Remote Desktop Protocol, commonly known as RDP, is one of the most powerful built-in features in Windows 11. It lets you connect to another computer over a network — whether that is your office PC from home, a remote server, or a colleague's machine — without needing to be physically present in front of it.

When you log into a remote machine using RDP, Windows gives you the option to save your username and password so you do not have to type them in again next time. This sounds convenient, but it creates a significant security risk. If your Windows 11 machine is ever compromised, stolen, or accessed by an unauthorized user, those saved RDP credentials can be used to access every remote computer you have ever connected to.

Saved RDP credentials are stored inside something called the Windows Credential Manager. This is a built-in vault that holds usernames, passwords, and certificate data for websites, apps, and network connections — including Remote Desktop sessions. Many Windows 11 users are completely unaware that this vault exists, or that it quietly accumulates credentials every time they tick the "Remember me" box during an RDP session.

Removing these credentials does not delete your ability to use RDP. It simply means the next time you connect to that remote machine, you will need to enter your login details again manually. For most users in enterprise or IT environments, this extra few seconds of effort is a worthwhile trade-off for dramatically improved security hygiene.

When Should You Remove Saved RDP Credentials

There are several common situations where removing saved RDP credentials in Windows 11 becomes important. Understanding these scenarios helps you decide when to act and how urgently.

The most obvious case is when you have changed your password on the remote machine. If the password stored in your local Credential Manager no longer matches the current password on the server or remote PC, your RDP connection will simply fail with an authentication error. Deleting the old credential and re-entering the correct one is the cleanest fix.

Another common reason is when you stop using a particular remote computer altogether. Old RDP credentials sitting in your Credential Manager for machines you no longer access are pointless clutter — and a potential backdoor if those machines are later reused by someone else with the same hostname or IP address.

Security audits and IT compliance requirements often mandate that saved credentials be cleared regularly, especially in corporate environments where shared machines are common. If your organization has a zero-trust or least-privilege policy, storing RDP credentials locally is often explicitly prohibited.

Finally, if your Windows 11 device is being handed off to another user, sold, or repurposed, clearing saved RDP credentials is a critical step before doing so. This is just as important as removing saved Wi-Fi passwords or browser login data.

Method 1: Remove Saved RDP Credentials Using Credential Manager

The Credential Manager is the most straightforward and recommended way to delete saved RDP credentials in Windows 11. It provides a visual interface, requires no command-line knowledge, and lets you selectively remove individual entries without affecting anything else.

To open Credential Manager, press the Windows key, type Credential Manager, and click on the first result. You will see two main tabs at the top: Web Credentials and Windows Credentials. RDP credentials are stored under the Windows Credentials tab, so click on that.

Scroll through the list and look for entries that begin with TERMSRV/. The full format is typically TERMSRV/hostname or TERMSRV/IP-address, where the hostname or IP refers to the remote machine you previously connected to. Each of these entries represents a saved RDP credential.

Click on any TERMSRV entry to expand it and reveal the options. You will see a Remove link at the bottom of the expanded section. Click Remove, and Windows 11 will immediately ask you to confirm the deletion. Click Yes to permanently remove that saved credential.

Repeat this process for every TERMSRV entry you want to delete. There is no bulk-delete option in the Credential Manager UI, so if you have many saved RDP credentials, this process can take a few minutes. Once done, close the Credential Manager window — your changes are saved automatically with no restart required.

Method 2: Remove RDP Credentials via the Remote Desktop Connection App

Windows 11 includes a built-in Remote Desktop Connection application that has its own way of managing saved credentials, separate from (but connected to) the Credential Manager. This method is particularly useful if you are troubleshooting an RDP connection that keeps failing due to outdated saved credentials.

Open the Remote Desktop Connection app by pressing Windows + R, typing mstsc, and pressing Enter. The classic RDP dialog box will appear. In the Computer field, type the hostname or IP address of the remote machine whose credentials you want to remove.

Once you type in the computer address, you may notice a line below the connection field that says something like "You will be asked for credentials when you connect" or shows the currently saved username. If a username is shown, it means credentials are already stored for that machine.

