In March, Microsoft announced that it was discontinuing Remote Desktop Connection Manager (RDCMan) due to a major security flaw (CVE-2020-0765). Here is the bulletin:
Hi, Follow these steps to find your computer name: 1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System. Note: RemoteApp and Desktop Connections uses HTTPS to connect to the server. In order to connect properly, the client operating system must trust the SSL certificate of the RD Web Access server. Also, the server name in the URL must match the one in the server’s SSL certificate. The RemoteApp and Desktop.
An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.
Here’s what ZDNet said about Microsoft’s response to the problem: “Instead of fixing the bug, Microsoft decided to retire RDCMan, seeing no reason to revive an app that received its last update almost six years ago.”
Limited Functionality
Even before this major vulnerability was discovered, many users found RDCMan frustrating and limited. For example, it lacked many of the time-saving integrations available in other (and better) alternatives. Plus, RDCMan only worked in Windows deployments. And overall, RDCMan — even by Microsoft’s admission — was always a very basic tool and never designed to handle sophisticated functions like utilizing 2FA, managing privileged accounts, securing sensitive data, generating strong passwords, creating audit logs, and so on.
Step 1: Stop Using RDCMan
If you’re a current RDCMan user, then the advice is clear: stop using it. Yes, you and your team may have been using it for years. But now that this bug has been made public, you can be certain that bad actors are mobilizing and will be specifically targeting this vulnerability. Considering the costs of a data breach (and how furious your boss would be), it’s not worth the risk.
Step 2: Give Remote Desktop Manager a Try!
If you’re looking for a free alternative to RDCMan, then Remote Desktop Manager (RDM) Free could be exactly what you need. RDM Free is designed for individual IT pros, while RDM Enterprise is designed for IT teams (co-located and remote) who need to share remote connections and privileged passwords. Here is a side-by-side comparison of the two solutions. Also, be assured that RDM Free is not nagware, donationware, or trialware. It’s a legitimate, standalone solution for IT pros that is constantly being updated.
Interested in trying RDM, but you don’t want to lose your data? Good news! You can import your sessions from an existing application or an existing file format. You can follow this online help right here.
RDM Enterprise
Switching from RDCMan to Remote Desktop Manager (RDM) Enterprise is a significant upgrade in every area. Here is a helpful chart to help you compare the differences.
For a complete list of features in RDM, please head over here.
Try RDM
We invite you to try RDM Enterprise free for 30 days, and to explore all of its features and functions. Then when your trial period is over, you can either purchase an affordable license (multiple options are available based on your needs), or you can switch over to RDM Free and use it for as long as you wish without paying anything.
Other Alternatives
If RDM (Free or Enterprise) isn’t the alternative to RDCMan that you’re looking for, then we suggest you head to AlternativeTo, where you’ll find profiles and reviews of various remote connection tools.
-->You can access Windows Virtual Desktop resources on devices with Windows 10, Windows 10 IoT Enterprise, and Windows 7 using the Windows Desktop client.
Important
This does not support Window 8 or Windows 8.1.
This only supports Azure Resource Manager objects, to support objects without Azure Resource Manager, see Connect with Windows Desktop (classic) client.
This does not support the RemoteApp and Desktop Connections (RADC) client or the Remote Desktop Connection (MSTSC) client.
Install the Windows Desktop client
Download the client based on your Windows version:
During installation to determine access, select either:
- Install just for you
- Install for all users of this machine (requires admin rights)
Microsoft Desktop Connection Rdp
To launch the client after installation, use the Start menu and search for Remote Desktop.
Subscribe to a Workspace
To subscribe to a Workspace, choose to either:
- Use a work or school account and have the client discover the resources available for you
- Use the specific URL of the resource
To launch the resource once subscribed, go to the Connection Center and double-click the resource.
Tip
To launch a resource from the Start menu, you can find the folder with the Workspace name or enter the resource name in the search bar.
Use a user account
- Select Subscribe from the main page.
- Sign in with your user account when prompted.
The resources grouped by workspace will appear in the Connection Center.
Note
The Windows client automatically defaults to Windows Virtual Desktop (classic).
However, if the client detects additional Azure Resource Manager resources, it adds them automatically or notifies the user that they're available.
Use a specific URL
Select Subscribe with URL from the main page.
Enter either the Workspace URL or an email address:
- For Workspace URL, use the URL provided by your admin.
Available Resources URL Windows Virtual Desktop (classic) https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspxWindows Virtual Desktop https://rdweb.wvd.microsoft.com/api/arm/feeddiscoveryWindows Virtual Desktop (US Gov) https://rdweb.wvd.azure.us/api/arm/feeddiscovery- For Email, use your email address.
The client will find the URL associated with your email, provided your admin has enabled email discovery.
Select Next.
Sign in with your user account when prompted.
Microsoft Desktop Connection App
The resources grouped by workspace will appear in the Connection Center.
Microsoft Desktop Connection Manager Download
Next steps
To learn more about how to use the client, check out Get started with the Windows Desktop client.
Microsoft Desktop Connection Manager 2.7
If you're an admin interested in learning more about the client's features, check out Windows Desktop client for admins.