Once upon a time in a company far, far away, I needed to find a way to have users automatically logon to a Remote Desktop session with a specific set of credentials. I searched everywhere, and although I did find some tools, none of them were exactly what I was looking for. So I decided to make one myself. With the help of a lot of information at RemkoWeijnen.nl and examples at Obviex, I managed to write my own utility, saving me tons of work. So a big thank you to all the posters at Remko’s site!
Having done that however, I saw more possibilities. Our network consists of about 500 servers. A good system administrator is a lazy system administrator and although I don’t know about the good part, at least I’ve got the lazy part nailed down. I don’t want to enter my credentials every time I connect to a server. Or save them and then have to resave them over and over again, every time I change a password.
So as a way to spend what little free time I have left, I started writing Remote Desktop Plus. It’s Remote Desktop, but with some added features. Basically it allows you to launch a Remote Desktop session using a username and password entered from the command line (autologin) or imported from a saved profile. But that’s not all…
- Login automatically from the command line.
- Supports launching and autologin of RemoteApps.
- Remote Desktop Plus (RDP+) is not a clone or copy of Remote Desktop. It’s just a shell for the normal Remote Desktop client (mstsc.exe) on your computer.
- Automatically trusts all local resources and the remote computer. No more annoying questions like: Do you trust the computer you are connecting to?
- Allows you to save credentials (securely) in profiles. Profiles normally only work for the user who saved them and only on the computer on which they were saved. Profiles can be useful when administering a large amount of computers from a single point of administration. Changed the password for Administrator? Just edit the profile and you’re done.
- Passwords entered from the command line can be encrypted for enhanced security. Useful when starting Remote Desktop from batch files or published applications (Citrix).
- Remote Desktop Plus features a special restricted kiosk mode in which only the computer, username, password, or any combination thereof can be changed. When used as a published application, this allows you to grant (internal or external) support departments remote access to a range of servers in a much safer way.
- You can also specify a range of computers the user is allowed to connect to. Any attempt to connect to computers not in the list will be denied.
- You can save frequently used connections as favorites for easy launching.
- When logging on to a computer with local credentials, Remote Desktop Plus will try to determine the actual computername, so you don’t have to specify a computername in front of the username (like nldb01sa). This is also useful when logging in to computers using an IP address instead of a computername (rdp /v:10.140.10.1 /u:administrator) or when logging on to Windows clusters.
- Supports connecting through a Remote Desktop Gateway server.
- Accepts both /console and /admin. No need to remember which version of Remote Desktop and/or which Service Pack for XP you’re running.
- Can set the working screen size to either the maximum available size (so it looks like a normal maximized application) or to a adjustable size – by setting either a margin or specifying a percentage of the screen – so you can still move it around a bit.
- When using multiple monitors, you can specify on which monitor the Remote Desktop session should be started.
- Supports specifying a startup program (i.e. alternate shell) from the command line. You can use both local and remote environment variables in the command.
- Features an optional system tray icon for launching and managing your favorites, and for quickly switching to currently active Remote Desktop sessions.
- Normally Remote Desktop times out after about 30 seconds when connecting to a non-responsive (or still booting) computer. But the age of modems is a thing of the past and time is precious, so Remote Desktop Plus times out after only 3 seconds.
- When you use a separate connection file, the normal Remote Desktop client will display the name of the connection file in front of the server name in the task bar (Support – nlprint01 – Remote Desktop). This means that as soon as you have more than a couple of programs running, the server name won’t be visible in the task bar anymore due to the text truncation. Not with Remote Desktop Plus! RDP+ will leave out the name of the connection file, so you’ll always be able to see the server name.
- You can even provide your own title text or icon if you want. This can be especially useful when using RDP+ as a gateway to start another Remote Desktop session.
- Has the ability to disable the close button in the title bar and remove the connection bar, thus forcing users to logoff gracefully instead of just disconnecting and leaving their remote sessions open.
- Allows you to specify in the command line which drives or drive types to redirect and/or which drive(s) to exclude from redirection.
- Ever had to login to multiple servers at once? Just enter those servers separated by commas and off you go.