Click the Show Options dropdown at the bottom left of the dialog. A new section will appear with multiple tabs. Under the General tab, you will see the User name field showing the saved account. Next to it, there is typically a link that says "Allow me to save credentials" or a reference to the saved credential. Click on Delete or remove the saved credential directly from this interface.

If you then attempt to connect and RDP prompts you for a username and password, make sure the option that says "Remember my credentials" or "Allow me to save credentials" is unchecked before logging in. This ensures no new credential is stored after this session.

Method 3: Delete RDP Credentials Using Command Prompt

For power users, IT administrators, or those who prefer command-line tools, the Windows Command Prompt offers a fast and scriptable way to remove saved RDP credentials. This method is especially useful when you need to delete multiple credentials at once or automate the process across many machines.

Open Command Prompt as Administrator by pressing Windows + S, typing cmd, right-clicking Command Prompt, and selecting Run as administrator. This elevated access is required to interact with stored credentials at the system level.

To view all currently saved credentials, type the following command and press Enter:

cmdkey /list

This will display a list of all saved credentials on your Windows 11 machine. Look for entries that start with TERMSRV/. These are your saved RDP credentials. Note down the full target names of the ones you want to remove.

To delete a specific RDP credential, use this command syntax:

cmdkey /delete:TERMSRV/hostname

Replace hostname with the actual hostname or IP address of the remote machine. For example, if the credential is listed as TERMSRV/192.168.1.50, the command would be:

cmdkey /delete:TERMSRV/192.168.1.50

You should see a confirmation message that says "Credential deleted successfully" if the command worked. You can then run cmdkey /list again to verify the entry has been removed. This method is clean, fast, and leaves no ambiguity about what was deleted.

Method 4: Remove RDP Credentials Using PowerShell

PowerShell is an even more powerful option for removing saved RDP credentials in Windows 11, especially for administrators managing multiple user accounts or large-scale deployments. It gives you more granular control and the ability to filter and delete credentials based on specific patterns.

Open PowerShell as Administrator by right-clicking the Start button and selecting Windows PowerShell (Admin) or Terminal (Admin), depending on your Windows 11 version. Once the terminal is open, you can list all stored credentials using:

Get-StoredCredential

Note that this command may require the CredentialManager PowerShell module, which you can install by running:

Install-Module -Name CredentialManager -Force

Once installed, use the following command to remove a specific RDP credential:

Remove-StoredCredential -Target "TERMSRV/hostname"

Again, replace hostname with the actual address used in the credential entry. If you want to remove all TERMSRV credentials in one go, you can use a pipeline command that lists all credentials, filters for TERMSRV entries, and deletes them automatically. This kind of batch operation is far more efficient than clicking through the Credential Manager UI when dealing with dozens of saved RDP connections.

PowerShell also lets you target credentials for specific user accounts if you are managing a shared or multi-user Windows 11 machine, which is something the graphical Credential Manager cannot do as easily.

Method 5: Clear RDP Credentials via the Registry Editor

The Registry Editor method is not recommended for beginners, but it is a valid option for advanced users who need a deeper level of control over RDP-related settings. In addition to the credential vault, Windows stores RDP connection history (recently connected computers) in the registry. Clearing this is a separate task from removing passwords, but both are often done together for a clean slate.

Press Windows + R, type regedit, and press Enter to open the Registry Editor. Navigate to the following path:

HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default

This location stores the MRU (Most Recently Used) list of computers you have connected to via RDP. You will see entries like MRU0, MRU1, MRU2, and so on, each containing a hostname or IP address. Right-click any entry you want to remove and select Delete.

To also clear the stored credentials that correspond to these connections, navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers

Here you will find subkeys named after each remote machine you have connected to. Each subkey may contain a UsernameHint value that stores the saved username. Delete the entire subkey (right-click the server name folder and select Delete) to remove all stored RDP session data for that machine.

