![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 61%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,092 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 12%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
I would like to upvote this question.
When I remove the credentials in RDCMan, it seems to use my local AD credentials automatically. As a result I can automatically login to our production servers, i.e. not asking for a password.
That is against our company policy (which is based on ISO 27001): logging in to a test/staging/production server must always ask for a password.
The only "workaround" I found is setting the default credentials with an invalid password. That way it will show an "credentials were invalid" login screen. However, this will also log an invalid login attempt.
So it should NOT use local AD credentials to login to remote servers. Maybe opt-in and if so, that should also be password protected. Else it's just too easy to abuse the AD credentials. This is not secure.