- Remote Desktop Plus also has a load balancing and failover feature. Specify multiple servers and RDP+ will randomly pick one of the servers to connect to. If this server is unreachable, RDP+ will skip it and cycle trough the other servers in the list, until it finds a responsive one. You can use this for example for RemoteApps which are hosted on multiple servers.
- Has the ability to log all connections in a log file or the event log.
- Still missing some command line parameters? RDP+ supports every option supported by the Remote Desktop .rdp file, using a special command line parameter. This gives you an unprecedented control over every aspect of the session, straight from the command line and without the need for specific RDP+ command line switches.
- Some settings and options can be controlled through Group Policies. Group Policy templates for these settings are available for download on the site.
- RDP+ has a very small footprint. It consists of a single file, less then 250 KB. No installation required on the client.
- Contains no spyware, adware, browser toolbars, nag screens, phone home mechanisms or any of that stuff. And it never will.
Note: The GUI only appears when no remote computer has been specified or when the command line option /gui is used.Back to top
Command line parameters
Remote Desktop Plus supports the following command line parameters:
[/domain[:domain]] [/console | /admin] [/[no]printers] [/nodrives | drives[:drive[,...]]] [/[no]sound] [/[no]wallpaper] [/f[ullscreen] |
/fit[:fitvalue] | /max | [/w:width] [/h:height]] [/mon:monitor] [/title:"title text"] [/icon:"icon file"] [/start:"program"] [/noclose] [/wait]
[/disconnect] | [/remoteapp:"||remoteapp"]] [/lb | /t[:seconds]] [multimon] [/o:"option,[...]“] [/encrypt] [/gui] [/kiosk:[mask]]
|“connection file”||The name of a .rdp file to be used for the connection.|
|/v:computer[:port][,...]||Specifies the remote computer(s) to which you want to connect.|
|/u:username||The username to be used for logging in to the specified computer.|
|/p:password||For automatic logon, specify the password for the user.|
|/pe:encrypted_password||Specifies an encrypted password for enhanced security. Use /encrypt to generate. Also implies /kiosk.|
|/i[mport][:profile]||Read username and password from the specified (or default) profile.|
|/domain[:domain]||Specifies an optional default domain for the user. Defaults to the domain of the current user.|
|/console or /admin||Connects you to the console/administrative session of a server running Windows Server 2003 or higher.|
|/[no]printers||Enforce or disable printer redirection.|
|/nodrives||Disable drive redirection.|
|/drives[:drive[,...]]||Enforce drive redirection for all or the specified drives (or drive types).|
|/[no]sound||Enable or disable sound from the remote computer to be played on the local computer.|
|/[no]wallpaper||Enforce or suppress displaying the remote computer’s wallpaper.|
|/f or /fullscreen||Start Remote Desktop in full-screen mode.|
|/fit[:fitvalue]||Fit the remote screen size to the local screen. Enter a margin in pixels or a percentage of the local screen.|
|/max||Fit the remote screen to its maximum size.|
|/w:width||Specifies the width of the Remote Desktop session window, in pixels or as percentage of the screen.|
|/h:height||Specifies the height of the Remote Desktop session window, in pixels or as percentage of the screen.|
|/mon:monitor||Start session on specified monitor number (1 or higher).|
|/title:”title text”||Text to be displayed in the task and title bar.|
|/icon:”icon file”||Icon to be displayed in the task and title bar.|
|/start:”program”||Specifies the remote program to use as shell.|
|/noclose||Disable the close button and connection bar.|
|/wait||Wait for the Remote Desktop session to end before continuing.|
|/disconnect||Disconnect the session automatically 10 seconds after connecting.|
|/remoteapp:”||remoteapp”||Specifies the RemoteApp to launch at the remote computer.|
|/lb||Use load balancing to connect to one of the specified remote computers.|
|/t[:seconds]||Try to connect to the computer indefinitely or for the specified amount of seconds until a connection is established.|
|/multimon||Configures the Remote Desktop session monitor layout to be identical to that of the client.|
|/o:”option,[,...]“||Specify one or more extended options in .rdp file syntax format.|
|/encrypt||Display an extra button in the GUI for obtaining the encrypted password string for use with /pe.|
|/gui||Force displaying the GUI.|
|/kiosk[:mask]||Restrict the GUI to a mode in which only the computer, user and/or password can be entered.|
|/allowed:target[,...]||Only allow connections to the specified names or IP addresses. Wild cards are allowed.|
|/log[:"log file"]||Logs all started sessions in the specified file. Defaults to rdp.log in the directory containing the program.|
|/tray||Display a system tray icon for access to your favorites or any active Remote Desktop session.|
|/batch||Suppress all standard error message popups. Errors can be handled through the exit codes.|
|@”command file”||Read command line arguments or extended options from the specified file.|
rdp /v:nlmail01 /u:administrator /p:P@ssw0rd! /max /mon:2
rdp /i:”Domain Admin” /fit /drives /noprinters /title:”%s (%u) – Remote Desktop”
rdp “G:\RDP\Support.rdp” /v:nlfps01 /u:email@example.com /drives:fixed,-c:,p: /log:G:\RDP\rdp%y%m%d.log
rdp /v:nlts03 /remoteapp:”||FileZilla” /u:donkz\ftp /p:Tr@ns1t
rdp /i:”Backup User” /kiosk /w:1024 /h:768 /allowed:10.10.*.*,nlfps-*.donkz.local /domain:donkz
rdp /v:nlapp01 /i:”Control Center” /noclose /o:”redirectcomports:i:1, redirectsmartcards:i:1″
rdp /v:nlts01,nlts02,nlts03,nlts04 /lb /remoteapp:”||e-Help Client 3.0″ /u:donkz\helpdesk /pe:dixYA/m8pOHVVkQLAI9ifQ==
rdp /v:nldmz01 /u:donkz\dmz /p:P@ssw0rd! /start:”mstsc \\nlfps01\config$\RDP\DMZ.rdp /f” /title:”Standby Support”
rdp /v:nldc05,nldc06 /i /console /fit:35
rdp /v:nlapp02 /u:donkz\internetkiosk /pe:356zm6vRajBcS3mnnudOOh43bZKSWewQ /noprinters /nodrives
/start:”C:\Program Files\Internet Explorer\iexplore.exe -k http://www.microsoft.com”
rdp /v:nlapp03 /u:donkz\helpdesk /start:”\”C:\Program Files\Remote Control\rc.exe\”
rdp /v:nlfps02 @options.txt /kiosk:011 /gui /log /tray
rdp /u:%USERDOMAIN%\%USERNAME% /kiosk:101 /gui /fit:95% /eventlog
Myself, I use the second example the most. Just create a shortcut in your Quick Launch toolbar and you only have to enter the desired server name.Back to top
Normally profiles are saved with the highest level of security, which means they can only be used using the account which created them and only on the computer they were created on. As of version 5.0, you can now also save profiles using a less strict security, which means they’ll be available on any other computer and will ‘roam’ with you.
Please note however that because no external password key is used, a determined individual with the right tools (debuggers, disassemblers), the right knowledge of programming, access to the registry or computer of the user, and some other ingredients, could potentially break the encryption, so use this option with care.
Also new is the add-on tool RDPProfile.exe, which allows you to automatically create profiles from the command line. You could use this from a login script to pre-populate some profiles for end users.
If you need to use double quotes in the /start startup program, you have to put a backslash () in front of each quote. You can also use environment variables in your command, both local and from the remote computer. To use remote environment variables, you must precede the percent signs with a backslash.
rdp /v:nlapp03 /u:donkzdomainhelpdesk /start:”"C:Program FilesRemote Controlrc.exe” “\nlfps01Config$RC\%COMPUTERNAME%%USERNAME%.cfg”"
If Remote Desktop Plus is started by user JohnDoe, the last part of the command will be expanded to “\nlfps01Config$RCNLAPP03JohnDoe.cfg”.
You can set a user defined text as your title bar by using the option /title. You can use local environment variables in your title plus these two special variables:
%s: Will be expanded to the server name you’ve connected to.
%u: Will be expanded to the username used to login to the remote computer.
rdp /i:”Domain Admin” /fit /title:”%s (%u) – Remote Desktop”
When connecting to the server nlfps01, this would result in the title bar text nlfps01 (DONKZDOMAINAdministrator) – Remote Desktop.
You can also use your own icon for the session by using the option /icon. This can be either a normal icon file (G:IconsRemote.ico) or an executable or .dll file (%ProgramFiles%Internet Exploreriexplore.exe). For files containing multiple icons, you can specify the desired icon using its index (%WINDIR%System32shell32.dll,43).
Please note that using /icon will also force an implied /wait, due to the way Windows retains (or does not retain) dynamically changed icons when the program which requested the changes is closed.
You can start a RemoteApp with Remote Desktop Plus, either from the command line or specified in the .rdp file. You can enter the RemoteApp using either its name (“||FileZilla”) or the full path to the executable (C:WindowsSystem32Notepad.exe). When using the name, always enclose it between double quotes, otherwise your system may confuse the double pipe signs with the double pipes used in batch scripting.
All options concerning the screen (like /fit and /mon) are ignored when using RemoteApps. The same goes for /title and /icon. Due to the way the Remote Desktop client launches all RemoteApps in a general, embedded instance of mstsc.exe, the option /wait is also not supported.
Remote Desktop Gateway
Remote Desktop Plus can login to remote servers through a Remote Desktop Gateway. There are no command line switches, so all options must be configured from the normal Remote Desktop client and saved in a .rdp file, or entered through the /o option. When you select the option Use my RD Gateway credentials for the remote computer, RDP+ will also automatically login to the RD Gateway. If not, you will be prompted for credentials.
With the kiosk mode, you can set the GUI to a special restricted mode, in which only the fields for the target computer, username and password are shown. Using a 3-character ‘mask’, you can enable or disable any of the three fields. Each character in the mask stands for one of the three fields (computername, username, password). A 1 will enable the field, a 0 will disable it. For example, /kiosk:011 will disable the computername field and only allow the user to enter the username and password.
The kiosk mode will default to 100 when a mask has not been specified.
Allowed targets list
Using the /allowed command line option, you can restrict users to only a selected range of computers. If the user tries to connect to a computer which is not in the allowed target list, the connection will be denied. This can be especially useful for publishing RDP+ to ‘untrusted’ users.
You can use wildcards in the list, and RDP+ will also try to translate hostnames to IP addresses and vice versa for its matching. So for example, when using /kiosk:100 /allowed:127.0.0.*, a target computer of localhost will be considered valid.
You can specify the drives you want to redirect to the remote computer by using the /drives option. Drives can be specified either by name or by drive type (Fixed, Removable, Network, CD-ROM). To redirect drives that get plugged in later, you can use the drive type Dynamic.
You can also exclude certain drives by preceding them with the minus sign. For example, /drives:fixed,-c:,p: will redirect drive P: and all fixed drives except C:.
If you don’t specify any drive or type, /drives will default to all drives, including the ones plugged in later.
Extended .rdp options
By using the /o switch, you can specify every option supported by the .rdp file. Options should be given in the exact same syntax as used in .rdp files. You can specify multiple options by separating them by commas. To use commas within options, precede them with a backslash.
rdp /start:terminal.exe /o:”shell working directory:s:H:My Documents, redirectcomports:i:1″
rdp /remoteapp:”||ProdDB” /o:”remoteapplicationcmdline:s:proddb, sqlsa, P@ssw0rd, remoteapplicationname:s:Production Database”
The native RDP+ command line switches always take precedence over the /o options. So if you use rdp /printers /o:”redirectprinters:i:0″, then /printers will win.
For an overview of (most of) the possible settings, you may find this page useful.
You can log all started sessions to a semicolon-delimited log file using the /log option. If you don’t specify the name of the log file, it will default to the file rdp.log in the directory containing rdp.exe.
If you do specify a filename, the name can be further customized through both local environment variables (like %COMPUTERNAME%), and some special variables:
%s: Will be expanded to the server name you’re connecting to.
%u: Will be expanded to the username used to login to the remote computer.
%c: Will be expanded to the name of the local client computer. When starting RDP+ locally, this will be the same as %COMPUTERNAME%. When starting RDP+ from within a Terminal Server or Citrix session, %c will contain the computername of the originating client computer (i.e. %CLIENTNAME%).
%y: The 4-digit representation of the current year.
%m: The 2-digit representation of the current month.
%d: The 2-digit representation of the current day.
When connecting to the server nlfps01 on the 31st of December, 2011, this would result in the log file 20111231-nlfps01.log being used.
The log file contains all kinds of information about the computer and user which started the session, and information about the target computer and how the session was started. When RDP+ is launched from within a Terminal Server or Citrix session, it will also log the computername and IP address of the originating client. This can also be useful when using thinclients.
A typical log file could look like this:
2013-03-31 11:11:40;LTP0235;10.0.1.163;Microsoft Windows 7 Professional;DONKZPeteL;-;-;nlfps01;3389;DONKZAdministrator;5.0;7.1;Profile;Normal;-
2013-03-31 11:14:46;LTP0235;10.0.1.163;Microsoft Windows 7 Professional;DONKZPeteL;-;-;nlsql01;3389;sql-sa;5.0;7.1;Password;Normal;-
2013-03-31 11:17:35;DTP0019;10.0.1.157;Microsoft Windows XP Professional;DONKZJohnB;-;-;nlts01;3389;DONKZJohnB;5.0;6.1;Profile;Normal;-
2013-03-31 11:19:51;NLTS01;10.10.1.110;Microsoft Windows Server 2003 Enterprise;DONKZJohnB;DTP0019;10.0.1.157;nlapp01.donkz.local;3389;DONKZHelpdesk;5.0;5.2;Encrypted Password;Alternate Shell;mmc dsa.msc
2013-03-31 11:21:42;LTP0382;10.0.1.146;Microsoft Windows 7 Professional;LTP0382Administrator;-;-;nldc01;3389;DONKZInstall;5.0;7.1;Password;Normal;-
2013-03-31 11:23:16;NLTS02;10.10.1.111;Microsoft Windows Server 2008 R2 Standard;DONKZCharlesV;DTP0124;10.0.1.150;10.10.2.191;3390;Support;5.0;7.1;Encrypted Password;Normal;-
2013-03-31 11:26:07;NLTS02;10.10.1.111;Microsoft Windows Server 2008 R2 Standard;DONKZSecurity02;WS_013184;192.168.200.15;nlapp04;3389;DONKZSecurity;5.0;7.1;Kiosk;Normal;-
2013-03-31 11:28:13;DTP0024;10.10.1.129;Microsoft Windows 7 Professional;DONKZTessaM;-;-;nlts01;3389;DONKZTimeManager;5.0;7.1;Encrypted Password;RemoteApp;||TimeManager
2013-03-31 11:34:54;LTP0235;10.0.1.163;Microsoft Windows 7 Professional;DONKZPeteL;-;-;nlpos82;3389;-;5.0;7.1;Password;Administrative/Console;-
Or, for better readability:
Much like the /log option, the /eventlog option writes an entry in the Application event log:
Log Name: Application
Source: Remote Desktop Plus
Date: 2-04-2013 23:21:09
Event ID: 12701
Task Category: None
Remote Desktop session started…
Date and time: 2013-04-02 23:21:07
IP address: 10.0.1.198
Windows version: Microsoft Windows 7 Ultimate
Local username: DTP0348
TS client name: -
TS IP address: -
Remote computer: nlapp03
Remote port: 3389
Remote user: DONKZ\Administrator
Remote Desktop Plus version: 5.0
Remote Desktop Connection version: 7.1
Password mode: Profile
Session type: Normal
System tray icon
RDP+ features an optional system tray icon. This icon can be used for the following things:
- Managing and launching favorites.
- Starting a new ‘blank’ instance of RDP+.
- Quickly switching to currently active Remote Desktop sessions.
- Automatically load the tray when you start your computer.
When using the kiosk mode, the system tray reverts to a simpler mode, in which only the active sessions are available. This simple mode can also be enforced through the Group Policy.
When creating favorites, you have the option to save them with the option Save secured (user and computer bound). This means the favorite is only available on the computer it was created on. Use this option when you have specified sensitive passwords in the command line.
