|Platform: win2016||Date: (C)2017-08-03 (M)2019-05-13|
"Do not allow passwords to be saved"
This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server.
An attacker with physical access to the computer may be able to break the protection guarding saved passwords. An attacker who compromises a user's account and connects to their computer could use saved passwords to gain access to additional hosts.
Enable this setting.
If you enable this policy setting, the password saving checkbox is disabled for Terminal Services clients and users will not be able to save passwords.
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:40314|