When using remote desktop connection to connect to windows server 2008, 2008 R2, sbs 2008, vista or windows 7 and would use saved credentials. This doesn’t work when you start the connection you get the following error:
“Your system administrator does not allow the use of saved credentials to logon to the remote computer computername/ipadress because its identity is not fully verified. Please enter new credentials.
The logon attempt failed”.
This happens when trying to connect to a computer / server in another domain and no trust relationships exists. Windows then steps back to use NTLM and the default domain machine policy prohibits use of saved credentials. You can change this domain based or for a individual machine:
- Start local group policy editor, start – run – gpedit.msc
- Go to Local Computer Policy – Computer Configuration – Administrative Templates – System – Credentials Delegation
- Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
- Enable the policy, click Show and enter the value “TERMSRV/*” into the list.
Do the same thing for the following policies:
- Allow Delegating Saved Credentials
- Allow Delegating Default Credentials with NTLM-only Server Authentication and
- Allow Delegating Default Credentials
Close the policy editor, open a command prompt and use gpupdate /force to apply the policy directly