Configure authentication on the client by using an .rdp file

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure authentication on the client by using an .rdp file

1. Open Remote Desktop Connection.

2. Click Options.

3. On the Security tab, in the Authentication list, click the authentication option that you want. You can select from the following options:

   • No authentication. If you select this option, the server is not authenticated.

   • Attempt authentication. If you select this option, Transport Level Security (TLS) 1.0 is used to authenticate the terminal server, if TLS 1.0 is supported and correctly configured.

   • Require authentication. If you select this option, TLS is required to authenticate the server. If TLS is not supported or correctly configured, the connection fails. This option is only available for clients that are connecting to terminal servers running Windows Server 2003 Service Pack 1 (SP1).

4. On the General tab, click Save As.

5. Enter a file name for the saved connection file, and then click Save. Connections are saved as Remote Desktop protocol (.rdp) files.

6. Distribute the .rdp file to client computers.

Important

• If you plan to use TLS authentication, you must configure clients and servers correctly to support this option. Clients must:

  • Run Windows 2000 or Windows XP.

  • Use the RDP 5.2 (Windows Server 2003) client. You can install this client from Windows Server 2003 terminal servers. For more information, see Remote Desktop Connection for Windows Server 2003 [5.2.3790] (https://go.microsoft.com/fwlink?/LinkID=41068).

  • Trust the root of the server’s certificate.

• For more information about client and server requirements and tasks for configuring Terminal Server to support TLS authentication, see Configuring authentication and encryption.

Note

• Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

• To open Remote Desktop Connection, click Start, point to Programs or All Programs, point to Accessories, point to Communications, and then click Remote Desktop Connection.

• You can also edit the .rdp file by using Microsoft Notepad, where the parameter is authentication level. You can specify a value of 0, 1, or 2 where:

  • 0 = No authentication

  • 1 = Require authentication

  • 2 = Attempt authentication

  For example, you can enter the following:

  authentication level:i:0

  Whereispecifies that the value is an integer, and 0 specifies the authentication level (in this example, no authentication).

• If you select Attempt authentication and the server certificate has expired or is not issued by a trusted root CA, or if the name of the certificate does not match the name of the client computer, you can choose to continue the connection without TLS server authentication. Other errors, however, will cause the connection to fail.

Information about functional differences

• Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Configuring authentication and encryption
Request a certification authority certificate for the client
Configure authentication on the client by using Remote Desktop Connection
Request a computer certificate for server authentication
Configure authentication and encryption on the server
Requesting certificates