none
Prevent RDP Client Software from using a Saved Password

    Question

  • We have a single RD Gateway which is used for Internal and External access for All Users. We use NLA, but we have issues with Users who are able to save Credentials into RDP Software, be it Remote Desktop Client or iTap Mobile. We see this as a huge security risk as we cant restrict which devices can connect.

    What are we missing? Should/can we restrict the devices that connect or can we restrict saving of credentials when the connection is requested?

    Tuesday, September 10, 2013 12:23 PM

All replies

  • Hi,

     

    Thanks for the question.

     

    If the clients use RDC and are domain joined, you can use this group policy to disable password saving.

     

    Computer/User Configuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Connect Client | Do not allow passwords to be saved

     

    For other kinds of clients, you may need to look for other methods to secure your RDS.

     

    Using Group Policy to Manage Client Connections Through Remote Desktop Gateway

    http://technet.microsoft.com/en-us/library/cc730633.aspx

     

    RD Gateway

    http://technet.microsoft.com/en-us/library/ee791831(v=ws.10).aspx

     

    Enable or Disable Credential Sharing for Connections Through Remote Desktop Gateway

    http://technet.microsoft.com/en-us/library/cc732614.aspx

     

    Hope this helps.


    Best Regards
    Jeremy Wu

    Thursday, September 12, 2013 9:48 AM
    Moderator
  • Hi,

    I would like to check if you need further assistance.

    Thanks.


    Best Regards
    Jeremy Wu

    Wednesday, September 18, 2013 9:45 AM
    Moderator
  • Thanks Jeremy.

    So far using those links I have not found any solution - the specific scenario I am focusing on is not allowing iTap Mobile RDP to save Username/Password in client. 

    Thursday, September 19, 2013 6:05 AM
  • Hi,

    Thanks for the reply.

    As iTap Mobile RDP is not a Microsoft product, I’m afraid that you need to contact their support to see if they can do something on their product.

    http://itap-mobile.com/itap-rdp

    Thanks.


    Best Regards
    Jeremy Wu

    Thursday, September 19, 2013 7:37 AM
    Moderator
  • I suppose the way I am looking at it, is that RDS is a Microsoft product so hoping you can restrict someway to force a password to be entered or some type of policy check on Mac Address or similar.
    Friday, September 20, 2013 12:39 AM
  • Hi Jeremy,

    I am trying to close out this item, and have not had much luck in securing RD Gateway to the extent that a User can use a 3rd party client like iTap RDP and save credentials.

    Any other thoughts as iTap RDP refuse to respond to me - am hoping I can lock down at server as there are a lot of 3rd party clients I would need to look at. :)

    Wednesday, December 04, 2013 4:26 AM