Remote Desktop Server For Mac Os

16-04-2021
 |  [RAND-100] - Comments



Windows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1. When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. An environment with an enterprise certificate authority can enable certificate autoenrollment to enable trusted certificates on the RDP listener, thus removing the prompt. To get OS X clients to accept the certificate takes a little extra configuration not required on Windows clients.

FreeRDP: A Remote Desktop Protocol Implementation FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Enjoy the freedom of using your software wherever you want, the way you want it, in a world where interoperability can finally liberate your computing experience. Use Remote Management in Sharing preferences to allow others to access your computer using Apple Remote Desktop. On your Mac, choose Apple menu System Preferences, click Sharing, then select the Remote Management checkbox. Chrome Remote Desktop is a free remote access program that’s available on Windows, Mac, Linux, iOS, and Android devices. It's extremely limited when compared to some of the paid options on this. Access your desktop using a standard RDP Client software. Share and Exchange. Share local files, print documents, copy and paste. Learn more Terminal Server. Concurrent Users. Allow multiple users to access your server concurrently. Access Management. Manage access permissions and monitor.

While I may only be configuring certificates in my lab environment, there’s not much effort required to remove these certificate warnings.

Client Warnings for Untrusted Certificates

Here are the client certificate warnings on various Microsoft Remote Desktop clients, including OS X. First up the original Remote Desktop Connection (mstsc) on Windows:

The new Remote Desktop Universal app on Windows 10:

And the Remote Desktop client on OS X 10.11:

Configuring the Certificate Template

I won’t cover installing and configuring an enterprise certificate authority here; however, here are a number of articles worth reading on this topic:

To configure a certificate for use with Remote Desktop Services (or RDP into any Windows PC), you’ll need to create a new certificate template and enable both the Server Authentication and the Remote Desktop Authentication application policies. This was key for OS X clients - both of these policies must exist. Some articles will walk through this configuration and recommend removing the Server Authentication policy; however, the certificates will then not work on non-Windows clients.

This article has a great walk-through of the entire process and more: RDP TLS Certificate Deployment Using GPO. In my lab, I’ve created a ‘Remote Desktop Computer’ certificate template and enabled it to be autoenrolled via Group Policy.

Certificate Template Options

To create the new template, open the Certificate Templates console and duplicate the Computer template. Use this template because it already has the Server Authentication policy enabled.

Navigate to the Extensions tab, edit the ‘Application Policies’ extension and remove ‘Client Authentication’ from the list.

After you added the ‘Remote Desktop Authentication’ policy, you should see the policies and see in the following dialog box. See below for the actual ’Remote Desktop Authentication’ policy.

Adding the ’Remote Desktop Authentication’ policy requires adding a new extension named ‘Remote Desktop Authentication’ (or similar) with an object value of “1.3.6.1.4.1.311.54.1.2” (excluding quotes). and enter the values as above.

Save the template and configure your CA to issue the new template. In my lab my certificate template display name ‘Remote Desktop Computer’. Since my first template failed, it’s actually called ‘Remote Desktop Computer v2’. However, the important name to note for the next step is the actual template name, which can be found on the General tab of the template. In my case this is ‘RemoteDesktopComputerv2’ (the display name, minus the spaces).

Configure Autorenrollment

To configure autoenrollment, I’ve created a new GPO dedicated to the autoenrollment setting and linked it to the organisational units containing server and workstation computer account objects. Edit the policy and enable the following setting:

Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security / Server authentication certificate template

Add the name of the certificate template and shown in the screenshot below:

Once a Group Poliy refresh occurs or on the next boot, the target Windows machines will autoenroll for the certificate and configure their RDP listener.

OS X Configuration

Now that my Remote Desktop certificates are configured for autoentrollment and Windows machines are picking up the certificates, I can import the root CA certificate into my MacBook running OS X.

Navigate to the URL of your certificate server (e.g. http://cert1/certsrv) and download the certificate via ‘Download a CA certificate, certificate chain, or CRL’. Download the CA certificate in DER format. Find the downloaded certificate in Finder and open the certificate to install it into Keychain.

