Information
This policy setting helps prevent Remote Desktop clients from saving passwords on a computer.
The recommended state for this setting is: Enabled
Note: If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Remote Desktop client disconnects from any server.
An attacker with physical access to the computer may be able to break the protection guarding saved passwords. An attacker who compromises a user's account and connects to their computer could use saved passwords to gain access to additional hosts.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled
Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Do not allow passwords to be saved
Impact:
The password saving checkbox will be disabled for Remote Desktop clients and users will not be able to save passwords.