I agree with Mark for the same reasons.

I would add, though, that there are ways to make "auto-connect" work.

We have a single-click, auto-connect system working in our VCL installation. 
The basic principal is to define a protocol handler and format the URI so that 
it is understandable to the target RDP application.

There are trade-offs (of course) with this approach, but it makes the VCL much 
more user-friendly while retaining the security of randomized credentials. 
Basically, I wrote some front-end web code so that when a user lands on the 
"Connect to your reservation" page, he or she can select the desired screen 
size (the default is set in user preferences) and click on "Connect".

(A screen shot is below.)

That action generates a URI such as the following:

rdp://{username}:{password}@{host}?forwardDisks=yes&forwardPrinters=yes... (and 
so on with all the appropriate parameters)

The first time a browser encounters an unknown protocol such as rdp://, it will 
prompt the user for a 'default application' to associate with that. The user 
can select an application to use and then the login happens immediately.

The next question is which applications can handle URIs using the rdp protocol?

For OS X, the answer is easy: CoRD. You can just request that users install 
that application. CoRD doesn't handle sound, so if that is necessary, your 
users can still use MS Remote Desktop Client; they will just have to manually 
enter their credentials.

For Linux users, RDesktop can be started from the command line with a supplied 
username and password. So I simply wrote a perl script that parses the rdp:// 
URI and translates it into an appropriate command.

For Windows, it is a bit trickier. Basically, the protocol handlers are defined 
in the system registry, and Windows' built-in RDP client doesn't accept 
passwords from the command line. So in order to solve both issues, I wrote a 
.NET application that, upon installation defines the appropriate protocol 
handler in the registry and installs an application that can parse it. The 
application is really just a thin wrapper around Microsoft's terminal services 
library. I don't believe I can distribute the code for this, but I can 
certainly give you some pointers on how to write something similar yourself.

Obviously, this doesn't work for iOS devices.

Best regards,
Aaron

[cid:6835B418-4B53-486C-8956-6A0DD26C1F70]



--
Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
acob...@amherst.edu<mailto:acob...@amherst.edu>






On May 25, 2012, at 11:35 AM, Mark Gardner wrote:

In general, I would rather keep things as they are. But if that
capability is added, I would prefer to have it be an option as the
current one-time random password is much more secure. (Our experience
is that users generally pick poor passwords. Perhaps this can be a
development-only option?)

Mark

On Fri, May 25, 2012 at 11:25 AM, Dmitri Chebotarov 
<dcheb...@gmu.edu<mailto:dcheb...@gmu.edu>> wrote:
Hi

Would it be possible, and is it good idea in general due to possible security 
risks, to add "Preferred Password" field on User Preferences page (under RDP 
File Preferences or Personal Information?) to allow user to provide a password 
for all his/her reservations?

Then VCL would use this password (if it's there) for reservations instead of 
auto-generated password.

This is not an auto-connect option, but at least it will make it easier to use 
VCL.
For the last couple days I've been using VCL for some testing and it would be 
nice to have the same password for all my reservations.

--
Thank you,

Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404




--
Mark Gardner
--

Reply via email to