Windows Remote Desktop Connection is used almost every day, so ease of use is very important. If you use it frequently, you may find that in some systems, you need to enter a password every time you connect, even if the password has been saved and the password is correct.
This issue is due to policy settings.
Just look at the results, this option can be set by running gpedit.msc to open the Group Policy Editor, the path is Computer Configuration > Administrative Templates > System > Credential Assignment > Allow assignment of saved credentials for NTLM server authentication only. Enable, and add TERMSRV/* in Add server to list. After saving, you can wait for the group policy to take effect, or manually refresh the group policy:
In addition, you need to pay attention to cancel the option of always requiring credentials in the remote desktop connection client software, so that automatic login is supported:
The description of this policy item is as follows. It can be seen from it that by default, computers that have joined the domain will not use the saved password to automatically connect, while computers that have not joined the domain can. So we need to manually enable the policy in the domain computer:
This policy setting applies to applications that use Cred SSP components (for example: Terminal Server). This policy applies when server authentication is implemented through NTLM.
If you enable this policy setting, you can specify the servers to which the user's saved credentials (saved credentials are credentials that are selected to be saved/remembered by using the Windows Credential Manager) can be assigned.
If this policy setting is not configured (by default), after proper mutual authentication, the assignment of saved credentials to a Terminal Server (TERMSRV/*) running on any computer is allowed, provided that the client computer is not any members of the domain. If the client is joined to a domain, by default no saved credentials are allowed to be assigned to any computer.
If you disable this policy setting, no computers are allowed to be assigned saved credentials.
Note: "Allow assignment of saved credentials for NTLM-only server authentication" can be set on one or more Service Principal Names (SPNs). SPNs represent target servers to which user credentials can be assigned. A single wildcard is allowed when specifying an SPN.
For example:
TERMSRV/host.humanresources.fabrikam.com means terminal server running on host.humanresources.fabrikam.com computer
TERMSRV/* means terminal server running on all computers.
TERMSRV/*.humanresources.fabrikam.com means terminal server running on all computers in humanresources.fabrikam.com