Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Automatically create RDP file with password

Home Forums Virtualization Terminal Services Automatically create RDP file with password

Viewing 1 post (of 1 total)
  • Author
    Posts

  • JeremyW
    Participant
    #133213

    Recently I had a need to distribute an RDP file to several users that, when they use it, would log them on without prompting for username and password. We all know that it is possible to save an RDP file with the password in it but the problem is when you move it between users or computers the password doesn’t work.

    Info on why can be found here http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/

    The above link also provides code for converting a password string into the encrypted password. After a crash course in VB.NET I was able to write a utility that will hash a password properly for an RDP file.

    So with this utility I’m able to dynamically create an RDP file with the password in it and deploy the script to whoever needs it.

    Giving credit where it’s due. The VB.NET example from here was the base and with a few tweaks from the comments in the first link I was able to get a working utility.

    Usage for the utility:
    cryptRDP5.exe password[/CODE]

    Here’s an example batch [SIZE=”1″](I named it [B]LTD2.cmd[/B] but you can change that)[/SIZE] that I used as a logon script. (the password argument was passed by the GPO)
    [CODE]:: Usage:
    :: LTD2.cmd password
    ::
    :: Variables:
    :: “hashtool” – location of the hash tool
    :: “outputfile” – destination and name for the .rdp file
    :: “comp” – computer name (can be FQDN or NetBIOS)
    :: “domain” – name of authenticating domain
    :: (if stand-alone enter computer name)
    :: “usr” – Username

    @echo
    Off

    If “%1″==”” Goto EOF

    set pwd=%1
    Set hashtool=”%ProgramFiles%CryptRDPcryptRDP5.exe”
    set outputfile=”%userprofile%desktopcomputerA.rdp”
    set comp=ComputerA
    set domain=jeremyw
    set usr=imuser

    for /f “tokens=*” %%a in (‘%hashtool% %pwd%’) do set pwdhash=%%a

    :CreateRDP
    If EXIST %outputfile% del %outputfile%
    Echo screen mode id:i:2>> %outputfile%
    Echo desktopwidth:i:1024>> %outputfile%
    Echo desktopheight:i:768>> %outputfile%
    Echo session bpp:i:24>> %outputfile%
    Echo winposstr:s:0,1,32,68,800,572>> %outputfile%
    Echo full address:s:%comp%>> %outputfile%
    Echo compression:i:1>> %outputfile%
    Echo keyboardhook:i:2>> %outputfile%
    Echo audiomode:i:2>> %outputfile%
    Echo redirectdrives:i:0>> %outputfile%
    Echo redirectprinters:i:0>> %outputfile%
    Echo redirectcomports:i:0>> %outputfile%
    Echo redirectsmartcards:i:1>> %outputfile%
    Echo displayconnectionbar:i:1>> %outputfile%
    Echo autoreconnection enabled:i:1>> %outputfile%
    Echo authentication level:i:0>> %outputfile%
    Echo username:s:%usr%>> %outputfile%
    Echo domain:s:%domain%>> %outputfile%
    Echo alternate shell:s:>> %outputfile%
    Echo shell working directory:s:>> %outputfile%
    Echo password 51:b:%pwdhash%>> %outputfile%
    Echo disable wallpaper:i:1>> %outputfile%
    Echo disable full window drag:i:0>> %outputfile%
    Echo disable menu anims:i:0>> %outputfile%
    Echo disable themes:i:0>> %outputfile%
    Echo disable cursor setting:i:0>> %outputfile%
    Echo bitmapcachepersistenable:i:1>> %outputfile%

    :EOF[/CODE]

    Hope you find it useful!
    8)[CODE]cryptRDP5.exe password[/CODE]

    Here’s an example batch (I named it LTD2.cmd but you can change that) that I used as a logon script. (the password argument was passed by the GPO)
    :: Usage:
    :: LTD2.cmd password
    ::
    :: Variables:
    :: “hashtool” – location of the hash tool
    :: “outputfile” – destination and name for the .rdp file
    :: “comp” – computer name (can be FQDN or NetBIOS)
    :: “domain” – name of authenticating domain
    :: (if stand-alone enter computer name)
    :: “usr” – Username