Keep in mind that deleting registry keys is permanent and cannot be undone without a backup. Always export a backup of the relevant registry branch before making any changes by going to File > Export in the Registry Editor.

How to Prevent RDP Credentials From Being Saved in the Future

Knowing how to delete saved RDP credentials is only half the battle. The other half is preventing them from being saved in the first place. Windows 11 makes it very easy to accidentally save credentials by checking a small box during the login process, so you need to be intentional about this setting.

Every time you connect to a remote machine using the Remote Desktop Connection app, there is a checkbox that says "Allow me to save credentials" or "Remember my credentials". Simply leave this box unchecked every time you connect. This takes one extra second but ensures that no credential is ever written to your Credential Manager.

For organizations that want to enforce this policy at a system level, Group Policy provides a powerful solution. If you are running Windows 11 Pro or Enterprise, you can use the Local Group Policy Editor to disable the saving of RDP credentials entirely.

Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client and enable the policy called "Do not allow passwords to be saved."

Enabling this policy grays out the "Remember my credentials" checkbox in the RDP client across all users on that machine, making it impossible to accidentally save credentials. This is a best practice for any machine used in a business or shared environment. If you want to learn more about accessing and using Group Policy features in Windows 11, check out this guide on enabling Group Policy Editor on Windows 11 Home.

Common Errors After Removing RDP Credentials

After removing saved RDP credentials in Windows 11, most users experience a smooth reconnection process on their next login — just an extra prompt for their username and password. However, there are a few common issues that can arise, and knowing about them in advance saves troubleshooting time.

The most common issue is an authentication error when trying to reconnect after credential removal. This almost always means the password you are entering does not match the current password on the remote machine, or that you are typing the username in the wrong format. For domain-joined machines, always use the format DOMAIN\username rather than just username to avoid authentication failures.

Another issue some users encounter is seeing the old credential prompt again even after deletion. This can happen if the credential was saved under a slightly different target name — for example, one entry might be for the IP address and another for the hostname of the same machine. Check the Credential Manager list carefully and delete all variants.

If you are still getting automatic login prompts to a remote machine even after deleting TERMSRV credentials, the credentials might be stored under a different protocol or entry type. In that case, review all entries in both the Windows Credentials and Generic Credentials sections of Credential Manager to find and remove any that reference the remote machine in question.

RDP Security Best Practices for Windows 11 Users

Removing saved RDP credentials is one piece of a larger security puzzle. Remote Desktop Protocol has historically been one of the most exploited attack vectors in Windows environments, so adopting good habits around its use is essential.

Always use strong, unique passwords for any account that has RDP access. Avoid using the built-in Administrator account for remote connections where possible — instead, create a dedicated user account with only the permissions needed. This limits damage in the event of a compromise.

Enable Network Level Authentication (NLA) on your remote machines. NLA requires users to authenticate before a full RDP session is established, which significantly reduces the attack surface for brute-force and denial-of-service attacks. In Windows 11, NLA is enabled by default, but it is worth verifying this has not been changed.

Consider using a VPN before connecting via RDP if the remote machine is accessible over the internet. Exposing RDP directly to the internet on port 3389 is one of the most common ways attackers gain unauthorized access to Windows systems. A VPN creates an encrypted tunnel that must be authenticated before RDP traffic is even allowed. For more tips on keeping your Windows 11 machine lean and secure, take a look at this guide on how to debloat Windows 11 for better performance and security.

Use Windows Firewall rules to restrict which IP addresses are allowed to initiate RDP connections. Even if your machine has RDP enabled, limiting access to specific trusted IP ranges dramatically reduces the chance of unauthorized access. This is a quick win that takes only a few minutes to configure.

Difference Between RDP Credentials and RDP Connection History

Many Windows 11 users confuse two related but distinct things: saved RDP credentials and RDP connection history. Understanding the difference helps you manage both effectively.

Saved RDP credentials are usernames and passwords stored in the Windows Credential Manager. These are what allow you to connect to a remote machine without typing your password every time. Removing them means you will need to re-enter your credentials on the next connection, but the connection itself still works fine.

