We are a bit perplexed on how we can force the login page to never ask to or save the users passwords. We have forced public mode and that is not a fix. I'm aware of the group policies to do this, but that is IE specific and domain-joined specific. We have an application that is SSO that we publish via RemoteApps. The problem is that they save their credentials in RDWeb they go right in to the application. They love it, but security wise it not ideal by any stretch
Our scenario is we use RDWeb ONLY internally, but we still don't want what I've describe above. Autocomplete=off is just ignored in browsers today so I'm not even sure why they still include it in the html in the login page.
Anyone have a solution to this? Would using this group poicy on the server that hosts the application work?
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\DenySavedCredentials
I've never used this, but would this work in this way:
Users that haven't saved their credentials would enter credentials twice: Going into RDWeb and when they launch the application
Users that have saved their credentials would enter credentials once: Only when they launch the application.
Thanks in advance.