I agree with Mark for the same reasons.
I would add, though, that there are ways to make "auto-connect" work.
We have a single-click, auto-connect system working in our VCL installation.
The basic principal is to define a protocol handler and format the URI so that
it is understandable to the target RDP application.
There are trade-offs (of course) with this approach, but it makes the VCL much
more user-friendly while retaining the security of randomized credentials.
Basically, I wrote some front-end web code so that when a user lands on the
"Connect to your reservation" page, he or she can select the desired screen
size (the default is set in user preferences) and click on "Connect".
(A screen shot is below.)
That action generates a URI such as the following:
rdp://{username}:{password}@{host}?forwardDisks=yes&forwardPrinters=yes... (and
so on with all the appropriate parameters)
The first time a browser encounters an unknown protocol such as rdp://, it will
prompt the user for a 'default application' to associate with that. The user
can select an application to use and then the login happens immediately.
The next question is which applications can handle URIs using the rdp protocol?
For OS X, the answer is easy: CoRD. You can just request that users install
that application. CoRD doesn't handle sound, so if that is necessary, your
users can still use MS Remote Desktop Client; they will just have to manually
enter their credentials.
For Linux users, RDesktop can be started from the command line with a supplied
username and password. So I simply wrote a perl script that parses the rdp://
URI and translates it into an appropriate command.
For Windows, it is a bit trickier. Basically, the protocol handlers are defined
in the system registry, and Windows' built-in RDP client doesn't accept
passwords from the command line. So in order to solve both issues, I wrote a
.NET application that, upon installation defines the appropriate protocol
handler in the registry and installs an application that can parse it. The
application is really just a thin wrapper around Microsoft's terminal services
library. I don't believe I can distribute the code for this, but I can
certainly give you some pointers on how to write something similar yourself.
Obviously, this doesn't work for iOS devices.
Best regards,
Aaron
[cid:6835B418-4B53-486C-8956-6A0DD26C1F70]
--
Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
acob...@amherst.edu<mailto:acob...@amherst.edu>
On May 25, 2012, at 11:35 AM, Mark Gardner wrote:
In general, I would rather keep things as they are. But if that
capability is added, I would prefer to have it be an option as the
current one-time random password is much more secure. (Our experience
is that users generally pick poor passwords. Perhaps this can be a
development-only option?)
Mark
On Fri, May 25, 2012 at 11:25 AM, Dmitri Chebotarov
<dcheb...@gmu.edu<mailto:dcheb...@gmu.edu>> wrote:
Hi
Would it be possible, and is it good idea in general due to possible security
risks, to add "Preferred Password" field on User Preferences page (under RDP
File Preferences or Personal Information?) to allow user to provide a password
for all his/her reservations?
Then VCL would use this password (if it's there) for reservations instead of
auto-generated password.
This is not an auto-connect option, but at least it will make it easier to use
VCL.
For the last couple days I've been using VCL for some testing and it would be
nice to have the same password for all my reservations.
--
Thank you,
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404
--
Mark Gardner
--
