Information
This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server. An attacker with physical access to the computer may be able to break the protection guarding saved passwords. An attacker who compromises a user's account and connects to their computer could use saved passwords to gain access to additional hosts.
Solution
Configure the following Group Policy setting in a manner that is consistent with the security and operational requirements of your organization-
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Do not allow passwords to be saved
Impact- If you enable this policy setting, the password saving checkbox is disabled for Terminal Services clients and users will not be able to save passwords.