Automatically create RDP file with password

Home Forums Virtualization Terminal Services Automatically create RDP file with password

This topic contains 11 replies, has 7 voices, and was last updated by  tmiller 5 months, 1 week ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts

  • JeremyW
    Moderator
    #133213

    Recently I had a need to distribute an RDP file to several users that, when they use it, would log them on without prompting for username and password. We all know that it is possible to save an RDP file with the password in it but the problem is when you move it between users or computers the password doesn’t work.

    Info on why can be found here http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/

    The above link also provides code for converting a password string into the encrypted password. After a crash course in VB.NET I was able to write a utility that will hash a password properly for an RDP file.

    So with this utility I’m able to dynamically create an RDP file with the password in it and deploy the script to whoever needs it.

    Giving credit where it’s due. The VB.NET example from here was the base and with a few tweaks from the comments in the first link I was able to get a working utility.

    Usage for the utility:
    cryptRDP5.exe password[/CODE]

    Here’s an example batch [SIZE=”1″](I named it [B]LTD2.cmd[/B] but you can change that)[/SIZE] that I used as a logon script. (the password argument was passed by the GPO)
    [CODE]:: Usage:
    :: LTD2.cmd password
    ::
    :: Variables:
    :: “hashtool” – location of the hash tool
    :: “outputfile” – destination and name for the .rdp file
    :: “comp” – computer name (can be FQDN or NetBIOS)
    :: “domain” – name of authenticating domain
    :: (if stand-alone enter computer name)
    :: “usr” – Username
    @echo Off

    If “%1″==”” Goto EOF

    set pwd=%1
    Set hashtool=”%ProgramFiles%CryptRDPcryptRDP5.exe”
    set outputfile=”%userprofile%desktopcomputerA.rdp”
    set comp=ComputerA
    set domain=jeremyw
    set usr=imuser

    for /f “tokens=*” %%a in (‘%hashtool% %pwd%’) do set pwdhash=%%a

    :CreateRDP
    If EXIST %outputfile% del %outputfile%
    Echo screen mode id:i:2>> %outputfile%
    Echo desktopwidth:i:1024>> %outputfile%
    Echo desktopheight:i:768>> %outputfile%
    Echo session bpp:i:24>> %outputfile%
    Echo winposstr:s:0,1,32,68,800,572>> %outputfile%
    Echo full address:s:%comp%>> %outputfile%
    Echo compression:i:1>> %outputfile%
    Echo keyboardhook:i:2>> %outputfile%
    Echo audiomode:i:2>> %outputfile%
    Echo redirectdrives:i:0>> %outputfile%
    Echo redirectprinters:i:0>> %outputfile%
    Echo redirectcomports:i:0>> %outputfile%
    Echo redirectsmartcards:i:1>> %outputfile%
    Echo displayconnectionbar:i:1>> %outputfile%
    Echo autoreconnection enabled:i:1>> %outputfile%
    Echo authentication level:i:0>> %outputfile%
    Echo username:s:%usr%>> %outputfile%
    Echo domain:s:%domain%>> %outputfile%
    Echo alternate shell:s:>> %outputfile%
    Echo shell working directory:s:>> %outputfile%
    Echo password 51:b:%pwdhash%>> %outputfile%
    Echo disable wallpaper:i:1>> %outputfile%
    Echo disable full window drag:i:0>> %outputfile%
    Echo disable menu anims:i:0>> %outputfile%
    Echo disable themes:i:0>> %outputfile%
    Echo disable cursor setting:i:0>> %outputfile%
    Echo bitmapcachepersistenable:i:1>> %outputfile%

    :EOF[/CODE]

    Hope you find it useful!
    8)[CODE]cryptRDP5.exe password[/CODE]

    Here’s an example batch (I named it LTD2.cmd but you can change that) that I used as a logon script. (the password argument was passed by the GPO)
    :: Usage:
    :: LTD2.cmd password
    ::
    :: Variables:
    :: “hashtool” – location of the hash tool
    :: “outputfile” – destination and name for the .rdp file
    :: “comp” – computer name (can be FQDN or NetBIOS)
    :: “domain” – name of authenticating domain
    :: (if stand-alone enter computer name)
    :: “usr” – Username
    @echo Off

