On Nov 22, 2011, at 2:58 PM, Alexander Kurt Keller wrote:
> I believe years ago (RDP version 4?) the password could be defined in clear 
> text within the RDP file but that is long unsupported. Here is a write-up and 
> a lively comments discussion on the  MSTSC embedded password encryption 
> function:
> http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/
> it looks like they use the machine or user SID to salt the hash?

I tried implementing this particular solution a while ago but was never able to 
get it to work. The basic idea described in the website is that the target 
machine needs to encrypt the password and that encrypted string goes into the 
RDP file as:

password 51:b:{encrypted password}

For instance, if a suitable encryption program is installed on the VCL Windows 
machine, the management node could, in theory, request a hashed copy of the 
password before generating the RDP file for the user.

I certainly don't want to dissuade anyone from trying to get this to work as 
described in the link above, but given that there is no reference to 'password 
51' fields in the current Terminal Services documentation, I am not entirely 
sure that the field is still supported: 

The closest I have come to an auto-login solution is to use protocol handlers 
in the form of a link. Something like this:

<a href="rdp://username:password@hostname:port/domain?params">...</a>

For this to work on a user's computer, the protocol handler must be registered 
at the OS level, which introduces an additional level of complexity. On Mac OS 
X, this is done automatically when a user installs an RDP client such as CoRD. 
On linux, a user will need to execute something like this to enable the handler:
gconftool-2 -s /desktop/gnome/url-handlers/rdp/command '/usr/bin/rdesktop %s' 
--type String
gconftool-2 -s /desktop/gnome/url-handlers/rdp/enabled --type Boolean true
I am not entirely sure about how to get this to work on Windows, though. First 
of all, mstsc.exe doesn't seem to accept a username or password argument from 
the command line. Nevertheless, if you want the protocol handler to work on 
Windows, you'll need to modify the registry in HKEY_CLASSES_ROOT\\rdp -- the 
documentation here will give you a start: 

Please let me know if you make any progress on this!

Best regards,

Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
(413) 542-5451 acob...@amherst.edu

> -----Original Message-----
> From: Josh Thompson [mailto:josh_thomp...@ncsu.edu] 
> Sent: Tuesday, November 22, 2011 11:12 AM
> To: vcl-user@incubator.apache.org
> Subject: Re: rdp file auto login
> It's been several years since I tried to get this to work.  However, unless 
> things have changed (which I'm guessing they haven't), you can't make it 
> auto- login.  The password is provided in a clear text form in the rdp file.  
> Unfortunately, the windows and mac RDC apps won't use the clear text version. 
> You can save a password in an encrypted form in an rdp file; however, RDC 
> uses cryptographic stuff specific to the computer that actually saves the 
> file, meaning there's no way to generate the encrypted form of the password 
> unless you are actually on the end user's machine.
> If anyone wants to try to investigate this again, I think everyone in the 
> community would love to see it work.  Or, everyone can switch to linux/unix 
> platforms that can use rdesktop that will happily accept the password at the 
> command line.  :)  I have a nice wrapper script for rdesktop that will take 
> the rdp file and do the auto-login into the remote windows node.
> Josh
> On Tue November 22 2011 1:29:09 PM Gene Lui wrote:
>> Dmitri,
>> If you download the rdp file from the connection reservation and open 
>> it with a editor, you see that the rdp file has both a user name and 
>> password within the setting file.  For example, the last rdp file had 
>> the following key entries:
>> username:s:gkl25
>> clear password:s:LDgKQM
>> I would have thought that this would be passed to the remote desktop 
>> when opening this file with mstcs.  But it is not and I don't know if 
>> this is how it normally works or is it suppose to be able to passed it 
>> to the Win7 remote desktop and I'm doing something wrong.
>> - Gene
>> On Tue, 2011-11-22 at 13:17 -0500, Dmitri Chebotarov wrote:
>>> Gene
>>> I'm relatively new with VCL and I may be wrong. I could not find any 
>>> options in preferences for RDP file to include password. Having 
>>> password in RDP file would make it easier and if it's possible it would be 
>>> great.
>>> I would like to have this option as well and will be looking into 
>>> the code which generates a RDP file for new reservations.
>>> Thanks
>>> On Nov 22, 2011, at 12:58 , Gene Lui wrote:
>>>> Thanks Dmitri,
>>>> Wanted to confirm if its possible by using the rdp file, users can 
>>>> auto login with the mstsc (would be preferred over entering 
>>>> password manually).  Thanks for such a quick reply and answer to my 
>>>> question.
>>>> Take care,
>>>> Gene
>>>> Drexel University
>>>> On Tue, 2011-11-22 at 12:47 -0500, Dmitri Chebotarov wrote:
>>>>> Gene,
>>>>> Username/password would be on your reservation page.
>>>>> Username is Admin, password is generated for each reservation and 
>>>>> you need to type it manually when open RDP.
>>>>> Thanks.
>>>>> On Nov 22, 2011, at 12:32 , Gene Lui wrote:
>>>>>> Hi there,
>>>>>> I wonder if any of you bright individuals can help me out here 
>>>>>> with this wonderful project you got here.
>>>>>> When I use the RDP file supplied on the vcl connection page 
>>>>>> (Windows
>>>>>> 7 client) , I assume it will automatically supply the 
>>>>>> credentials to log into the remote desktop image (Windows 7 
>>>>>> image). The problem is that it does not automatically logs in 
>>>>>> and it prompts for my password.
>>>>>> Do I have this wrong and a password is needed to be manually entered?
>>>>>> If not, how do I enable the auto login?  I have tried changing 
>>>>>> group policy settings on the remote desktop host but nothing 
>>>>>> works.  I appreciate any help anyone can give.
>>>>>> Thanks,
>>>>>> Gene
>>>>>> Drexel University
> -
> -------------------------------
> Josh Thompson
> Systems Programmer
> Virtual Computing Lab (VCL)
> North Carolina State University
> josh_thomp...@ncsu.edu
> 919-515-5323
> my GPG/PGP key can be found at www.keyserver.net

Reply via email to