How can we help you today?

Start a new topic
Discussions Royal TS (for Windows) Questions

Deny creating credentials stored in a remote desktop object

You can store credentials in Remote Desktop objects in Royal TS. Is there a way (config file / registry key) to deny this like for the creation of credential objects?

4 CommentsSorted by Oldest First

Hi Thomas,


we do have a variety of policies, which are listed here:

https://docs.royalapps.com/r2023/scripting/objects/options/royalapplicationsetting.html#policy


The one you may be looking for is the "PolicyDoNotAllowCreateCredentialObjects" policy:


Information on how to apply these policies can be found here:

https://docs.royalapps.com/r2023/royalts/advanced/default-settings.html


I hope this helps!


Best regards,

Christoph 

Hi Christoph,


I already looked through all the policies and successfully implemented "PolicyDoNotAllowCreateCredentialObjects" and it works because I cannot create credential objects anymore. But if I'm inside a remote desktop object, I still have the possibility to set a specific user name and password which is then saved to the RTSZ file.


image



How can I deny the creation of these credentials inside the remote desktop object?


Best regards,

Thomas

Hi Thomas,


thanks for the follow-up.


I believe that using the Lockdown functionality would be the solution for this, as it has a setting "Do not allow to edit or modify this document", which denies anyone without the Lockdown password to modify the document:


More information regarding the Lockdown functionality can be found here:

https://docs.royalapps.com/r2023/royalts/tutorials/working-with-lockdown-documents.html


Please let me know if you need any further assistance.


Best regards,

Christoph



To deny saving credentials in Remote Desktop, you can use several methods for better security. In Group Policy, go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security, and enable "Do not allow storage of credentials." Alternatively, in the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services and set fDenyTSConnections to 1 to disable Remote Desktop connections. You can also uncheck "Allow me to save credentials" in the Remote Desktop Connection app under Show Options. These steps prevent credential storage, enhancing security but may affect user convenience.

Login or Signup to post a comment
More topics in Questions
See all 276 topics