If I understand you wish to access your system with RDP from a location off your local network. If that is the case, have a look at something like Dynamic DNS. There are others as well and a Google serach will help. Your system will need a client to keep the system updated. Once setup, you will access via a name like server.dyndns.org. The name is chosen by you but uses one of the Dynamic DNS providers domain names.
Many small routers support Dynamic DNS. For example, D-Link offers the service with their routers and it works well. I use it daily.
Your alternative is to register a domain and setup DNS with the provider and configure the needed records for acccess.
i found the solution. It was at the same time both subtle, and obvious.
As mentioned in the question, when i was modifying the following Remote Desktop Connection Client Group Policy settings:
- Prompt for credentials on the client computer
- Do not allow passwords to be saved
i was checking them on the server:
i thought it would be the server that dictates what the client is allowed to do. Turns out that is completely wrong. It was @mpy's answer (while incorrect), which led me to the solution. i shouldn't be looking at the RDP client policy on the RDP server, i need to look at the RDP client policy on my RDP client machine:
On my client Windows 7 machine, the policy was:
- Do not allow passwords to be saved: Enabled
- Prompt for credentials on the client computer: Enabled
i do not know when these options were enabled (i did not enable them in recent memory). The confusing part is that even though
Do not allow passwords to be saved
is Enabled, the RDP client would still save password; but only for servers below Windows Server 2008.
The truth table of functioning:
Do not allow saved Prompt for creds Works for 2008+ servers Works for 2003 R2- servers
================== ================ ======================= ==========================
Enabled Enabled No Yes
Enabled Not Configured No No
Not Configured Enabled Yes Yes
Not Configured Not Configured Yes Yes
So there is the trick. The group policy settings under:
Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection Client
on the client machine need to be configured with:
- Do not allow passwords to be saved: Not Configured (critical)
- Prompt for credentials on the client computer: Not Configured
The other source of confusion is that while
- a domain Enabled policy cannot override a local Disabled
- a domain Disabled policy can be overridden by a local Enabled policy
Which again leads to a truth table:
Domain Policy Local Policy Effective Policy
============== ============== ==============================
Not Configured Not Configured Not configured (i.e. disabled)
Not Configured Disabled Disabled
Not Configured Enabled Enabled
Disabled Not Configured Disabled
Disabled Disabled Disabled
Disabled Enabled Disabled (client wins)
Enabled Not Configured Enabled
Enabled Disabled Enabled (domain wins)
Enabled Enabled Enabled
Best Answer
Before you start, ensure that your server is configured to allow Single Sign-On (SSO). If you have a Remote Desktop Session Host, the
Always Prompt for Password
setting should not be set for the connection inProperties>Log on Settings
and also on the General tab, the Security Layer should be set to Negotiate or SSL.Also, SSO needs to be enabled on your local / domain policy. Check the value of
Allow Delegating Default Credentials
here in your GPO:Also ensure that your server (TERMSRV/) is added to the server list, if required. You may use wild card characters to add multiple server names
When you run the Remote Desktop Connection, you should tick the box for
Allow me to save credentials
.You will then be prompted to enter your credentials. When you do so, ensure you tick the box for
Remember my credentials
. Your credentials should then be saved, and next time you log in it will be passed through.Here is a link with some basic step by step instructions: http://itowns.blogspot.co.uk/2011/06/enabling-remote-desktop-connection.html