Security levels in RDP scripts

Remote Desktop Protocol (RDP) enables a client computer to connect to a server. Various security options are available for the connection, depending on the particular Windows operating systems that are installed on the client and server computers. The security options define security-related issues, such as the authentication and encryption, that are used for the connection.

Available security protocols

The following security protocols can be used for the client-server connection in RDP Vuser scripts:

Security protocol Details
RDP Connects using standard RDP security. RDP provides the least secure connection.
SSL Connects using SSL as an external security protocol to enhance the standard RDP security. SSL provides a moderate level of security.
CredSSP

Connects using the Credential Security Support Provider (CredSSP) protocol. CredSSP provides the most secure connection.

CredSSP security may be required if, for example, network-level authentication (NLA) is enabled on the server side.

Back to top

Set security level for recording

By default, RDP Vuser scripts are recorded using standard RDP security. Before you record a script using RDP security, make sure that the connection is configured correctly.

You can enable SSL or CredSSP security in the recording options before you begin recording. If you enable SSL or CredSSP security, the security level you select remains enabled in the recording options for future RDP protocol scripts until you disable it.

To configure the connection for standard RDP security:

  1. Make sure that the server is configured to allow connections from computers that are running any version of Remote Desktop, and not only from computers that are running Remote Desktop with Network Level Authentication (NLA). On the server, in the System Properties dialog box, select the Remote tab and set the security level that is required to establish the connection.

  2. If your RDP session is launched through an RDP configuration file, you must disable CredSSP authentication in the configuration file, using the following string: enablecredsspsupport:i:0

To enable SSL or CredSSP security for recording:

  1. In VuGen, open an RDP script.

  2. In the toolbar, select Record > Recording Options > RDP > Client Startup and enable the required security level for recording.

    Note: You must enable SSL security in order to enable CredSSP security.

  3. If you have enabled CredSSP security, enter the server details and credentials to connect to the CredSSP server.

Back to top

Set security level for replay

You use the script's runtime settings to specify the security level used for the connection during replay.

The security level that you specify in the runtime settings is an indication to the server of the maximum level of security that is supported by the client. However, the security that is actually used for the connection is defined by the server settings. For example, if you specify CredSSP as the encryption level in the runtime settings, when you run the Vuser, the Vuser informs the server that the Vuser supports CredSSP, SSL, and RDP security. If the server supports only RDP security, then the connection is made using RDP.

To set a script's security level for replay, open the script in VuGen and select Replay > Runtime Settings > RDP > Configuration. Then, select the required level from the Supported Encryption Level list.

Note: If a script was recorded using RDP or SSL security and you specify CredSSP authentication for replay, you must make certain changes to the script before replay. For details, see Modify a script to support CredSSP authentication.

Back to top

Modify a script to support CredSSP authentication

If a script was recorded using RDP or SSL security, and you specify CredSSP security for replay, you must modify the script to support CredSSP authentication before replay. These changes must be made each time the script is regenerated.

To modify a script to support CredSSP authentication:

  1. In the rdp_connect_server step in the script, modify the step to provide the user name, password, and domain that are required to access the server. For details on the rdp_connect_server function, see rdp_connect_server in the VuGen Function Reference.

  2. Remove the block of code that contains the login-related mouse, keyboard, and image synchronization steps from the generated script:

    1. Locate the rdp_connect_server step in the Vuser script.

      The step after the rdp_connect_server step is the first step in the block of code to delete.

      Note: If an rdp_set_lock step exists immediately after the rdp_connect_server step, do not delete the rdp_set_lock step.

    2. Locate the rdp mouse_click step or the rdp_key step that submits the password to the server.

      This is the last step in the block of code to delete.

    3. Delete all the steps in the block of code that is defined above.

Back to top

See also: