I’ve experienced a few times that i’m not allowed to login using RDP because my password is expired or that ‘use must change password at next login’ is enabled in the Active Directory.
Today was one of those moments. I could not login to an customer environment i havent logged in to for a while, because my password was expired. So ehm.. I had to login to change my password, but I could not login to change my password because my password was expired.. right..
Now what? The customer wasn’t available at that time and I had to get to work.
I have found the following work around for that.
Lokaal
- Start mstsc.exe
- enter the remote desktop connection
- Click ‘Save as..’
- Save the RDP file as something like: ChangePassword.RDP
- Open notepad.exe and open the RDP file you just created.
- add enablecredsspsupport:i:0 at the bottom of the file.
Save the file, start the RDP connection using this file. Now you will have the possibility to change your password!
What if CredSSP is required?
If CredSSP (Credential Security Support Provider is required to login to the remote desktop, you will get the following error message:
Try to make an RDP connection using the full FQDN (servername.domain.local) in stead of just the servername. Otherwise, the above solution is not possible. Except when you disable CredSSP.
CredSSP can be disabled to change de RDP settings on the remote desktop to disable ‘Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended).’
