Windows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1. When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. An environment with an enterprise certificate authority can enable certificate autoenrollment to enable trusted certificates on the RDP listener, thus removing the prompt. To get OS X clients to accept the certificate takes a little extra configuration not required on Windows clients.
While I may only be configuring certificates in my lab environment, there’s not much effort required to remove these certificate warnings.
On Windows Explorer or MacOS Finder, double-click on the.rdp file saved earlier to invoke an RDP client program (if one is installed on Mac, see below). On the RDP client, click on the Password input field and paste the Clipboard contents. To get started, download and install the client on your macOS device. Subscribe to a feed. Subscribe to the feed your admin gave you to get the list of managed resources available to you on your macOS device. To subscribe to a feed: Select Add Workspace on the main page to connect to the service and retrieve your resources. Enter the Feed URL.
Client Warnings for Untrusted Certificates
Here are the client certificate warnings on various Microsoft Remote Desktop clients, including OS X. First up the original Remote Desktop Connection (mstsc) on Windows:
Mac users interested in Rdp 2x mac 10.6.8 generally download: 2X Client RDP (Remote Desktop) 11.1 Free 2X RDP Client for Mac allows you to simply connect, via RDP (Remote Desktop Protocol. As with most modern Mac applications, Microsoft Remote Desktop is available for download through the Mac App Store. Go to the icon Dock on your desktop and click the blue 'App Store' icon to open it.
The new Remote Desktop Universal app on Windows 10:
And the Remote Desktop client on OS X 10.11:
Configuring the Certificate Template
I won’t cover installing and configuring an enterprise certificate authority here; however, here are a number of articles worth reading on this topic:
To configure a certificate for use with Remote Desktop Services (or RDP into any Windows PC), you’ll need to create a new certificate template and enable both the Server Authentication and the Remote Desktop Authentication application policies. This was key for OS X clients - both of these policies must exist. Some articles will walk through this configuration and recommend removing the Server Authentication policy; however, the certificates will then not work on non-Windows clients.
This article has a great walk-through of the entire process and more: RDP TLS Certificate Deployment Using GPO. In my lab, I’ve created a ‘Remote Desktop Computer’ certificate template and enabled it to be autoenrolled via Group Policy.
Certificate Template Options
To create the new template, open the Certificate Templates console and duplicate the Computer template. Use this template because it already has the Server Authentication policy enabled.
Navigate to the Extensions tab, edit the ‘Application Policies’ extension and remove ‘Client Authentication’ from the list.
After you added the ‘Remote Desktop Authentication’ policy, you should see the policies and see in the following dialog box. See below for the actual ’Remote Desktop Authentication’ policy.
Adding the ’Remote Desktop Authentication’ policy requires adding a new extension named ‘Remote Desktop Authentication’ (or similar) with an object value of “1.3.6.1.4.1.311.54.1.2” (excluding quotes). and enter the values as above.
Save the template and configure your CA to issue the new template. In my lab my certificate template display name ‘Remote Desktop Computer’. Since my first template failed, it’s actually called ‘Remote Desktop Computer v2’. However, the important name to note for the next step is the actual template name, which can be found on the General tab of the template. In my case this is ‘RemoteDesktopComputerv2’ (the display name, minus the spaces).
Configure Autorenrollment
To configure autoenrollment, I’ve created a new GPO dedicated to the autoenrollment setting and linked it to the organisational units containing server and workstation computer account objects. Edit the policy and enable the following setting:
Add the name of the certificate template and shown in the screenshot below:
Download Remote Desktop Connection Client For Mac Os X
Once a Group Poliy refresh occurs or on the next boot, the target Windows machines will autoenroll for the certificate and configure their RDP listener.
OS X Configuration
Download Remote Desktop For Mac
Now that my Remote Desktop certificates are configured for autoentrollment and Windows machines are picking up the certificates, I can import the root CA certificate into my MacBook running OS X.
Navigate to the URL of your certificate server (e.g. http://cert1/certsrv) and download the certificate via ‘Download a CA certificate, certificate chain, or CRL’. Download the CA certificate in DER format. Find the downloaded certificate in Finder and open the certificate to install it into Keychain.
Once installed the certificate is not automatically trused as you can see below:
Set the certificate to be trusted by selecting ‘Alway Trust’ from the ‘When using this certificate’ option. Close the certificate properties window and you should be prompted for your password to save the changes. Now when connecting to PCs via the Remote Desktop client, you should no longer receive certificate warnings.
This article shows how to install the root CA certificate via Terminal, which should assist in automating the import across a number of Macs.
Microsoft Remote Desktop 10 on macOS
Hello everyone, you can now download Microsoft Remote Desktop 10 for Mac and experience quiet honestly the best remote desktop app you can use on your macOS, period. I say this because most of who are using an iMac or Macbook mostly need to remote control our Windows computers but with little effort you can easily manage to control your Linux OS and even ChromeOS computers all with this great software by Microsoft.
Today we will highlight some reasons why we think you should go ahead and give Microsoft’s Remove Desktop 10 a try. This RDP software is crucial to many schools, businesses and even for individual/person usage. Sometimes we just need to use our Windows OS but we might be too far from home or our laptop to access it. MSRD10 can also connect to Windows Servers in case you server administrators were wondering about that. I have been using Microsoft Remote Desktop for the past 3-4 years and I have no complaints so far. It is free and it is well updated and managed by Microsoft and it simply gets the job done. Not to mention it doesn’t use many resources and it is compatible with the last macOS and the previous ones as well. Let us know in the comments if you don’t like it, or maybe it’s missing a feature? Do you love it? Let us know below.
What Is Microsoft Remote Desktop 10
Microsoft Remote Desktop 10 lets you connect to a remote PC or virtual apps and desktops made available by your administrator. The app helps you be productive no matter where you are. Configure your PC for remote access first by download the Remote Desktop assistant to your PC and let it do the work for you.
Microsoft Remote Desktop 10 Features
• Access remote PCs running Windows Professional or Enterprise and Windows Server
• Access remote resources published by your IT administrator
• Connect remotely through a Remote Desktop Gateway
• Secure connection to your data and applications
• Streamlined management of your connections from the connection center
• High quality video and audio streaming
Install Microsoft Remote Desktop 10 on Macbook & iMac
Microsoft Remote Desktop 10 Screenshot
Mac Rdp Settings
Microsoft Remote Desktop 10 Video
Download Microsoft Remote Desktop For Mac Os X
Remember to like our facebook and our twitter @macheatdotcom for more Mac apps and news.