When not saving it as a secure favorite, the favorite will be available on any computer you logon to when using roaming profiles. It will be saved using the same encryption /pe or Gencrypt uses, so it is still secure from prying eyes.
If you regularly use the same command line parameters, you can also put them in a separate file and specify this file with the @-parameter. RDP+ will then use the contents as its command line parameters.
You can also put normal .rdp file style options in this without this files, without having to precede them with /o. This way you can use the command file as a master .rdp file.
Example of a command file:
/fit /noprinters /drives:fixed /icon:Company.ico /title:"%u on %s - Remote Desktop" enablesuperpan:i:1 keyboardhook:i:2
When starting Remote Desktop Plus from a script, you can use the option /batch to prevent RDP+ from displaying error messages. Instead you can catch potential errors through the exit codes (errorlevels) RDP+ which raises. These are the possible exit codes which can be raised:
0: No errors.
1: General undefined error.
2: Specified connection file not found.
5: Target computer not in the list of allowed targets.
29: Cannot write to the log file.
30: Profile not found.
87: Invalid command line parameter or combination of command line parameters.
161: The format of the specified path is invalid (filename of the connection file, log file or command options file).
259: No responsive server found in the list (when using /lb).
2382: Invalid notation of the specified host name or IP address.
10060: Connection timed out to the specified server.
11001: Remote hostname not found.
Setting default options
You can set some of the command line options as the default option for Remote Desktop Plus by setting the user environment variable RDP. Currently supported are the following options: /w, /h, /fit, /f, /fullscreen, /max, /mon, /[no]printers, /[no]drives, /[no]sound. [no]wallpaper, /log, /t and /tray.
For example, you can set RDP to /fit /mon:2 /noprinters /drives:fixed.
When you set /mon to a number higher than the number of monitors attached to your computer, RDP+ will automatically fall back to monitor 1. This means you can safely set it to 2 if you always want your session to start in the second monitor when it is available.
The default options can of course be overruled by entering the option you want in the command line.
To override the display size with the fixed dimensions from the .rdp file, you can enter either specify /w or /h in the command line, without a dimension.
As of version 5.0 you can localize RDP+ for your own language using a customizable XML file. In the download section you will find a blank template (language_template.xml) which you can use to create your own translation. Once you’re done, save it in the directory containing rdp.exe and replace the template part in the file name with the two letter (ISO 639-1) language code for the language your computer is running. For example: language_de.xml for German.
If you’d like to help translate RDP+, you can send your completed XML files to firstname.lastname@example.org and I’ll put them up in the download section. A Dutch version is already provided.
Group Policies and registry
Some of the behavior of Remote Desktop Plus can be controlled through Group Policies or registry settings. More information about this can be found on this page.Back to top
- Windows XP/2003/Vista/2008/7/8
- Microsoft .NET Framework 2.0 or higher
Note: If you intend to launch Remote Desktop Plus from a local network share and you’re running a version of .NET Framework prior to 3.5 SP1, you’ll need to execute the following command once from the command prompt:
%windir%Microsoft.NETFrameworkv2.0.50727caspol -q -m -ag LocalIntranet_Zone -zone Intranet FullTrust -n “Network shares” -d “Full rights in Local Intranet zone.”
If you only have .NET 4.0 installed and no previous version of .NET, Remote Desktop Plus (or any other program targeted for previous versions of .NET Framework for that matter) will fail to launch with an error Unable to find a version of the runtime to run this application. You don’t necessarily have to install an older version of .NET to fix this however.
Just create a file named rdp.exe.config with the following content and place it in the same directory as rdp.exe:
Alternatively, you can download a ready-made rdp.exe.config from the download page.Back to top
Remote Desktop Plus is free to use for home, personal or corporate use. You may use and distribute the program free of charge for both commercial and non-commercial purposes, as long as end users are not charged a fee of any kind for its use.Back to top
Current version: 5.0
Release date: April 7, 2013
Click here for the complete change log.
Remote Desktop Plus consists of a single executable. No installation required.
Please feel free to leave your comments, bug reports or suggestions…Back to top