credential saving scenario if users are remote?
Thank you in advance.
Windows Server 2008SecurityVPNActive DirectoryRemote Access
Avatar of undefined
Last Comment
Ja Che
8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Rob Williams
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
oBdA
Yes, that's possible.
Apply a policy to the server where the following setting is enabled: "Always prompt for password upon connection" in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.
The server will now refuse connection attempts with saved credentials and always prompt.
SOLUTION
Rich Rumble
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
oBdA
There is absolutely no need to control that on the client side.
The policy I described above is applied to the server, and once applied, the server will now refuse RDP logons with saved credentials from any client, managed or not.
The server will ignore any password sent with the connection attempt, and a password prompt will always pop up, even when an utterly unmanaged Linux client tries it.
Ja Che
ASKER
Great, Thanks!
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent