0

I have a Win 8.1 Workstation joinde in a Windows Server 2012 R2 Domain (Essentials role). When trying to save Remote Desktop credentials I got this message.

Your system administrator does not allow the user of saved credentials to log on to the remote computer XXX because its identity is not fully verified. Please enter new credentials

Image:

enter image description here

I have found out it is related to some domain policy applied (as my question is very similar to this: Your system administrator does not allow the use of saved credentials to log on to the remote computer)

Where do I change this security setting in Windows Server 2012 R2?

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
Sam
  • 370
  • 1
  • 4
  • 18
  • Can you clarify what it is that you want to see? Do you just want to see a list of all of the GPO's that are linked to the domain or do you want to see all of the GPO settings that are being applied to your workstation and from which GPO's those settings are being applied from? – joeqwerty Dec 27 '14 at 18:27
  • 1
    Seeing every setting from all GPO's that are linked to the domain may not show you all of the settings that are being applied to your workstation and/or user account because there may be GPO's linked to OU's that are being applied to your workstation and/or user account. Additionally, settings in some GPO's may not be applied due to Inheritance Blocking. It seems to me that you want to see all GPO settings that are being applied to your workstation and/or user account. If so, then run gpresults from your workstation or from the Group Policy Management Console. – joeqwerty Dec 27 '14 at 18:37
  • 1
    GPRESULTS will show what settings are being applied and from which GPO's they're being applied. – joeqwerty Dec 27 '14 at 18:37
  • 1
    Sam, I'd suggest enabled both 'Allow delegating saved credentials' and 'Allow delegating saved credentials with NTLM-only server authentication' within Group Policy Management for your domain, this should resolve your issue (as explained in the linked post). You can also read this MS article which explains further regarding this group policy and how to enable it (http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx?PageIndex=3)). –  Dec 28 '14 at 16:34
  • Joe, I see. But, on a non-domain-joined workstation these settings are enabled (set to not configured), but when joined "not configured" means disabled as far as I can see..? – Sam Dec 29 '14 at 14:14

1 Answers1

1

I can confirm enabling: 'Allow delegating saved credentials' and 'Allow delegating saved credentials with NTLM-only server authentication' within Group Policy Management Editor for the domain solved the issue.

Sam
  • 370
  • 1
  • 4
  • 18