Permanent

In a user's "Documents" folder there is a hidden file called "Default.rdp", which is used to store default preferences.

If you open this in a notepad and add the value:

public mode:i:1

Then that user's RDP client will no longer save credentials.

Sometimes previously saved values will still be used by the popup credential tile (which we consider to be a bug). To clear that out, find the affected server key(s) under regedit at

HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers

and delete their UsernameHint. (You can just delete the whole key if you want, though it will forget its RDP certificate fingerprints, if any, and make the user re-agree to the "do you want to trust this server" popups).

Temporary

You can also perform the "public mode" behavior in a one-off fashion by launching mstsc.exe with the argument "/public"