I've come across some information stating that all versions of Remote Desktop Protocol (RDP) allow users to log in even with expired or revoked passwords. Since we use RDP for support across all our stations, does that mean every station keeps these old logins cached?
3 Answers
Windows does cache credentials by default. If your network’s domain is available, any login attempts will verify against it. If not, it uses the cached credentials, but the cache doesn’t track expiration. This setup has been the case for years, not just RDP related. If this behavior is a concern, you can disable it in the group policy settings.
It's not a bug; this issue has been discussed before. It’s not exclusive to RDP either. Windows has operated this way consistently.
Yup, this is definitely a feature in Windows.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures