Windows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1. When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. An environment with an enterprise certificate authority can enable certificate autoenrollment to enable trusted certificates on the RDP listener, thus removing the prompt. To get OS X clients to accept the certificate takes a little extra configuration not required on Windows clients.
While I may only be configuring certificates in my lab environment, there’s not much effort required to remove these certificate warnings.
Client Warnings for Untrusted Certificates
Here are the client certificate warnings on various Microsoft Remote Desktop clients, including OS X. First up the original Remote Desktop Connection (mstsc) on Windows:
The new Remote Desktop Universal app on Windows 10:
And the Remote Desktop client on OS X 10.11:
Configuring the Certificate Template
I won’t cover installing and configuring an enterprise certificate authority here; however, here are a number of articles worth reading on this topic:
If it’s OS X 10.8 Mountain Lion that you need you can buy it for £19.99 here US or here UK As with Lion, Apple will send you a download code to use on the Mac App Store, so you will need to be. SolarWinds Dameware Remote Everywhere (DRE) SolarWinds DRE is a highly comprehensive. Global Nav Open Menu Global Nav Close Menu; Apple; Shopping Bag +.
![Mstsc Mstsc](/uploads/1/3/3/8/133825880/557453308.jpg)
To configure a certificate for use with Remote Desktop Services (or RDP into any Windows PC), you’ll need to create a new certificate template and enable both the Server Authentication and the Remote Desktop Authentication application policies. This was key for OS X clients - both of these policies must exist. Some articles will walk through this configuration and recommend removing the Server Authentication policy; however, the certificates will then not work on non-Windows clients.
This article has a great walk-through of the entire process and more: RDP TLS Certificate Deployment Using GPO. In my lab, I’ve created a ‘Remote Desktop Computer’ certificate template and enabled it to be autoenrolled via Group Policy.
Certificate Template Options
To create the new template, open the Certificate Templates console and duplicate the Computer template. Use this template because it already has the Server Authentication policy enabled.
Navigate to the Extensions tab, edit the ‘Application Policies’ extension and remove ‘Client Authentication’ from the list. Microsoft fortran powerstation 4.0 serial.
After you added the ‘Remote Desktop Authentication’ policy, you should see the policies and see in the following dialog box. See below for the actual ’Remote Desktop Authentication’ policy.
Best os for mac 2012. Adding the ’Remote Desktop Authentication’ policy requires adding a new extension named ‘Remote Desktop Authentication’ (or similar) with an object value of “1.3.6.1.4.1.311.54.1.2” (excluding quotes). and enter the values as above.
Save the template and configure your CA to issue the new template. In my lab my certificate template display name ‘Remote Desktop Computer’. Since my first template failed, it’s actually called ‘Remote Desktop Computer v2’. However, the important name to note for the next step is the actual template name, which can be found on the General tab of the template. In my case this is ‘RemoteDesktopComputerv2’ (the display name, minus the spaces).
Configure Autorenrollment
To configure autoenrollment, I’ve created a new GPO dedicated to the autoenrollment setting and linked it to the organisational units containing server and workstation computer account objects. Force mac to open an app. Edit the policy and enable the following setting:
Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security / Server authentication certificate template
Add the name of the certificate template and shown in the screenshot below:
Mstsc Mac Os X Download Mac
Once a Group Poliy refresh occurs or on the next boot, the target Windows machines will autoenroll for the certificate and configure their RDP listener.
OS X Configuration
Now that my Remote Desktop certificates are configured for autoentrollment and Windows machines are picking up the certificates, I can import the root CA certificate into my MacBook running OS X.
Navigate to the URL of your certificate server (e.g. http://cert1/certsrv) and download the certificate via ‘Download a CA certificate, certificate chain, or CRL’. Download the CA certificate in DER format. Find the downloaded certificate in Finder and open the certificate to install it into Keychain.
Once installed the certificate is not automatically trused as you can see below:
Set the certificate to be trusted by selecting ‘Alway Trust’ from the ‘When using this certificate’ option. Close the certificate properties window and you should be prompted for your password to save the changes. Now when connecting to PCs via the Remote Desktop client, you should no longer receive certificate warnings.
This article shows how to install the root CA certificate via Terminal, which should assist in automating the import across a number of Macs.
You have the ability to access your hosted RDP session from a Mac OS X. To access the RDP environment from a Mac OS X, you will need to download the Microsoft Remote Desktop app. The following steps will instruct you on how to access your session using the Microsoft Remote Desktop app.
Please note: If this is your first time logging into the RDP environment and you have not yet created your own password, you will need to do so prior to proceeding with the set up instructions below. You will not be able to successfully log into your RDP session until you have created your own password. Click here for instructions.
- Download the Microsoft Remote Desktop app from the Mac App Store.
- Once downloaded and installed, click and open the Microsoft Remote Desktop app.
- You will see the following screen. Click Remote Resources.
- Fill in the URL (https://cloud.promas.com/rdweb/feed/webfeed.aspx), Username and Password fields with the appropriate information. Then, click Refresh.
- After clicking Refresh, the application(s)/remote desktop available to you will appear in the Remote Resources window (as shown below).
You have now successfully set up access to your RDP environment on your Mac.
- You will always use the Microsoft Remote Desktop application to access your hosted session.
- Once you have set up access by completing the above steps, you can simply launch the Remote Desktop application and select your application or Remote Desktop from the Remote Resources list (shown in Step 5) for future logins.
- If you selected your application icon, the application will open.
- If you selected the Remote Desktop icon, you will be taken to your remote desktop.
- Please note that upon your first login you will need to set the local drive that will be accessible from the remote session.
- Click the dropdown, then click browse
- Use Shift + Command + H to select the users Home Folder or select the Home Folder from the Dropdown and click Choose.
- Make sure the Drive path is set to /Users/username (username is an example) Check the box “Do not ask again…” and click Connect.
- Download the Microsoft Remote Desktop app from the Mac App Store.
- Once downloaded and installed, click and open the Microsoft Remote Desktop app.
- You will see the following screen. Click Remote Resources.
- Fill in the URL (https://cloud.promas.com/rdweb/feed/webfeed.aspx), Username and Password fields with the appropriate information. Then, click Refresh.
- After clicking Refresh, the application(s) available to you will appear in the Remote Resources window (as shown below).
You have now successfully set up access to your RDP environment on your Mac.
- You will always use the Microsoft Remote Desktop application to access your hosted session.
- Once you have set up access by completing the above steps, you can simply launch the Microsoft Remote Desktop application and select your application from the Remote Resources list (shown in Step 5) for future logins.
- Please note that upon your first login you will need to set the local drive that will be accessible from the remote session.
- Click the dropdown, then click browse
- Use Shift + Command + H to select the users Home Folder or select the Home Folder from the Dropdown and click Choose.
- Make sure the Drive path is set to /Users/username (username is an example) Check the box “Do not ask again…” and click Connect.
- Download the Microsoft Remote Desktop app from the Mac App Store.
- Once downloaded and installed, click and open the Microsoft Remote Desktop app.
- You will see the following screen. Click on the 'gear' icon and then Preferences.
- On the Preferences window click on General and then click Choose Folder from the dropdown under 'If folder redirection..'.
- Use Shift + Command + H to select the users Home Folder or select the Home Folder from the Dropdown and click Choose.
- On the Preferences window click on User Accounts and then click on the + sign to access the Add User Account pop-up.
- Fill in your User Name and Password in the Add User Account pop-up and click Save.
- Close the Preferences window to return to the main screen.
- Click on the + sign to add a new Remote Resources.
- Fill in provided URL (https://cloud.promas.com/rdweb/feed/webfeed.aspx). Click 'Find Feed'.
- Select your account and click 'Add Feed'.
- Double click on your new Work Resource to log into the hosted environment.
You have now successfully set up access to your RDP environment on your Mac.
Mstsc Mac Os X Download Dmg
- You will always use the Microsoft Remote Desktop application to access your hosted session.
- Once you have set up access by completing the above steps, you can simply launch the Microsoft Remote Desktop application and select your resource from the Remote Resources list (shown in Step 12) for future logins.