Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T.128 application sharing protocol.[1] Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, Android, and other modern operating systems. By default the server listens on TCP port 3389.[2]
Microsoft currently refers to their official RDP server software as Remote Desktop Services, formerly "Terminal Services". Their official client software is currently referred to as Remote Desktop Connection, formerly "Terminal Services Client".
Contents |
Every Windows version beginning with Windows XP (excluding 'Home' edition) includes an installed Remote Desktop Connection (RDC) ("Terminal Services") client (mstsc.exe) whose version is determined by that of the operating system or last applied Windows Service Pack. The Terminal Services server is supported as an official feature on Windows NT 4.0 Terminal Server Edition, Windows 2000 Server, all editions of Windows XP except Windows XP Home Edition, Windows Server 2003, Windows Home Server, on Windows Fundamentals for Legacy PCs, in Windows Vista Ultimate, Enterprise and Business editions, Windows Server 2008 and Windows Server 2008 R2 and on Windows 7 Professional and above.
Microsoft provides the client required for connecting to newer RDP versions for downlevel operating systems. Since the server improvements are not available downlevel, the features introduced with each newer RDP version only work on downlevel operating systems when connecting to a higher version RDP server from these older operating systems, and not when using the RDP server in the older operating system.
Based on the ITU-T T.128 application sharing protocol (during draft also known as "T.share") from the T.120 recommendation series, the first version of RDP (named version 4.0) was introduced by Microsoft with "Terminal Services", as a part of their product Windows NT 4.0 Server, Terminal Server Edition. The Terminal Services Edition of NT 4.0 relied on Citrix's MultiWin technology, previously provided as a part of Citrix WinFrame atop Windows NT 3.51, in order to support multiple users and login sessions simultaneously. Microsoft required Citrix to license their MultiWin technology to Microsoft in order to be allowed to continue offering their own terminal services product, then named Citrix MetaFrame, atop Windows NT 4.0. The Citrix provided DLLs included in Windows NT 4.0 Terminal Services Edition still carry a Citrix copyright rather than a Microsoft copyright. Later versions of Windows integrated the necessary support directly.
introduced with Windows 2000 Server, added support for a number of features, including printing to local printers, and aimed to improve network bandwidth usage.
introduced with Windows XP Professional, included support for 24-bit color and sound. The client is available for Windows 2000, Windows 9x, Windows NT 4.0.[3] With this version, the name of the client was changed from Terminal Services Client to Remote Desktop Connection.
introduced with Windows Server 2003, included support for console mode connections, a session directory, and local resource mapping. It also introduces Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications.[4] This version is built into Windows XP Professional x64 Edition and Windows Server 2003 x64 & x86 Editions.
was introduced with Windows Vista and incorporated support for Windows Presentation Foundation applications, Network Level Authentication, multi-monitor spanning and large desktop support, and support for TLS 1.0 connections. [5] Version 6.0 client is available for Windows XP SP2, Windows Server 2003 SP1/SP2 (x86 and x64 editions) and Windows XP Professional x64 Edition. Microsoft Remote Desktop Connection Client for Mac OS X is also available with support for Intel and PowerPC Mac OS versions 10.4.9 and greater.
was released in February 2008 and is included with Windows Server 2008, as well as with Windows Vista Service Pack 1. The client is included with Windows XP Service Pack 3. It is also installable through KB952155 for Windows XP SP2.[6] In addition to changes related to how a remote administrator connects to the "console",[7] this version incorporates new functionality introduced in Windows Server 2008, such as connecting remotely to individual programs and a new Terminal Services Easy Print driver, a new client-side printer redirection system that makes the client's full print capabilities available to applications running on the server, without having to install print drivers on the server.[8]
was released to manufacturing in July 2009 and is included with Windows Server 2008 R2, as well as with Windows 7.[9] With this release, the server name was also changed from Terminal Services to Remote Desktop Services. This version incorporates new functionality such as Windows Media Player redirection, bidirectional audio, true multimonitor support, Aero glass support, enhanced bitmap acceleration (which improves user experience over high latency network connections), Easy Print redirection,[10] Language Bar docking. The RDP 7.0 client is available on Windows XP SP3 and Windows Vista SP1/SP2.[11] RDP 6.1 client and RDP 7.0 client are not supported on Windows Server 2003 x86 and Windows Server 2003 / Windows XP Professional x64 editions. RDP 7.0 clients also do not support connecting to terminal servers running Windows 2000 Server.[12]
Most RDP 7.0 features like Aero glass remoting, bidirectional audio, Windows Media Player redirection, true multiple monitor support, Remote Desktop Easy Print are only available in Windows 7 Enterprise or Ultimate editions.[13][14]
This version appeared in Windows 7 SP1 and Server 2008 R2 SP1. It adds RemoteFX functionality.
The following features were introduced with the release of RDP 6.0 in 2006:
The RDP protocol in its default configuraton is vulnerable to a man-in-the-middle attack. Administrators can enable transport layer encryption to mitigate this risk.[17] [18]
RDP sessions are also susceptible to in-memory credential harvesting, which can be used to launch pass the hash attacks.
There are numerous non-Microsoft implementations of RDP clients and servers. The open-source command-line client rdesktop is commonly-used on Linux/Unix operating systems. There are many GUI clients, like tsclient and KRDC, which are built on top of rdesktop. In 2009, rdesktop was forked as FreeRDP, a new project aiming at modularizing the code, addressing various issues, and implementing new features. The current most popular front-end to FreeRDP is Remmina. An open-source implementation of a Remote Desktop Protocol server on Linux is xrdp. One can use Windows' Remote Desktop Connection client to connect to a server running xrdp. Feature rich and proprietary RDP client solutions such as rdpclient are available from from Wyse Technology as a stand alone application or embedded with client hardware.
There is also a so called VRDP protocol used in VirtualBox virtual machine implementation by Oracle. This protocol is compatible with all RDP clients, such as a default provided with Windows but, unlike the original RDP protocol, can be configured to accept unencrypted and password unprotected connections, which may be useful in secure and trusted networks, such as home or office LAN. It should be noted that the Microsoft's RDP server is designed to refuse connections when one is trying to use a user account with empty password. External and guest authorization options are provided by VRDP as well. It does not matter which operating system is installed as a guest because VRDP is implemented on the virtual machine level, not in the guest system. The proprietary VirtualBox Extension Pack is required.