Download Client Remote Desktop [PATCHED]
Hedy Paino
With Microsoft Remote Desktop clients, you can connect to Remote Desktop Services from Windows Server and remote PCs, and use and control desktops and apps that your admin has made available to you. There are clients available for many different types of devices on different platforms and form factors, such as desktops and laptops, tablets, smartphones, and through a web browser. Using your web browser on desktops and laptops, you can connect without having to download and install any software.
Some features are only available with certain clients, so it's important to check Compare the features of the Remote Desktop clients to understand the differences when connecting to Remote Desktop Services or remote PCs.
You can also use most versions of the Remote Desktop client to also connect to Azure Virtual Desktop, as well as to Remote Desktop Services in Windows Server or to a remote PC. If you want information on Azure Virtual Desktop instead, see Remote Desktop clients for Azure Virtual Desktop.
Here's a list of the Remote Desktop client apps and our documentation for connecting to Remote Desktop Services or remote PCs, where you can find download links, what's new, and learn how to install and use each client.
We deploy the client via an OSD TS. But when I try to patch it via CM (packaging the system wide installation one), it installs the new version side by side. It creates 2 entries in Registry Uninstall section, Control Panel (Add Remove Programs) and when you open the client, it still opens the old one.
Because the Guacamole client is an HTML5 web application, use of your computers is not tied to any one device or location. As long as you have access to a web browser, you have access to your machines.
Desktops accessed through Guacamole need not physically exist. With both Guacamole and a desktop operating system hosted in the cloud, you can combine the convenience of Guacamole with the resilience and flexibility of cloud computing.
When I try to connect to a remote desktop, a message appears which says something like "Make sure you trust this PC, connecting to untrusted computer might harm your PC". Why would it harm my PC? I can understand that if I am sharing local resources or something like that, but if I am just connecting to a remote desktop how would that harm my computer? isn't it like sandboxed? how will the remote desktop access my PC?
This is a good question! First a disclaimer that I'm not really qualified to give a complete answer, as I have so far been fairly good at avoiding RDP security issues in untrusted environments. I do use both RDP clients and servers though, but only ever on trusted hosts. That said, I do have a few thoughts why we're seeing such warnings;
It would be fairly reasonable to assume that the majority of security risks would be undertaken by running a RDP server (what Microsoft calls Remote Desktop Services), and there were some quite infamous exploits of it in the past, for example vulnerability to the pass-the-hash or MiTM attacks on non-encrypted connections. We probably still all remember disabling Remote Assistance and removing associated port exceptions in firewalls as one of the first things we did upon installing Windows XP, for example. But risks involved in using a RDP client (or Remote Desktop Connection in Microsoft's terminology) don't seem so self-obvious.
For a more in-depth explanation on terminology used and distinction between a RDP client and a RDP server, please see the update at the end of my answer. But to make things clearer, this is the warning dialog that OP is talking about in the question:
While I haven't been able to find documentation on any recent self-propagating exploits (i.e. viruses, trojans, or worms) taking advantage of Remote Desktop Connections through the use of the updated RDP protocol clients, especially those using TLS, there are still some risks involved with connecting to untrusted RDP servers:
User activity tracking and keylogging: In essence, untrusted RDP server could log all your activity on the server, including websites you browse to, files you download, documents you accessed and were changing, passwords you entered to access remote services through the RDP server, basically keep track of your complete user session.
Infection of client through remote hosted files: Any files you download from the server hosting a RDP session could be tampered with, or infected with malware. You could falsely assume trust in any of these files, thinking since you put them there during your previous RDP session that they weren't tampered with or infected in the meantime, transfer them to your RDP client and open/execute/...
Man-in-the-middle: Similar to user activity tracking, only this time the attacker is active on the RDP server you connect to and is listening in on your RDP client to RDP server connection, RDP server to remote LAN / WAN connections, or possibly both. On top of being able to inspect contents of exchanged network packets, man-in-the-middle is also able to change their contents. The RDP session can be encrypted using TLS, effectively preventing eavesdropping on it, but that isn't necessarily the case with where else you connect to (remote LAN or WAN) using the RDP server.
Social engineering attacks: You could be a victim of a social engineering attack where the attacker gains your trust under false pretense, and cons you into entering a RDP server address that you believe can be trusted in your RDP client while establishing a new session, but the address you entered is actually of attacker's choosing. The attacker could host a RDP server on that address for the sole purpose of recording your login credentials for another, real RDP server you intended to connect to. Thanks to @emtunc for reminding me of this threat!
Edit to add: Seeing there's some confusion regarding terminology used in my and other answers (which we all use in same way as far as I can tell), I want to clear things up which of the two ends involved in a RDP session is considered a client, and which a server (or a host). These are the excerpts from Wikipedia, to exclude any biased and opinion based explanation:
A client is a computer program that, as part of its operation, relies on sending a request to another computer program (which may or may not be located on another computer). For example, web browsers are clients that connect to web servers and retrieve web pages for display. Email clients retrieve email from mail servers. Online chat uses a variety of clients, which vary depending on the chat protocol being used. Multiplayer video games or online video games may run as a client on each computer. The term "client" may also be applied to computers or devices that run the client software or users that use the client software.
Servers operate within a client-server architecture, servers are computer programs running to serve the requests of other programs, the clients. Thus, the server performs some task on behalf of clients. The clients typically connect to the server through the network but may run on the same computer. In the context of Internet Protocol (IP) networking, a server is a program that operates as a socket listener.
To put this into perspective how this terminology applies to a RDP session, I'm also including excerpts from the previously linked RDP server (Remote Desktop Services) and RDP client (Remote Desktop Connection) Wikipedia pages:
Remote Desktop Connection (RDC, also called Remote Desktop, formerly known as Microsoft Terminal Services Client, or mstsc) is the client application for Remote Desktop Services. It allows a user to remotely log in to a networked computer running the terminal services server. RDC presents the desktop interface (or application GUI) of the remote system, as if it were accessed locally.
The server component of Remote Desktop Services is Terminal Server (termdd.sys), which listens on TCP port 3389. When an RDP client connects to this port, it is tagged with a unique SessionID and associated with a freshly spawned console session (Session 0, keyboard, mouse and character mode UI only). The login subsystem (winlogon.exe) and the GDI graphics subsystem is then initiated, which handles the job of authenticating the user and presenting the GUI.
A basic RDP client will, by default, share the clipboard through the RDP session (because it is very convenient). This alone allows the remote server to obtain a copy of everything you select and "copy" on your client, be they text excerpts, files... which is a glaring security issue when the remote host is hostile. Similarly, an hostile server may inject hostile code in the copy&paste mechanism: if you do a copy&paste of a file from a directory on your desktop system to another directory on your desktop system, then the hostile server may intercept the copy and alter the file in transit, thus injecting a virus (if the file is executable in some way).
A remote desktop connection allows someone else to fully access a computer. From the other side, the accessed computer could try to send any kind of suspicious and/or malicious data packages using the established "trusted" remote desktop connection.
In malware analysis (for example), one would never connect to an untrusted and potentially infected system without taking the appropriate precautions like using a VM which can be deleted afterwards when it becomes apparent that the infected system you are analyzing is indeed infected and spreads it's nasty stuff using any available network connection. In your case, that would be the remote desktop connection you're about to "trust" when clicking that OK button.
Always keep in mind that a remote desktop connection is - in it's core - nothing else than a bi-directional network connection between two computers. Therefore, all network-related risks are relevant here.
df19127ead