Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > Terminal Services Security Issue with Cached Credentials

Reply
Thread Tools Display Modes

Terminal Services Security Issue with Cached Credentials

 
 
bryan.rutkowski@gmail.com
Guest
Posts: n/a

 
      10-29-2007, 03:52 PM
I have noticed a security issue regarding the Cached Credentials
(Saved Username and Passwords) in Terminal Services. I had previously
run Terminal Services and connected to multiple servers entering my
credentials and saving them so I wouldn't have to enter them again.
Recently though I have been asked to disable this feature for everyone
in the company. So I have been testing a solution on my workstation
to force users to enter their credentials and clear out their old
saved credentials so they can't use that function anymore.

I found the following GPO settings which are supposed to force
entering of credentials.

-----
"Always prompt client for password upon connection"

Specifies whether Terminal Services always prompts the client for a
password upon connection.

You can use this setting to enforce a password prompt for users
logging on to Terminal Services, even if they already provided the
password in the Remote Desktop Connection client.

If the status is set to Enabled, users cannot automatically log on to
Terminal Services by supplying their passwords in the Remote Desktop
Connection client. They are prompted for a password to log on.
-----

I also found this GPO

-----
"Do not allow passwords to be saved"

Controls whether passwords can be saved on this computer from Terminal
Services clients.

If you enable this setting the password saving checkbox in Terminal
Services clients will be disabled and users will no longer be able to
save passwords. When a user opens an RDP file using the Terminal
Services client and saves his settings, any password that previously
existed in the RDP file will be deleted.

If you disable this setting or leave it not configured, the user will
be able to save passwords using the Terminal Services client.
-----

Now one would think when I enable both of these GPO's I would no
longer be able to login with saved usernames and passwords in Terminal
Services.

The problem is when I open my Terminal Services client (MSTSC) I am
still able to used cached credentials. I would have to click the link
to manually delete my saved credentials, otherwise it will keep them,
even though the GPO says I can't use them. Essentially making the GPO
settings worthless.

Does anyone know how to make it so it FORCES users to enter their
credentials every time, even if they saved them before the GPO was
set. Or is their a way to delete them remotely?
 
Reply With Quote
 
 
 
Reply

« Source code for controlling ethernet card in DOS? | AD Domain Network Share, Forced Domain User Account PW Changes »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cached credentials ThePro Windows Networking 2 12-04-2007 01:52 PM
Using cached credentials Joey Windows Networking 5 07-12-2007 04:00 PM
How long do cached credentials last? Tom Del Rosso Windows Networking 4 07-02-2005 07:01 AM
Cached User credentials (no logon box) // Security issue??? Gilbert Windows Networking 1 09-23-2004 07:28 PM
Terminal Services Issue Daljit Singh Windows Networking 1 08-14-2004 08:55 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11