Once installed the certificate is not automatically trused as you can see below:

Set the certificate to be trusted by selecting ‘Alway Trust’ from the ‘When using this certificate’ option. Close the certificate properties window and you should be prompted for your password to save the changes. Now when connecting to PCs via the Remote Desktop client, you should no longer receive certificate warnings.

This article shows how to install the root CA certificate via Terminal, which should assist in automating the import across a number of Macs.

-->

Applies To: Windows 10, Windows 8.1, Windows Server 2012 R2, Windows Server 2016

You can use the Remote Desktop client for Mac to work with Windows apps, resources, and desktops from your Mac computer. Use the following information to get started - and check out the FAQ if you have questions.

Note

  • Curious about the new releases for the macOS client? Check out What's new for Remote Desktop on Mac?
  • The Mac client runs on computers running macOS 10.10 and newer.
  • The information in this article applies primarily to the full version of the Mac client - the version available in the Mac AppStore. Test-drive new features by downloading our preview app here: beta client release notes.

Get the Remote Desktop client

Follow these steps to get started with Remote Desktop on your Mac:

  1. Download the Microsoft Remote Desktop client from the Mac App Store.
  2. Set up your PC to accept remote connections. (If you skip this step, you can't connect to your PC.)
  3. Add a Remote Desktop connection or a remote resource. You use a connection to connect directly to a Windows PC and a remote resource to use a RemoteApp program, session-based desktop, or a virtual desktop published on-premises using RemoteApp and Desktop Connections. This feature is typically available in corporate environments.

What about the Mac beta client?

Remote Desktop Server For Mac Os Versions

We're testing new features on our preview channel on AppCenter. Want to check it out? Go to Microsoft Remote Desktop for Mac and select Download. You don't need to create an account or sign into AppCenter to download the beta client.

If you already have the client, you can check for updates to ensure you have the latest version. In the beta client, select Microsoft Remote Desktop Beta at the top, and then select Check for updates.

Add a workspace

Subscribe to the feed your admin gave you to get the list of managed resources available to you on your macOS device.

To subscribe to a feed:

  1. Select Add feed on the main page to connect to the service and retrieve your resources.
  2. Enter the feed URL. This can be a URL or email address:
    • This URL is usually a Windows Virtual Desktop URL. Which one you use depends on which version of Windows Virtual Desktop you're using.
      • For Windows Virtual Desktop (classic), use https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx.
      • For Windows Virtual Desktop, use https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery.
    • To use email, enter your email address. This tells the client to search for a URL associated with your email address if your admin configured the server that way.
  3. Select Subscribe.
  4. Sign in with your user account when prompted.

After you've signed in, you should see a list of available resources.

Once you've subscribed to a feed, the feed's content will update automatically on a regular basis. Resources may be added, changed, or removed based on changes made by your administrator.

Remote

Export and import connections

You can export a remote desktop connection definition and use it on a different device. Remote desktops are saved in separate RDP files.

To export an RDP file:

  1. In the Connection Center, right-click the remote desktop.
  2. Select Export.
  3. Browse to the location where you want to save the remote desktop RDP file.
  4. Select OK.

To import an RDP file:

Microsoft Remote Desktop For Mac Os

  1. In the menu bar, select File > Import.
  2. Browse to the RDP file.
  3. Select Open.

Add a remote resource

Remote resources are RemoteApp programs, session-based desktops, and virtual desktops published using RemoteApp and Desktop Connections.

  • The URL displays the link to the RD Web Access server that gives you access to RemoteApp and Desktop Connections.
  • The configured RemoteApp and Desktop Connections are listed.

To add a remote resource:

  1. In the Connection Center select +, and then select Add Remote Resources.
  2. Enter information for the remote resource:
    • Feed URL - The URL of the RD Web Access server. You can also enter your corporate email account in this field – this tells the client to search for the RD Web Access Server associated with your email address.
    • User name - The user name to use for the RD Web Access server you are connecting to.
    • Password - The password to use for the RD Web Access server you are connecting to.
  3. Select Save.
Osx

The remote resources will be displayed in the Connection Center.

