KBA-01523: Using saved RDP credentials on Windows for hosts without fully verified identities

Question:

Is there any way to get Windows 7 to use those saved remote desktop credentials?

Answer:

Frequently, this procedure will work:

  1. Open a CMD window
  2. Open Group Policy Editor via gpedit.msc.
  3. Navigate to Local Computer Policy | Computer Configuration | Administrative Templates | System | Credentials Delegation.
  4. Open Setting: Allow Delegating Saved Credentials with NTLM-only Server Authentication.
  5. Set it to Enabled …. If already enabled proceed to list of servers.
  6. Click on Show… in the options area.
  7. In Show Contents window add Value lines in the format TERMSRV/terminal.server.com. 
  8. Close all windows by pressing OK. 
  9. Run cmd and enter gpupdate command to update your policy.

Additional Comments:

This KBA does not take a position in the debate over whether it is better to have obnoxious passwords and store them for easy use within well protected systems or to have human-usable passwords that must be typed each time. Ideally, your password would be 26 mixed-case alphanumeric characters and contra-dictionary but somehow user-friendly. You may see a message such as

Your credentials did not work
Your system administrator does not allow the use of saved credentials to log on to the remote computer terminal.server.com because its identity is not fully verified. Please enter new credentials.

This is particulary necessary for IP addresses – TERMSRV/129.21.142.123


KBA-01523; Last updated: October 12, 2018 at 6:25 am
Keywords:  RDP; GPEDIT