Windows Remote Desktop Protocol
Windows Remote Desktop Protocol
On your local Windows 10 PC: In the search box on the taskbar, type Remote Desktop Connection, and then select Remote Desktop Connection. In Remote Desktop Connection, type the name of the PC you want to connect to (from Step 1), and then select Connect.
Requirements
- Go to the Start menu, select Run, then enter regedt32 into the text box that appears. To connect to a remote computer, select File, and then select Connect Network Registry. In the Select Computer dialog box, enter the name of the remote computer, select Check Names, and then select OK.
- Remote Desktop Protocol (RDP) is a tried and tested protocol that sysadmins have been using for years. It’s so widely used I would be shocked to meet a sysadmin that hasn’t used it. But, just because something is widely used doesn’t mean that it’s without its flaws.
- Windows 10
- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with Windows Defender Remote Credential Guard.
Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release.
Remote Desktop with Biometrics
Requirements
- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
- Biometric enrollments
- Windows 10, version 1809
Users using earlier versions of Windows 10 could remote desktop to using Windows Hello for Business but were limited to the using their PIN as their authentication gesture. Windows 10, version 1809 introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture. The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809.
How does it work
Windows generates and stores cryptographic keys using a software component called a key storage provider (KSP). Software-based keys are created and stored using the Microsoft Software Key Storage Provider. Smart card keys are created and stored using the Microsoft Smart Card Key Storage Provider. Keys created and protected by Windows Hello for Business are created and stored using the Microsoft Passport Key Storage Provider.
A certificate on a smart card starts with creating an asymmetric key pair using the Microsoft Smart Card KSP. Windows requests a certificate based on the key pair from your enterprises issuing certificate authority, which returns a certificate that is stored in the user's Personal certificate store. The private key remains on the smart card and the public key is stored with the certificate. Metadata on the certificate (and the key) store the key storage provider used to create the key (remember the certificate contains the public key).
This same concept applies to Windows Hello for Business. Except, the keys are created using the Microsoft Passport KSP and the user's private key remains protected by the device's security module (TPM) and the user's gesture (PIN/biometric). The certificate APIs hide this complexity. When an application uses a certificate, the certificate APIs locate the keys using the saved key storage provider. The key storage providers directs the certificate APIs on which provider they use to find the private key associated with the certificate. This is how Windows knows you have a smart card certificate without the smart card inserted (and prompts you to insert the smart card).
Windows Hello for Business emulates a smart card for application compatibility. Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN. Windows 10, version 1809 no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows 10 to prompt the user for their biometric gesture or PIN.
Compatibility
Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates. You can relax knowing a Group Policy setting and a MDM URI exist to help you revert to the previous behavior for those users who need it.
Windows Remote Desktop Download
Important
The remote desktop with biometric feature does not work with Dual Enrollment feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature.
Related topics
- Setup
- Disconnect from Server
Overview
The Remote Desktop Protocol (RDP) is a protocol developed by Microsoft to connect and control a remote computer from another one. More information about this can be found on MSDN. It is a client-server based protocol, the remote computer to access must have an RDP server running. For Embedded Windows, a client named Windows Embedded Compact Terminal Services Client (CETSC) is available that can connect to a server with Terminal Server functionality enabled.
_NOTE: The RDP feature is not included with the standard Windows Embedded Compact Licenses provided by Toradex. Please check our article about Windows Embedded Compact License and Components.
This article demonstrates how CETSC on Windows Embedded Compact 7 (WinEC7) can access and control applications running on a Windows 7 device. For more information on this feature, click here. No support for Windows CE6.0 and Windows Compact Embedded 2013.
Setup
RDP Server Setup
- On a Windows 7 PC/Laptop, go to Control Panel >System and Security >System and click on Remote Settings. The following window will open:
- Select 'Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)' and press OK.
Microsoft Remote Desktop Protocol Rdp
Note: If the server is connected through a router then make sure port-forwarding is done to the router to access the server globally over the internet.
RDP Client Setup
- Download the RDP Client for WinEC7 from here.
- Unzip the package and copy the CAB installer to the Windows CE device. Double click on the installer to install the package. (Do not change the default installation path.)
Establish Connection
- After installation, go to FlashDisk >System and double click on the application cetsc.exe. The following window will appear:
- Enter the IP address of the Windows 7 system running the RDP server and press 'Connect' as shown below:
- The following window will open requesting the credentials of the server to connect. Enter the details (user name and password) and press OK.
- A window will appear showing the connection status.
- The following image shows the Windows 7 desktop screen accessible on WinEC7 client terminal. Windows features and applications like audio, video, clipboard, networking etc. can be easily accessed.
Disconnect from Server
Disconnect without ending the session
- In the Remote Desktop Connection window, go to Start > Shutdown section and click on 'Disconnect' as shown below. This will close the connection but all the applications and programs keep running on the server side.
Disconnect and end the session
- In the Remote Desktop Connection window, go to Start > Shutdown section and click on 'Log off'. This will close the connection as well as all the programs.
See also