Windows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1. When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. An environment with an enterprise certificate authority can enable certificate autoenrollment to enable trusted certificates on the RDP listener, thus removing the prompt. To get OS X clients to accept the certificate takes a little extra configuration not required on Windows clients.
While I may only be configuring certificates in my lab environment, there’s not much effort required to remove these certificate warnings.
3 Free Ways to Remotely Connect to Your Mac’s Desktop Chris Hoffman @chrisbhoffman January 31, 2014, 6:40am EDT Apple sells Apple Remote Desktop on the Mac App Store for $80, but you don’t have to spend any money to remotely connect to your Mac. The only reliable way to create a remote print-screen is by using the Windows On-Screen Keyboard. It even works with Alt-Prt+Sc to make screenshots of individual Windows. Just run OSK to start the On-Screen Keyboard. --jeroen via: osx - How to print screen in Remote Desktop Client (RDS) on Mac OS X? - Super User.
Client Warnings for Untrusted Certificates
Sql server gui client for mac. Here are the client certificate warnings on various Microsoft Remote Desktop clients, including OS X. First up the original Remote Desktop Connection (mstsc) on Windows:
The new Remote Desktop Universal app on Windows 10:
And the Remote Desktop client on OS X 10.11:
The tutorial demonstrates how to connect to a PC running windows XP- 8 from a Mac running lion-Mavericks. Download Link: http://www.microsoft.com/en-us/downl.
If you do not have an application called Remote Desktop Connection in your Applications folder and your Mac OS version is lower than Mac OS 10.6.6, then you can try downloading the Remote Desktop Connectino for Mac 2.1.2 below.
You can use the Remote Desktop client for Mac to work with Windows apps, resources, and desktops from your Mac computer. Use the following information to get started - and check out the FAQ if you have questions.
Configuring the Certificate Template
I won’t cover installing and configuring an enterprise certificate authority here; however, here are a number of articles worth reading on this topic:
To configure a certificate for use with Remote Desktop Services (or RDP into any Windows PC), you’ll need to create a new certificate template and enable both the Server Authentication and the Remote Desktop Authentication application policies. This was key for OS X clients - both of these policies must exist. Some articles will walk through this configuration and recommend removing the Server Authentication policy; however, the certificates will then not work on non-Windows clients.
This article has a great walk-through of the entire process and more: RDP TLS Certificate Deployment Using GPO. In my lab, I’ve created a ‘Remote Desktop Computer’ certificate template and enabled it to be autoenrolled via Group Policy.
Windows Remote Desktop Client For Mac Lion 10.7
Certificate Template Options
To create the new template, open the Certificate Templates console and duplicate the Computer template. Use this template because it already has the Server Authentication policy enabled.
Navigate to the Extensions tab, edit the ‘Application Policies’ extension and remove ‘Client Authentication’ from the list.
After you added the ‘Remote Desktop Authentication’ policy, you should see the policies and see in the following dialog box. See below for the actual ’Remote Desktop Authentication’ policy.
Macbook Remote Desktop To Windows
Adding the ’Remote Desktop Authentication’ policy requires adding a new extension named ‘Remote Desktop Authentication’ (or similar) with an object value of “1.3.6.1.4.1.311.54.1.2” (excluding quotes). and enter the values as above.
Save the template and configure your CA to issue the new template. In my lab my certificate template display name ‘Remote Desktop Computer’. Since my first template failed, it’s actually called ‘Remote Desktop Computer v2’. However, the important name to note for the next step is the actual template name, which can be found on the General tab of the template. In my case this is ‘RemoteDesktopComputerv2’ (the display name, minus the spaces).
Configure Autorenrollment
To configure autoenrollment, I’ve created a new GPO dedicated to the autoenrollment setting and linked it to the organisational units containing server and workstation computer account objects. Edit the policy and enable the following setting:
Add the name of the certificate template and shown in the screenshot below:
Once a Group Poliy refresh occurs or on the next boot, the target Windows machines will autoenroll for the certificate and configure their RDP listener.
OS X Configuration
Now that my Remote Desktop certificates are configured for autoentrollment and Windows machines are picking up the certificates, I can import the root CA certificate into my MacBook running OS X.
Navigate to the URL of your certificate server (e.g. http://cert1/certsrv) and download the certificate via ‘Download a CA certificate, certificate chain, or CRL’. Download the CA certificate in DER format. Find the downloaded certificate in Finder and open the certificate to install it into Keychain.
Once installed the certificate is not automatically trused as you can see below:
Set the certificate to be trusted by selecting ‘Alway Trust’ from the ‘When using this certificate’ option. Close the certificate properties window and you should be prompted for your password to save the changes. Now when connecting to PCs via the Remote Desktop client, you should no longer receive certificate warnings.
This article shows how to install the root CA certificate via Terminal, which should assist in automating the import across a number of Macs.