1

I am trying to automate some authentication where I connect via RDP, and authenticate with a particular server, using credentials taken from a PROPERTIES file.

On windows, the built in RDP client is mstsc.exe, but it doesnt seem like you can supply login credentials via command line, like on linux and Mac.

Is there any workaround on Windows, using mstsc.exe, where I can authenticate automatically, without any interaction from the user?

Thanks.

eoinzy
  • 2,152
  • 4
  • 36
  • 67

2 Answers2

2

You can store the RDP credentials using the cmdkey tool

    cmdkey.exe /generic:servername /user:username /pass:pass

Once you have run this, your mstsc call will be able to auto login: 

    mstsc.exe /v:servername
Mathias Mamsch
  • 323
  • 1
  • 15
1

Could you use a custom connection file ? Then pass it into MSTSC E.G:

mstsc customfile.RDP

Here's what a RDP file looks like, I saved credentials, note the FULL ADDRESS field and the USERNAME field.

 screen mode id:i:2
use multimon:i:0
desktopwidth:i:1680
desktopheight:i:1050
session bpp:i:32
winposstr:s:0,3,0,0,800,600
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:2
displayconnectionbar:i:1
disable wallpaper:i:1
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:###.###.###.###:####
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
redirectdirectx:i:1
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:1
use redirection server name:i:0
username:s:<USERNAME>

pass that to the mstsc.exe call. I'll try and see where the password is stored.

I wouldn't call this super secure either. I think the password is stored encrypted, it'll be a few minutes until I figure out how.

What are you trying to accomplish exactly? MSTSC doesn't return values based on authentication. So, I'm not sure what you plan on capturing.

kevingreen
  • 1,541
  • 2
  • 18
  • 40
  • Thanks for the reply. I'm writing software to automate SPNEGO authentication over RDP. I was looking at the .RDP file, but I'm writing software which will be used by a tester to test operations under different user/pass combinations. These credentials will be most likely stored in a .PROPERTIES file. I'd have to create a .RDP file for each user, after I extract their credentials from the .PROPERTIES file. – eoinzy Apr 03 '12 at 20:19
  • @eoinzy That's true you'd have to create a file each time, but it could be temporary. Other than the UN, PW & the IP address the file contents could remain the same. You can destroy or overwrite the file each time it's handled. I take it the user would be in control of this Java program each time? I'm trying to understand the benefit of programming this out. Thanks – kevingreen Apr 03 '12 at 20:22
  • The user is going to be a software tester. At the moment, when they're running automation scripts they have to stop and log into RDP. I'm trying to automate this by telling them to supply a list of credentials, and i'll do the rest. all they'd have to do is call something like `myclass.loginNextUser()`. – eoinzy Apr 03 '12 at 20:44
  • 1
    That makes sense. I see how this will be beneficial. I think you could just create a temporary RDP file each time and have it log the user in. I know Spiceworks, an automated network/admin tool (Like Big Brother) could store RDP credentials and use that to log into servers and test for services/connectivity. You could look out into that codebase and see if there's any information there. – kevingreen Apr 03 '12 at 20:46
  • Is that open source? I think I might have to go the route of creating an RDP file per user, at least for Windows. RDP on linux and Mac allow for command line passing of credentials! PS, do you have to supply ALL those lines in the RDP file? Or can you get away with only supplying a few needed ones? – eoinzy Apr 03 '12 at 20:59
  • @eoinzy SpiceWorks was ad supported if I remember, I don't know about the accessibility of the codebase. What are you trying to accomplish exactly? Linux and Mac don't have RDP, they just have SSH (by default anyway, see VNC). Do you need the tester to perform some tasks on the remote server after they log in? Or are you just trying to confirm that they can? – kevingreen Apr 03 '12 at 21:01
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/9655/discussion-between-kevingreen-and-eoinzy) – kevingreen Apr 03 '12 at 21:04
  • Note that on Linux and Mac, passing the credentials on the command line exposes them to other users. This might not matter in your particular scenario, but is usually something to avoid. – Harry Johnston Apr 03 '12 at 21:15
  • I've gone with the idea of creating an RDP file based on each username, however, the question has slightly changed. I can now not encrypt the password properly and I'm getting an error trying to load the RDP file into mstsc. I think I will just have to start a new question for that though, because it might be out of scope for this question. Thanks again. – eoinzy Apr 04 '12 at 19:29