RemoteApp .rdp embed creds?
Solution 1:
It is possible to embed a password in a .rdp file, but the password is encrypted with the SID of your local user account in such a way that the .rdp file is not interchangeable between users or computers. This behavior is by design: Microsoft didn't want an intruder to be able to obtain the keys to a terminal server just by stealing an .rdp file from someone's desktop.
Fortunately, there is a reasonably well-documented workaround. Basically, you need to create the .rdp file "on the fly" via a batch file or script that the user runs instead of invoking mstsc.exe
directly. Your script creates the appropriate .rdp file and, in doing so, it encrypts the password in such a way that mstsc.exe
will accept it in the context of the current user.
Resources:
- How RDP passwords are encrypted (includes source & binary)
- Automatically create RDP file with password (includes binary)
- Encrypt RDP password in Python (includes source)
Each of the above articles includes either a link to a tool that can be used to encrypt RDP passwords and/or source code. I would suggest working from the source code if feasible. (As always, use binaries compiled by internet strangers at your own risk.)
Solution 2:
Hmm... interesting. The first thing that comes to mind is using key/certificate (like ssh):
- http://blogs.msdn.com/b/rds/archive/2008/12/04/introduction-to-ts-gateway-certificates.aspx
- http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-ii-how-to-deploy-a-certificate-on-ts-gateway.aspx
- http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-iii-connection-time-issues-related-to-ts-gateway-certificates.aspx
Does this help?