How do I prevent W10 from automatically appending its domain name (which is our corporate AD one) to any username I use to connect to all sorts of remote computers by RDP? Exact same issue is also happening with SMBv2. In both cases the domain name seems to be added by the Windows Security window as that's the last stage where the username still shows up w/o domain name – and upon entering the password and trying to connect it returns "Your credentials did not work" and "The login attempt failed" displaying the username with domain name appended this time. Basically I want it to completely forget the fact it's part of a domain for such connections. I'm well aware that prefixing all those usernames with \ helps (e.g. as described here) but what I'm after is making desired behaviour default, so that I don't have to use \ at all, like with W7 for years and years in the past. Many thanks in advance!
Remote Desktop – Remote Desktop with Windows 10: Domain Name Appended to Username
remote desktop
Related Solutions
You can save credentials. If you save the connection as an RPD file, and use that file to initiate the connection, you can specify in options for the connection "Allow me to save credentials". It will prompt you the first time then shouldn't afterwards. It's possible your domain is set up in such a way that you can't save the credentials at all.
i found the solution. It was at the same time both subtle, and obvious.
As mentioned in the question, when i was modifying the following Remote Desktop Connection Client Group Policy settings:
- Prompt for credentials on the client computer
- Do not allow passwords to be saved
i was checking them on the server:
i thought it would be the server that dictates what the client is allowed to do. Turns out that is completely wrong. It was @mpy's answer (while incorrect), which led me to the solution. i shouldn't be looking at the RDP client policy on the RDP server, i need to look at the RDP client policy on my RDP client machine:
On my client Windows 7 machine, the policy was:
- Do not allow passwords to be saved: Enabled
- Prompt for credentials on the client computer: Enabled
i do not know when these options were enabled (i did not enable them in recent memory). The confusing part is that even though
Do not allow passwords to be saved
is Enabled, the RDP client would still save password; but only for servers below Windows Server 2008.
The truth table of functioning:
Do not allow saved Prompt for creds Works for 2008+ servers Works for 2003 R2- servers
================== ================ ======================= ==========================
Enabled Enabled No Yes
Enabled Not Configured No No
Not Configured Enabled Yes Yes
Not Configured Not Configured Yes Yes
So there is the trick. The group policy settings under:
Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection Client
on the client machine need to be configured with:
- Do not allow passwords to be saved: Not Configured (critical)
- Prompt for credentials on the client computer: Not Configured
The other source of confusion is that while
- a domain Enabled policy cannot override a local Disabled
- a domain Disabled policy can be overridden by a local Enabled policy
Which again leads to a truth table:
Domain Policy Local Policy Effective Policy
============== ============== ==============================
Not Configured Not Configured Not configured (i.e. disabled)
Not Configured Disabled Disabled
Not Configured Enabled Enabled
Disabled Not Configured Disabled
Disabled Disabled Disabled
Disabled Enabled Disabled (client wins)
Enabled Not Configured Enabled
Enabled Disabled Enabled (domain wins)
Enabled Enabled Enabled
Best Answer
Times, systems and security changed (and we have all been caught with these changes).
Windows 10 and 11 now you must use the domain name in the systems you are using.
It may be that the number of members of your workgroups is pushing the limits of workgroups (normally 10 max).
Also it may relate to the way your IT department sets up machines.
So just use it and adapt as we all had to do.