27

I've created one RDP file

full address:s:10.20.30.40
username:s:myuser
password:s:mypassword
domain:s:mydomain

When I open this file it still asks me for the password. What can I do to tell RDP client to use password mentioned in the file instead of asking user?

Ganesh Satpute
  • 379
  • 1
  • 3
  • 6

6 Answers6

26

I had the issue on Windows 10 with perma asking password when I try to connect to a new machine.

First, the password line in the RDP must be named:

password 51:b:myEncryptedPassword

And the pass must by encrypted. You can use cryptRDP5 to convert it: https://github.com/jps-networks-modifiedOSS/openvpn-als-applications/tree/master/adito-application-rdp-xplatform-embedded/src/windows

cryptRDP5.exe yourpassword

Note that the generated password is only valid for the machine that did it.

Makusensu
  • 361
  • 3
  • 4
  • 4
    I found that Powershell's `ConvertFrom-SecureString` also works instead of needing that `cryptRDP5.exe` – jtb Feb 27 '19 at 23:03
  • 20
    For reference, the full powershell command to encrypt a password using the above would be `("MySuperSecretPassword!" | ConvertTo-SecureString -AsPlainText -Force) | ConvertFrom-SecureString;` – BrainSlugs83 Mar 07 '19 at 20:36
  • 1
    Is there a linux/osx equivalent of `cryptRDP5.exe`? – Anthony Kong Jul 09 '19 at 00:25
  • @BrainSlugs83 Note that it doesn't fully match rdp encryption which pads the password with zero bytes to be 512 bytes before encryption. – NetMage Aug 24 '20 at 20:38
  • `cryptRDP5.exe MySuperSecretPassword` gives a different result from the example in the second comment. In particular, the result from cryptRDP5.exe works, and the one from `ConvertFrom-SecureString` doesn't. Why is that? – Saturnix Dec 19 '20 at 22:50
11

Open the Group Policy editor (Start > Run > gpedit.msc) and navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client

For value Do not allow passwords to be saved, check that is set to Disabled.

When connecting to a machine in Remote Desktop Connector, expand the Options panel and confirm that Allow me to save credentials is checked.

Net Runner
  • 5,626
  • 11
  • 29
3

Try adding

prompt for credentials:i:0
2

I didn't managed to do this by modifying the .rdp. But a workaround is, to change the settings of the remote desktop connection application. In Preferences -> User Accounts you can add your account + password:

enter image description here

DracoBlue
  • 121
  • 3
0

Here is a Python 3 program that inserts username/password into RDP file and also creates LNK file for it (to drag to quick launch, for example). It is based on several existing solutions, credits for those goes to their authors.

import sys, os, getpass, subprocess

if (len(sys.argv) != 2):
    print("\nRDPPassword is a Python 3 program that inserts username")
    print("and password into existing RDP file and creates a LNK file")
    print("that can be dragged to taskbar's QuickLaunch area.")
    print("\nUSAGE: python %s <RDP file>\n" % os.path.basename(sys.argv[0]))
    exit(1)

def InsertPassword(rdpfile, user, password):
    fileIn = open(rdpfile, "r", encoding="'utf_16_le")
    lines = fileIn.read().splitlines()
    fileIn.close()
    outLines = []
    bPromptCredentials = False
    bUsername = False
    bPassword = False
    for line in lines:
        if line.startswith('promptcredentialonce:i:'):
            outLines.append('promptcredentialonce:i:1')
            bPromptCredentials = True
        elif line.startswith('username:s:'):
            outLines.append('username:s:%s' % user)
            bUsername = True
        elif line.startswith('password 51:b:'):
            outLines.append('password 51:b:%s' % password)
            bPassword = True
        elif len(line)>0:
            outLines.append(line)
    if not bPromptCredentials:
        outLines.append('promptcredentialonce:i:1')
    if not bUsername:
            outLines.append('username:s:%s' % user)
    if not bPassword:
            outLines.append('password 51:b:%s' % password)
    
    fileOut = open(rdpfile, "w", encoding="utf_16_le")
    for line in outLines:
        #fileOut.write("%s%s" % (line, os.linesep))
        fileOut.write("%s%s" % (line, '\n'))
        #print("#%s#"%line)
    fileOut.close()

def RunShell(command):
    # pipes usage taken from: https://superuser.com/questions/1540516/how-do-i-execute-powershell-commands-with-pipes-in-python
    PSEXE = r'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
    PSRUNCMD = "Invoke-Command -ScriptBlock "
    process = subprocess.run([PSEXE, PSRUNCMD + "{" + command + "}"], stdout = subprocess.PIPE, stderr = subprocess.PIPE, universal_newlines = True)
    #print("CMD", command)
    #print("ERR", process.stderr)
    #print("OUT", process.stdout)
    return process.stdout

if not os.path.exists(sys.argv[1]):
    print("\nFile '%s' not found.\n" % sys.argv[1])
    exit(1)

if not ( (sys.argv[1].endswith(".rdp")) or (sys.argv[1].endswith(".RDP")) ):
    print("\nFile '%s' not a RDP file.\n" % sys.argv[1])
    exit(1)

print("\nInserting username/password into '%s'" % sys.argv[1])
username = input("Username: ")
#password = getpass.getpass("Password: ") #use this if you do not want the password to be seen while typing
password = input("Password: ")

# insert username/password into RDP file
# **************************************
# RDP password generation taken from: https://serverfault.com/questions/867467/rdp-file-with-embedded-password-asks-for-password
PassCmd = "('%s' | ConvertTo-SecureString -AsPlainText -Force) | ConvertFrom-SecureString;" % password
password = RunShell(PassCmd)

InsertPassword(sys.argv[1], username, password)

# create a LNK file for RDP
# *************************
print("\nCreating a LNK file for '%s'" % sys.argv[1])
# https://superuser.com/questions/298974/how-do-i-pin-a-remote-desktop-connection-to-the-taskbar
RunRdp = r'"%windir%\system32\mstsc.exe"'
RunArgs = "'\"%s\"'" % os.path.abspath(sys.argv[1])
# https://superuser.com/questions/392061/how-to-make-a-shortcut-from-cmd
LnkCmd = '$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut("%s"); $S.TargetPath = %s; $S.Arguments = %s; $S.Save()' % (sys.argv[1][:-3]+"lnk", RunRdp, RunArgs)
RunShell(LnkCmd)

print("\nDone.\n")
Stoopkid
  • 103
  • 3
0

To enable the setting, the user can enter promptcredentialonce:i:1 in the RDP file.

If the user wants to disable the setting, then user can enter promptcredentialonce:i:0 in the RDP file.

Colt
  • 1,939
  • 6
  • 20
  • 25