This "Tech Tip" article is focused on a Security Setting You might want to enable on your Terminal Servers Farms.

By default, Windows allows Users to store their Network and Messaging (Exchange, .Net Passport) Passwords.

The first problem is that these settings are not stored in the User Profile but locally on the Server in an encrypted base.

The Second problem is that you may want Users to be able to save such informations (When Defining Several Outlook Profiles for User convenience for example).

Also, for Security Considerations, You may not want any password to be stored within the local Base.

The solution is quite simple as a GPO Setting will help You to achieve Your Goal.

Open the Group Policy Editor of the Dedicated GPO (or the one that'll host the new setting and Navigate to :

Computer Configuration / Windows Settings / Security Settings : Security Options.

Here You'll find a Setting Called : "Network Access : Do Not allow Storage of Credentials or .Net Passports for network Authentication".

Please note that this GPO setting absolutely needs a Reboot to be Applied.

When running a gpupdate /force, the related GPO Setting will be read by the Server (or Client) but the Setting won't be efficient without rebooting.

When the setting is applied, the "Save Password" Checkbox will be removed from any Network Share or Messaging Login / Password Prompt.