    If “%1″==”” Goto EOF

    set pwd=%1
    Set hashtool=”%ProgramFiles%CryptRDPcryptRDP5.exe”
    set outputfile=”%userprofile%desktopcomputerA.rdp”
    set comp=ComputerA
    set domain=jeremyw
    set usr=imuser

    for /f “tokens=*” %%a in (‘%hashtool% %pwd%’) do set pwdhash=%%a

    :CreateRDP
    If EXIST %outputfile% del %outputfile%
    Echo screen mode id:i:2>> %outputfile%
    Echo desktopwidth:i:1024>> %outputfile%
    Echo desktopheight:i:768>> %outputfile%
    Echo session bpp:i:24>> %outputfile%
    Echo winposstr:s:0,1,32,68,800,572>> %outputfile%
    Echo full address:s:%comp%>> %outputfile%
    Echo compression:i:1>> %outputfile%
    Echo keyboardhook:i:2>> %outputfile%
    Echo audiomode:i:2>> %outputfile%
    Echo redirectdrives:i:0>> %outputfile%
    Echo redirectprinters:i:0>> %outputfile%
    Echo redirectcomports:i:0>> %outputfile%
    Echo redirectsmartcards:i:1>> %outputfile%
    Echo displayconnectionbar:i:1>> %outputfile%
    Echo autoreconnection enabled:i:1>> %outputfile%
    Echo authentication level:i:0>> %outputfile%
    Echo username:s:%usr%>> %outputfile%
    Echo domain:s:%domain%>> %outputfile%
    Echo alternate shell:s:>> %outputfile%
    Echo shell working directory:s:>> %outputfile%
    Echo password 51:b:%pwdhash%>> %outputfile%
    Echo disable wallpaper:i:1>> %outputfile%
    Echo disable full window drag:i:0>> %outputfile%
    Echo disable menu anims:i:0>> %outputfile%
    Echo disable themes:i:0>> %outputfile%
    Echo disable cursor setting:i:0>> %outputfile%
    Echo bitmapcachepersistenable:i:1>> %outputfile%

    :EOF[/CODE]

    Hope you find it useful!
    8)[CODE]:: Usage:
    :: LTD2.cmd password
    ::
    :: Variables:
    :: “hashtool” – location of the hash tool
    :: “outputfile” – destination and name for the .rdp file
    :: “comp” – computer name (can be FQDN or NetBIOS)
    :: “domain” – name of authenticating domain
    :: (if stand-alone enter computer name)
    :: “usr” – Username
    @echo Off

    If “%1″==”” Goto EOF

    set pwd=%1
    Set hashtool=”%ProgramFiles%CryptRDPcryptRDP5.exe”
    set outputfile=”%userprofile%desktopcomputerA.rdp”
    set comp=ComputerA
    set domain=jeremyw
    set usr=imuser

    for /f “tokens=*” %%a in (‘%hashtool% %pwd%’) do set pwdhash=%%a

    :CreateRDP
    If EXIST %outputfile% del %outputfile%
    Echo screen mode id:i:2>> %outputfile%
    Echo desktopwidth:i:1024>> %outputfile%
    Echo desktopheight:i:768>> %outputfile%
    Echo session bpp:i:24>> %outputfile%
    Echo winposstr:s:0,1,32,68,800,572>> %outputfile%
    Echo full address:s:%comp%>> %outputfile%
    Echo compression:i:1>> %outputfile%
    Echo keyboardhook:i:2>> %outputfile%
    Echo audiomode:i:2>> %outputfile%
    Echo redirectdrives:i:0>> %outputfile%
    Echo redirectprinters:i:0>> %outputfile%
    Echo redirectcomports:i:0>> %outputfile%
    Echo redirectsmartcards:i:1>> %outputfile%
    Echo displayconnectionbar:i:1>> %outputfile%
    Echo autoreconnection enabled:i:1>> %outputfile%
    Echo authentication level:i:0>> %outputfile%
    Echo username:s:%usr%>> %outputfile%
    Echo domain:s:%domain%>> %outputfile%
    Echo alternate shell:s:>> %outputfile%
    Echo shell working directory:s:>> %outputfile%
    Echo password 51:b:%pwdhash%>> %outputfile%
    Echo disable wallpaper:i:1>> %outputfile%
    Echo disable full window drag:i:0>> %outputfile%
    Echo disable menu anims:i:0>> %outputfile%
    Echo disable themes:i:0>> %outputfile%
    Echo disable cursor setting:i:0>> %outputfile%
    Echo bitmapcachepersistenable:i:1>> %outputfile%

    :EOF[/CODE]

    Hope you find it useful!
    8)


    AndyJG247
    Member
    #320503

    Re: Automatically create RDP file with password

    Thanks! Will have to give this a go tomorrow :beer:


    JeremyW
    Moderator
    #269680

    Re: Automatically create RDP file with password

    Let me know how it goes and if you have any questions.


    robertcgs
    Member
    #346740

    Re: Automatically create RDP file with password

    Could you revisit the post “automatically create RDP file with Password”? Do I need to install CryptRDP5?