Connect to an RD Gateway to access internal assets

A Remote Desktop Gateway (RD Gateway) lets you connect to a remote computer on a corporate network from anywhere on the Internet. You can create and manage your gateways in the preferences of the app or while setting up a new desktop connection.

To set up a new gateway in preferences:

Mac Os Remote Desktop Client

  1. In the Connection Center, select Preferences > Gateways.
  2. Select the + button at the bottom of the table Enter the following information:
    • Server name – The name of the computer you want to use as a gateway. This can be a Windows computer name, an Internet domain name, or an IP address. You can also add port information to the server name (for example: RDGateway:443 or 10.0.0.1:443).
    • User name - The user name and password to be used for the Remote Desktop gateway you are connecting to. You can also select Use connection credentials to use the same user name and password as those used for the remote desktop connection.

Manage your user accounts

When you connect to a desktop or remote resources, you can save the user accounts to select from again. You can manage your user accounts by using the Remote Desktop client.

To create a new user account:

  1. In the Connection Center, select Settings > Accounts.
  2. Select Add User Account.
  3. Enter the following information:
    • User Name - The name of the user to save for use with a remote connection. You can enter the user name in any of the following formats: user_name, domainuser_name, or user_name@domain.com.
    • Password - The password for the user you specified. Every user account that you want to save to use for remote connections needs to have a password associated with it.
    • Friendly Name - If you are using the same user account with different passwords, set a friendly name to distinguish those user accounts.
  4. Select Save, then select Settings.

Customize your display resolution

You can specify the display resolution for the remote desktop session.

  1. In the Connection Center, select Preferences.
  2. Select Resolution.
  3. Select +.
  4. Enter a resolution height and width, and then select OK.

To delete the resolution, select it, and then select -.

Displays have separate spaces

If you're running Mac OS X 10.9 and have disabled Displays have separate spaces in Mavericks (System Preferences > Mission Control), you need to configure this setting in the Remote Desktop client using the same option.

Drive redirection for remote resources

Drive redirection is supported for remote resources, so that you can save files created with a remote application locally to your Mac. The redirected folder is always your home directory displayed as a network drive in the remote session.

Note

In order to use this feature, the administrator needs to set the appropriate settings on the server.

Use a keyboard in a remote session

Mac Os Remote Desktop App

Mac keyboard layouts differ from the Windows keyboard layouts.

  • The Command key on the Mac keyboard equals the Windows key.
  • To perform actions that use the Command button on the Mac, you will need to use the control button in Windows (for example Copy = Ctrl+C).
  • The function keys can be activated in the session by pressing additionally the FN key (for example, FN+F1).
  • The Alt key to the right of the space bar on the Mac keyboard equals the Alt Gr/right Alt key in Windows.

By default, the remote session will use the same keyboard locale as the OS you're running the client on. (If your Mac is running an en-us OS, that will be used for the remote sessions as well.) If the OS keyboard locale is not used, check the keyboard setting on the remote PC and change it manually. See the Remote Desktop Client FAQ for more information about keyboards and locales.

Support for Remote Desktop gateway pluggable authentication and authorization

Windows Server 2012 R2 introduced support for a new authentication method, Remote Desktop Gateway pluggable authentication and authorization, which provides more flexibility for custom authentication routines. You can now try this authentication model with the Mac client.

Important

Custom authentication and authorization models before Windows 8.1 aren't supported, although the article above discusses them.

To learn more about this feature, check out https://aka.ms/paa-sample.

Tip

Remote Desktop Server For Mac Os High Sierra

Questions and comments are always welcome. However, please do NOT post a request for troubleshooting help by using the comment feature at the end of this article. Instead, go to the Remote Desktop client forum and start a new thread. Have a feature suggestion? Tell us in the client user voice forum.