RDP connection history, on the other hand, is a list of hostnames and IP addresses stored in the registry that appear in the dropdown menu of the Remote Desktop Connection app. This list is purely cosmetic — it does not store passwords, only server addresses. Clearing this history does not affect your ability to connect to remote machines, but it does remove those addresses from the dropdown suggestions.

Many users want to clear both for privacy or cleanliness. The credentials are removed via Credential Manager or cmdkey (as covered above), while the connection history is removed via the registry path mentioned in the Registry Editor section of this guide. Both can be done independently without affecting the other.

How Credential Manager Works in Windows 11

To fully understand what you are doing when you remove RDP credentials, it helps to understand how the Windows Credential Manager actually works under the hood. This context also applies to other types of stored credentials on your system.

The Credential Manager acts as an encrypted local vault. It stores three types of credentials: Windows credentials (for network resources and apps), Certificate-based credentials, and Generic credentials (for apps that use the Windows credential API). RDP credentials fall into the Windows credentials category under the TERMSRV target prefix.

When you remove a credential from Credential Manager, it is immediately deleted from the encrypted store on disk. There is no recycle bin or recovery option — the deletion is permanent. This is why it is important to double-check which credential you are removing before confirming the deletion.

Credential Manager data is stored per user account. This means credentials saved under one Windows user profile are not visible to other users on the same machine (unless they have administrator privileges).

If you are managing credentials on a shared Windows 11 PC, make sure you are logged in as the correct user account before making changes. To understand more about Windows 11 in multi-user business environments, this article on Windows 11 Home for business is a helpful read.

FAQs About RDP Credentials in Windows 11

Will removing saved RDP credentials disconnect any active sessions? No. Removing a saved credential from Credential Manager does not affect any currently active RDP session. The deletion only takes effect the next time you try to initiate a new connection to that remote machine.

Can I export or back up my RDP credentials before deleting them? The Credential Manager does not offer a built-in export feature for individual credentials. However, you can use PowerShell scripts or third-party tools to export the credential list for documentation purposes. Note that the actual passwords cannot be exported for security reasons.

What happens if I delete the wrong RDP credential? Nothing catastrophic. You simply lose the ability to auto-login to that remote machine next time. You will be prompted to enter your credentials again manually, which is perfectly safe and normal.

Is it safe to leave RDP credentials saved in Windows 11? It depends on your security requirements. For personal use on a device only you control, the risk is relatively low. For business machines, shared computers, or any device that travels outside your home, stored RDP credentials represent a meaningful risk and should be removed regularly.

Do saved RDP credentials expire automatically? No. Windows 11 does not automatically expire or remove saved credentials. They remain in Credential Manager indefinitely until manually deleted. This is why periodic credential audits are a good practice.

Can IT administrators remotely clear RDP credentials from employee machines? Yes. Using Group Policy, remote PowerShell sessions, or mobile device management (MDM) solutions, IT administrators can push credential management policies to Windows 11 machines across an organization. This is a common practice in enterprise environments.

Conclusion: Keep Your RDP Credentials Under Control

Remote Desktop is an incredibly useful feature in Windows 11, but the convenience of saved credentials should not come at the expense of your security. Whether you are a solo user cleaning up old connections or an IT administrator enforcing compliance policies, knowing how to remove saved RDP credentials is a fundamental Windows 11 skill.

The Credential Manager GUI is the easiest option for most users. The Command Prompt and PowerShell methods offer speed and automation for power users. The Registry Editor provides deep control for those who need to clear connection history alongside credentials. Whatever your comfort level, at least one of these methods is right for you.

Make it a habit to audit your saved credentials periodically — especially after changing passwords, decommissioning remote machines, or before handing off your device. Pairing this with strong RDP security practices like NLA, VPN usage, and firewall rules will keep your remote connections both functional and secure.

And if you want to keep an eye on your overall system health alongside your security hygiene, this guide on monitoring CPU temp on Windows 11 is a great next step. A few minutes spent managing your credentials today can save hours of headache — or far worse — down the road.