We have a single RD Gateway which is used for Internal and External access for All Users. We use NLA, but we have issues with Users who are able to save Credentials into RDP Software, be it Remote Desktop Client or iTap Mobile. We see this as a huge security risk as we cant restrict which devices can connect.
What are we missing? Should/can we restrict the devices that connect or can we restrict saving of credentials when the connection is requested?
Thanks for the question.
If the clients use RDC and are domain joined, you can use this group policy to disable password saving.
Computer/User Configuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Connect Client | Do not allow passwords to be saved
For other kinds of clients, you may need to look for other methods to secure your RDS.
Using Group Policy to Manage Client Connections Through Remote Desktop Gateway
Enable or Disable Credential Sharing for Connections Through Remote Desktop Gateway
Hope this helps.
I am trying to close out this item, and have not had much luck in securing RD Gateway to the extent that a User can use a 3rd party client like iTap RDP and save credentials.
Any other thoughts as iTap RDP refuse to respond to me - am hoping I can lock down at server as there are a lot of 3rd party clients I would need to look at. :)