And you know what else makes life so much easier? Using Administrative Templates in Remote Desktop Manager! About Administrative TemplatesĪdministrative Templates facilitate the management of registry-based policy settings, which can be applied on the computer and/or the user configuration. I had too many credential entries to know which ID belonged to which server.Īll this to say: I would not have been able to do this much without your insightful script.Some things in life make our life easier, like owning a rumba when you have a messy dog, an IoT fridge that automatically orders groceries when you’re running low, or this awesome wine glass for those long winter nights (especially during a lockdown). Oh, and additionally, I modified the script to also display the server address and display name with the credentials. Unfortunately, I had to get the entire output using 2 scripts since I didn’t know how to process/reference the XML entries for everything in one step. I was able to modify the script to get to just the group credentials settings. Then, the output I got was not complete… it missed all the group passwords settings (not all, but a lot of the passwords are inherited from the group entry). It is a different dll, but same error/issue. In case someone has the same issue, I referenced the following URL: (original version was 2!? I and run/install MS updates regularly) Resolved with update to PowerShell version 4. I was getting an error importing RDCMan.dll. But, I found your page, and your script worked nicely. I was troubled to find the new laptop could not decipher the credentials now. I’ve been using RDCM for years, from well before pw were encrypted. I was in the process of migrating to a new laptop. $passwordDecrypted = ::DecryptString($password, $EncryptionSettings) $profiles = Select-XML -Xml $XML -XPath ‘//credentialsProfile’ But otherwise the same approach would work, so I modified the XPath: In my case, the logons I saved were all in connection group “profiles”, which were in a different section of the XML file. Set the CredentialData and EncryptionMethod properties to use the cert thumbprint: Find the certificate thumprint–I did this by looking it up in MMC but there are a bunch of ways to enumerate the certificate store and retrieve a thumbprint.Īfter that, it’s a quick change to the script:ġ. I had the same problem as you (my passwords are encrypted using a certificate). $logonCredentials = Select-XML -Xml $XML -XPath '//logonCredentials' $EncryptionSettings = New-Object -TypeName RdcMan.EncryptionSettings $RDGFile = "$env:USERPROFILE\Documents\RDPConnections.rdg"Ĭopy-Item $RDCMan "$TempLocation\RDCMan.dll" $RDCMan = "C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\RDCMan.exe" Needless to say, I found the password I needed! If the credentials were added by another account or on another system, you will get a “Failed to decrypt” error as seen below, which is the same error you get if you try to copy the RDG file and open it on another computer or with another user profile. The passwords can only be decrypted with the user profile that added them to the RDG file, however, so they are still reasonably secure. Using a handy trick blogged by Thomas Prud’Homme, I decrypted all the credentials found in the RDG file. It’s just an XML file, so can be easily parsed with PowerShell. The credentials are stored in encrypted form in the RDG file you create for your RDP connections. Of course, it crossed my mind whether these credentials could be decrypted, and it turns out they can, quite easily, with a little PowerShell. Today I needed to find a password for a certain account I had used before (but had forgotten), and I remembered that I had stored the credentials in the Remote Desktop Connection Manager, Microsoft’s free RD tool.
0 Comments
Leave a Reply. |