10.8. Inband destination selection in RDP connections

To use inband destination selection with RDP connections, it is recommended to use PSM as a Remote Desktop Gateway (or RD Gateway). For details, see Procedure 10.6, Using PSM as a Remote Desktop Gateway.

To use inband destination selection with RDP connections without using PSM as a Remote Desktop Gateway (or RD Gateway), you must use SSL-encrypted RDP connections (see Procedure 10.5, Enabling TLS-encryption for RDP connections).

Configure your RDP clients so PSM can record the username of client uses in the connection. If you do not configure these settings on the clients, PSM will automatically display a login screen for the users to enter their usernames and passwords. Note that although PSM automatically displays a login screen if it cannot determine the username used in the connection, currently you cannot specify the destination address in this login screen, only in your RDP client application.

  • On Windows Vista SP1 and newer platforms (Remote Desktop Protocol 6.1 or newer):

    Navigate to Local Group Policy Editor > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client and enable the Prompt for credentials on the client computer option in the clients. For details, see the Microsoft Documentation.

  • On Windows Vista and older platforms (Remote Desktop Protocol 6.0 or older):

    Configure your RDP clients to save the credentials, or make sure that the Allow me to save credentials option is selected in the RDP client.

Also, your users have to encode the address of the destination server in their username, in the username field of their client application. Note that although PSM automatically displays a login screen if it cannot determine the username used in the connection, currently you cannot specify the destination address in this login screen, only in your RDP client application. Since most RDP client applications limit which special characters can be used in usernames, this is not always intuitive. For the Microsoft Remote Desktop application (mstsc) and the login screen that PSM displays, note the following points:

  • Use % character to separate the fields, for example: username%my-targetserver

  • To specify the port number of the server (if it does not use the default port), use the caret ^ character, for example: username%my-targetserver^6464

  • To specify an IPv6 address, replace the colons with carets, and enclose the address in parentheses. For example, to target the ::1 IP address, use username%(^^1). To target port 6464 of the same server, use username%(^^1)^6464.