Troubleshoot Windows Remote Desktop Connection every time you are prompted for a password

Windows Remote Desktop Connection is used almost every day, so the ease of use is important. If you use it frequently, you may find that in some systems, you will need to enter a password for each connection, even if you have saved the password and the password is correct.

The problem is the policy setting.

Look directly at the results, this option can be run gpedit.msc Open Group Policy Editor, set up, path for Computer Configuration > Admin templates > System > Credential Assignment > Allows allocation of saved credentials for NTLM server authentication only. Enabled and adds termsrv/* to the list by adding the server. After saving, you can wait for Group Policy to take effect, or refresh Group Policy manually:

Also, be aware of canceling the always require credentials option in the Remote Desktop Connection client software to support automatic logon:

The description of this policy entry shows that computers that are joined to a domain by default are not automatically connected using saved passwords, and computers that are not joined to a domain are available. So we need to manually enable this policy on the domain computer:

This policy setting applies to applications that use the Cred SSP component (for example, Terminal Server). This policy is applicable when server authentication is implemented through NTLM.

If you enable this policy setting, you can specify a server to which you can assign user-saved credentials (saved credentials are selected to save/remember credentials by using Windows Credential Manager).

If this policy setting is not configured (by default), after proper mutual authentication, the saved credentials are allowed to be specified on a Terminal server (termsrv/*) running on any computer, provided that the client computer is not a member of any domain. If the client is joined to a domain, the saved credentials are not allowed to be assigned to any computer by default.

If you disable this policy setting, you are not allowed to assign saved credentials to any computer.

Note: You can set "allow allocation of saved credentials for NTLM-only server Authentication" on one or more service principal names (SPNs). The SPN represents the target server to which you can assign user credentials. A single wildcard character is allowed when specifying an SPN.

For example:

Termsrv/host.humanresources.fabrikam.com represents a terminal server running on a host.humanresources.fabrikam.com computer

termsrv/* represents a terminal server running on all computers.

TERMSRV/*.humanresources.fabrikam.com represents a terminal server on all computers running in humanresources.fabrikam.com