    Do you have a working sample of what you actually created? Yes I saw your sample but it mentioned “hashtool” and i can only assume I must install CryptRDP.

    You posted this back in July 2008 so I can understand if it takes a while to recall this.

    Thanks


    JeremyW
    Moderator
    #269748

    Re: Automatically create RDP file with password

    Hi robertcgs. Welcome to the forums.

    Yes, the script requires the CryptRDP5 file. (the name is arbitrary but the file itself is what matters) Install CryptRDP5 is a bit of an overstatement as all you need to do is copy the file to wherever you want on your computer. There is a zipped copy of CryptRDP5.exe attached to my first post that you can use.

    The script is the example of using the tool I created (er… put together) and it is almost exactly what I used for a client of mine.

    Let me know if that doesn’t clear things up for you.


    m80arm
    Member
    #233720

    Re: Electrical Equipment

    hkalilinks;130128 wrote:
    China Electrical Equipment & Supplies manufacturers, suppliers and exporters. All Electrical Equipment & Supplies made in China & Global. Full products catalogs and descriptions. Right here to source products with Chinese brand names. Searching for OEM, ODM & contract manufacturing services.

    Spam reported to MODS

    Michael


    tmiller
    Member
    #391858

    Thank you for the utility! It’s great!


    James Haynes
    Member
    #252111

    thats effing fabulous! i am rolling out a new ESXi RDP server with published apps and this is exactly what i was looking for! seriously, right on time. the password getting stripped was a big deal, as half the users are native to Vietnam and dont speak any english, plus the fact they are 12 hours behind creates some logistical issues with contact during the day when i am at work.

    much appreciated! this has rolled out fine with my test profiles via GPO thus far.

    tight work and good looking out!! :D


    JeremyW
    Moderator
    #271565

    Whoa! 9 years old and still good. :) Thanks guys, glad to help.


    James Haynes
    Member
    #252117

    so im not a code guy.. how do you see where it fails if it doesnt work? i guess i can put pauses or breaks in it and turn the echo on?

    i had luck when i chopped it up and did it playing locally, but im having problems making it work via gpo or logon script. it just doesnt leave anything on the desktop… so how do i see what isnt working on the remote station that has this assigned to their profile?

    ******EDIT*******

    so i played with it and i got it sorted out. i did like i said i turned the echo on and watched it all the way thru. first thing i noticed was that it wouldnt get past the

    If “%1″==”” Goto EOF

    line, so i ripped it out. this was better.. it started going thru the RDP file creation and it put one on the desktop. when i tried to open the RDP (either edit or connect) i said “cannot open the file SEASOFT blah blah.. just like it was a corrupt file.

    so i started ripping things from the bottom of the RDP creation portion. i took out everything past:

    Echo username:s:%usr%>> %outputfile%

    resaved and re-run the file again, works perfectly. assigned to a logon for a new test user and viola! works like a charm!

    thanks again!


    robert_strom
    Member
    #376922

    Hello,

    I created RDP file for a Windows 2016 Server, working from a Windows 10 machines. But it is prompting me failed log-in screen and asking for password again. I checked few times for the .bat file, it looks correct. separately I created encrypted password and checked, it matches the one created using batch file in the RDP.

    Did anyone able to use this RDP files for Windows 2016 Server ? if I specify password on the prompt , it does proceed, but I want to skip entering the password process.

    Please help me to understand what might be going wrong

    Regards
    Sham


    James Haynes
    Member
    #252119

    it should work all the same.. actually, i think the server that i setup in the above reply was a 2016, cant remember, but it most likely was as i dont sell servers with old OSs pretty much ever.

    take a look at this and see if its applicable to your situation. there are some changes to the way 10 is handling things via policy. i just recently used some of the RDP shortcut part of the code at another place, and i noticed that the windows 10 machines assign some weird properties to the RDP file, but on the 7 machines it works as expected. its a small enviro, so i wasnt concerned with fixing the script, i just spot fixed the few 10 boxes and changed the permissions on it by hand.

    https://tommynation.com/fix-rdp-saving-password-credentials-windows-remote-desktop-connection/

    i would try to implement the changes on a test box and see if anything changes. if not, let us know, might have some other options.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.