Workgroup Computers - Remove option to Save RDP Credentials

Hello,

We have  a workgroup environment that uses the RDWeb to access company resources.  When the user logs into RDWeb and clicks the resource (RDP), it prompts them for their Username and Password and Provides the option to save those credentials.  Is there a way, without modifying the local policy of the workgroup computer, to disable / remove that option from server side (Windows Server 2012 R2)?

Thank you.
George FreemanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aravind ancheWindows/Vmware Commented:
type gpedit
User Configuration | Administrative Templates | Windows Components | Remote Desktop Services
Select the Remote Desktop Connection Client item under Remote Desktop Services. In the Setting list on the right, double-click on the Do not allow passwords to be saved setting.
On the dialog box that displays, select the Enabled radio button.
1
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Note: Doing that on the target machine will not prevent the option to be available, but passwords will not be used when connecting​, with an according message telling about that.
1
aravind ancheWindows/Vmware Commented:
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
Under Connections, right-click the name of the connection, and then click Properties.
In the Properties dialog box for the connection, on the Log on Settings tab, configure the logon settings as appropriate for your environment, and then click OK.
https://technet.microsoft.com/en-us/library/cc730945.aspx?f=255&MSPPError=-2147217396
1
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

George FreemanAuthor Commented:
Thank you for your replies.

@dj 3094,
In reference are end user computers and public computers.  We do not want to allow the ability to save their credentials to the rdp session.  Will your solution work for this type of scenario?  Also, the Remote Desktop Session Host Configuration isn't available on the Server 2012 R2.  Do you know where I would go set said settings or point me in another direction if that is required?

Thanks again.
0
aravind ancheWindows/Vmware Commented:
I have not tried but will try on monday and let you know

We can access

Click Start, click Run, type mmc and then press ENTER.
On the File menu, click Add/Remove Snap-in.
Under Available snap-ins, click Remote Desktop Session Host Configuration, and then click Add.
In the Select Computer dialog box, select whether you want to connect to the local computer or to another computer. If you select Another computer, either type in the name of the computer or use Browse to search for the computer.
Click OK.
In the Add or Remove Snap-ins dialog box, click OK

https://technet.microsoft.com/en-us/library/cc731617%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396
0
George FreemanAuthor Commented:
Thank you, I look forward to your response.  I re-read my comment and I believe it doesn't make perfect sense.  What I mean to say is the users will be using public computers in which I will have zero access to.  The changes will need to be made server side.  Thank you again!
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
As said, you can set the server side up to always ask for the password, but that does not prevent saving it on the local machine, it just hasn't any effect to do so. The password is stored in the machines encrypted and protected part of the registry.

To be secure you would need to have control over the clients, which you do not. Public computers need to be closed down to only allow a very restricted set of operations anyway.
0
George FreemanAuthor Commented:
Since this is RDWeb access and will be access from various machines completely outside our organization / control what would you recommend?  I am guessing some form of TFA that requires a token refresh or the like every login?  Your continued help is appreciated.  I can't believe we are the first people to use RDWeb and want it secured from people using their personal systems to 'always remember' all of their logins.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
I can't remember exactly, but I think the RDP password is only saved if the login was successful. If true, inhibiting the usage of a stored password should prevent storing it already.
1
George FreemanAuthor Commented:
Thank you for all the replies.  We have decided to go the route of Multi-authentication.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
George FreemanAuthor Commented:
We have decided to go a different route and implement multi-authentication.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.