How to disable password storage in RDCman

MaLue 6 Reputation points
2021-09-30T11:41:13.403+00:00

By policy it's forbidden to save passwords (Remote Desktop Connection Client - "do not allow passwords to be saved").
unfortunately RDCman save its passwords nevertheless.
On a customer installation we don't want to leave a trace by our support members (especially not passwords in any form)

I know that encrypting password is a key feature of this tool. But I would like to disable that feature.
Any possibility to disable ?

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,126 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Jochem Bonarius 1 Reputation point
    2021-12-17T10:21:31.983+00:00

    I would like to upvote this question.
    When I remove the credentials in RDCMan, it seems to use my local AD credentials automatically. As a result I can automatically login to our production servers, i.e. not asking for a password.
    That is against our company policy (which is based on ISO 27001): logging in to a test/staging/production server must always ask for a password.

    The only "workaround" I found is setting the default credentials with an invalid password. That way it will show an "credentials were invalid" login screen. However, this will also log an invalid login attempt.

    So it should NOT use local AD credentials to login to remote servers. Maybe opt-in and if so, that should also be password protected. Else it's just too easy to abuse the AD credentials. This is not secure.

    0 comments No comments