RemoteApp .rdp embed creds?

Solution 1:

It is possible to embed a password in a .rdp file, but the password is encrypted with the SID of your local user account in such a way that the .rdp file is not interchangeable between users or computers. This behavior is by design: Microsoft didn't want an intruder to be able to obtain the keys to a terminal server just by stealing an .rdp file from someone's desktop.

Fortunately, there is a reasonably well-documented workaround. Basically, you need to create the .rdp file "on the fly" via a batch file or script that the user runs instead of invoking mstsc.exe directly. Your script creates the appropriate .rdp file and, in doing so, it encrypts the password in such a way that mstsc.exe will accept it in the context of the current user.

Resources:

• How RDP passwords are encrypted (includes source & binary)
• Automatically create RDP file with password (includes binary)
• Encrypt RDP password in Python (includes source)

Each of the above articles includes either a link to a tool that can be used to encrypt RDP passwords and/or source code. I would suggest working from the source code if feasible. (As always, use binaries compiled by internet strangers at your own risk.)

Solution 2:

Hmm... interesting. The first thing that comes to mind is using key/certificate (like ssh):

• http://blogs.msdn.com/b/rds/archive/2008/12/04/introduction-to-ts-gateway-certificates.aspx
• http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-ii-how-to-deploy-a-certificate-on-ts-gateway.aspx
• http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-iii-connection-time-issues-related-to-ts-gateway-certificates.aspx

Does this help?