    @echo
    Off

    If “%1″==”” Goto EOF

    set pwd=%1
    Set hashtool=”%ProgramFiles%CryptRDPcryptRDP5.exe”
    set outputfile=”%userprofile%desktopcomputerA.rdp”
    set comp=ComputerA
    set domain=jeremyw
    set usr=imuser

    for /f “tokens=*” %%a in (‘%hashtool% %pwd%’) do set pwdhash=%%a

    :CreateRDP
    If EXIST %outputfile% del %outputfile%
    Echo screen mode id:i:2>> %outputfile%
    Echo desktopwidth:i:1024>> %outputfile%
    Echo desktopheight:i:768>> %outputfile%
    Echo session bpp:i:24>> %outputfile%
    Echo winposstr:s:0,1,32,68,800,572>> %outputfile%
    Echo full address:s:%comp%>> %outputfile%
    Echo compression:i:1>> %outputfile%
    Echo keyboardhook:i:2>> %outputfile%
    Echo audiomode:i:2>> %outputfile%
    Echo redirectdrives:i:0>> %outputfile%
    Echo redirectprinters:i:0>> %outputfile%
    Echo redirectcomports:i:0>> %outputfile%
    Echo redirectsmartcards:i:1>> %outputfile%
    Echo displayconnectionbar:i:1>> %outputfile%
    Echo autoreconnection enabled:i:1>> %outputfile%
    Echo authentication level:i:0>> %outputfile%
    Echo username:s:%usr%>> %outputfile%
    Echo domain:s:%domain%>> %outputfile%
    Echo alternate shell:s:>> %outputfile%
    Echo shell working directory:s:>> %outputfile%
    Echo password 51:b:%pwdhash%>> %outputfile%
    Echo disable wallpaper:i:1>> %outputfile%
    Echo disable full window drag:i:0>> %outputfile%
    Echo disable menu anims:i:0>> %outputfile%
    Echo disable themes:i:0>> %outputfile%
    Echo disable cursor setting:i:0>> %outputfile%
    Echo bitmapcachepersistenable:i:1>> %outputfile%

    :EOF[/CODE]

    Hope you find it useful!
    8)[CODE]:: Usage:
    :: LTD2.cmd password
    ::
    :: Variables:
    :: “hashtool” – location of the hash tool
    :: “outputfile” – destination and name for the .rdp file
    :: “comp” – computer name (can be FQDN or NetBIOS)
    :: “domain” – name of authenticating domain
    :: (if stand-alone enter computer name)
    :: “usr” – Username

    @echo
    Off

    If “%1″==”” Goto EOF

    set pwd=%1
    Set hashtool=”%ProgramFiles%CryptRDPcryptRDP5.exe”
    set outputfile=”%userprofile%desktopcomputerA.rdp”
    set comp=ComputerA
    set domain=jeremyw
    set usr=imuser

    for /f “tokens=*” %%a in (‘%hashtool% %pwd%’) do set pwdhash=%%a

    :CreateRDP
    If EXIST %outputfile% del %outputfile%
    Echo screen mode id:i:2>> %outputfile%
    Echo desktopwidth:i:1024>> %outputfile%
    Echo desktopheight:i:768>> %outputfile%
    Echo session bpp:i:24>> %outputfile%
    Echo winposstr:s:0,1,32,68,800,572>> %outputfile%
    Echo full address:s:%comp%>> %outputfile%
    Echo compression:i:1>> %outputfile%
    Echo keyboardhook:i:2>> %outputfile%
    Echo audiomode:i:2>> %outputfile%
    Echo redirectdrives:i:0>> %outputfile%
    Echo redirectprinters:i:0>> %outputfile%
    Echo redirectcomports:i:0>> %outputfile%
    Echo redirectsmartcards:i:1>> %outputfile%
    Echo displayconnectionbar:i:1>> %outputfile%
    Echo autoreconnection enabled:i:1>> %outputfile%
    Echo authentication level:i:0>> %outputfile%
    Echo username:s:%usr%>> %outputfile%
    Echo domain:s:%domain%>> %outputfile%
    Echo alternate shell:s:>> %outputfile%
    Echo shell working directory:s:>> %outputfile%
    Echo password 51:b:%pwdhash%>> %outputfile%
    Echo disable wallpaper:i:1>> %outputfile%
    Echo disable full window drag:i:0>> %outputfile%
    Echo disable menu anims:i:0>> %outputfile%
    Echo disable themes:i:0>> %outputfile%
    Echo disable cursor setting:i:0>> %outputfile%
    Echo bitmapcachepersistenable:i:1>> %outputfile%

    :EOF[/CODE]

    Hope you find it useful!
    8)

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: