Hello everyone, in this post, we will explore how to set the Don’t Allow Passwords to be Saved Policy Using Intune. We will check how to apply this policy using Intune’s Configuration Profiles. The main aspect of this policy is to acquire understanding and hands-on experience in configuring and setting the Don’t Allow Passwords to be Saved Policy Using Intune.
Don’t Allow Passwords to be Saved Policy Using Intune determines whether the option to save passwords on this computer from Remote Desktop Connection is allowed. Enabling this setting will deactivate the password-saving checkbox in Remote Desktop Connection, preventing users from saving passwords.
If a user opens an RDP file with Remote Desktop Connection, any pre-existing password information in the file will be removed when they save their settings. Once the setting is enabled and the password-saving checkbox is disabled, users won’t have the ability to save passwords when establishing remote desktop connections. This can enhance security, as saved passwords might pose a risk if unauthorized users gain access to the local machine.
On the other hand, if you decide to disable this specific setting or leave it unconfigured, users will retain the ability to save passwords using Remote Desktop Connection. This might be useful in scenarios where convenience outweighs potential security concerns, but assessing the risks is important.
An RDP file is a configuration file used by Remote Desktop Connection to store settings for a specific remote desktop connection. If a user opens an RDP file using Remote Desktop Connection and then proceeds to save their settings, any passwords that were previously stored within that RDP file will be removed. This helps maintain security by ensuring that passwords are not inadvertently saved within configuration files.
- Implement Password Complexity Policy using Intune
- How to Block Users from Account Details on the Sign-In Policy using Intune
Don’t Allow Passwords to be Saved Policy using Intune
To set the Don’t Allow Passwords to be Saved Policy Using Intune, follow the steps stated below:
- Sign in to the Intune Admin Center portal https://intune.microsoft.com/.
- Select Devices > Windows > Configuration profiles > Create a profile.
In Create Profile, Select Windows 10 and later in Platform, and Select Profile Type as Settings catalog. Click on Create button.
| Platform | Profile Type |
|---|---|
| Windows 10 and later | Settings Catalog |
On the Basics tab pane, provide a name for the policy as “Don’t Allow Passwords to be Saved Policy.” Optionally, you can enter a policy description and proceed by selecting “Next.“
Now in Configuration Settings, click Add Settings to browse or search the catalog for the settings you want to configure.
In the Settings Picker windows, search by the keyword Password, among many, you’ll get the category Administrative Templates\Windows Components\Remote Desktop Connection Client, and select this.
When you select the option as stated above, you will see one option, which is Do not allow passwords to be saved. After selecting your setting, click the cross mark at the right-hand corner, as shown below.
In the Administrative Templates, set Do not allow passwords to be saved to Enabled and click on Next as shown below in the image.
Using Scope tags, you can assign a tag to filter the profile to specific IT groups. One can add scope tags (if required) and click Next to continue. Now in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups, and click Next to continue.
In the Review + Create tab, you need to review your settings. After clicking on Create, your changes are saved, and the profile is assigned.
Upon successfully creating the “Don’t Allow Passwords to be Saved Policy,” notification will appear in the top right-hand corner, confirming the action. You can also verify the policy’s existence by navigating to the Configuration Profiles list, where it will be prominently displayed.
Your groups will receive your profile settings when the devices check in with the Intune service. The Policy applies to the device.
Intune Report for Don’t Allow Passwords to be Saved Policy
From Intune Portal, you can view the Intune settings catalog profile report, which provides an overview of device configuration policies and deployment status.
To monitor the implementation of the policy, you must choose the appropriate policy from the Configuration Profiles list. Here I choose Don’t Allow Passwords to be Saved Policy from the list. By examining the status of device and user check-ins, you can ascertain the successful application of the policy. If you need more comprehensive details, you can click the “View Report” option to access supplementary insights. As you can see, it is successfully implemented on the targeted device.
Registry-Key Verification for DoNotAllowPasswordSaving
To access the registry settings that hold the group policy configurations on a specific computer, you can execute “REGEDIT.exe” on the target computer and navigate to the precise registry path mentioned below where these settings are stored.
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\5B88AEF1-09E8-43BB-B144-7254ACBBDFF3E\default\Device\RemoteDesktopServices
When you navigate the above path in the Registry Editor, you will find the registry key DoNotAllowPasswordSaving. Refer to the table and image below.
| Registry Name | Data |
|---|---|
| DoNotAllowPasswordSaving | Enabled |
As you can confirm from the above image, the Registry key has been created, and we can confirm that the policy has been implemented on the target device successfully.
Author
Abhinav Rana is working as an SCCM Admin. He loves to help the community by sharing his knowledge. He is a B.Tech graduate in Information Technology.