How to prevent windows credential manager data from being used?

Hi,
The application does not use the Windows credentials manager If I remember correctly when using embedded RDP with the username and password saved in the database.

Were you using the embedded or external mode?

Hi,

embedded mode. While searching for a solution I found this post by Maurice where he says that RDM would use the Windows CM.

Best regards, Thomas.

Hi again,
In embedded mode we extract the username and password from the Credential Manager when nothing is specified in the database and we can find an entry in the CM.

Hi David,

thank you for investigating. I think there may be some caching effect involved that confuses me. I need to repeat my description to make that understandable:

In the shared RDP sessions, there are no shared credentials applied. RDM should find them at a parent node (folder), where I applied the credentials from my private vault as "user specific settings". They are all using embedded mode.

This didn't work quite as expected on the weekend: I had made my private vault credentials "wrong" by adding an "x" to the domain name. RDM would still connect me - so I concluded it must be using my Windows CM credentials instead. I verified this by deleting the Windows CM credentials for one of my RDP targets, et voila, it would then fail due to the wrong domain name in private vault credentials.

Today, though, RDM failed for RDP connections, as it should, although I had not deleted the corresponding windows CM credentials. I verified this and found 2 connections where RDM connected successfully, but that was my fault - I had forgotten to set the credentials to "inherited". So I fixed that - and this is where things are getting strange:

RDM is still connecting me on these two sessions despite the domain name being wrong in my private vault. It seems as if the credentials (from the Windows CM) or from my previous successful attempt have been cached. So I closed RDM and re-opened it, but that would not help.

I'm quite confident, though, that it will work (i.e. fail as it should) tomorrow. So, don't worry, but maybe that description rings a bell ... FWIW, I made that fix to "inherited" with a bulk edit.

Best regards, Thomas.

You could test the cached credentials by using mstsc.exe and see if it connect without any username/password supplied

MSTSC was behaving as it should, i.e. it was connecting from Windows CM credentials and it failed to connect when I deleted the password from Windows CM credentials from within RDM in a few cases for testing purposes.

I lost my bet. Today, these 2 connections (which would connect despite my private vault connections being wrong on purpose) would still connect. Then I discovered Edit -> Edit -> Batch Edit -> Reset All Saved Credentials, tried them and now everything works as it should, i.e. these two now fail too as all the others do when I set my private vault credentials to a wrong domain name.

Please believe me that I checked multiple times ... these 2 offenders were configured identically as far as that is visible in the dialog. There must have been something "under the hood" that was deleted with the batch edit function that wasn't visible.