New Remote Desktop Connection Manager 2.7 Released

Note: Microsoft has discontinued Remote Desktop Manager (RDCMan 2.7) in March 2020 due to a security vulnerability. Customers are encouraged to use the MSTSC client built-in to Windows instead.

Microsoft released a new version of Remote Desktop Connection Manager (RDCMan) 2.7 to the public today.

RDCMan is a central place where you can organize, group, and manage your various Remote Desktop connections. This is particularly useful for system administrators, developers, testers, and lab managers who maintain groups of computers and connect to them frequently. I probably spend more time in RDC Manager than any other application during the day.

The previous version 2.2 was last released in May 2010, so this is a very welcome update. Previous versions lacked some functions and caused excessive CPU utilization on some computers, especially those with Nvidia GPUs. RDCMan was written by Julian Burger, one of the principal developers on the Windows Live Experiences team.

RDCMan 2.7 version is a major feature release. New features include:

• Virtual machine connect-to-console support.
• Smart groups.
• Support for credential encryption with certificates.
• Windows 8 remote action support (charms, app commands, switch tasks, etc).
• Support for Windows 8, Windows 8.1 / Windows Server 2012, Windows Server 2012 R2.
• Log Off Server now works properly on all versions.

Important Upgrade Notes: You should know that when you upgrade, RDCMan will be unable to read any saved encrypted passwords. You will need to re-enter your saved encrypted passwords after installation.

The workaround is to set the "Store password as clear text" checkbox in RDCMan 2.2 for preexisting groups and/or servers. When you upgrade to version 2.7, RDCMan will read the existing passwords and will encrypt them. "Store passwords as plain text" is no longer an option in version 2.7.

Read more ...

Is Your Organization Using SHA-1 SSL Certificates?

I just published an article on Windows IT Pro about Microsoft's decision to block Windows from accepting SHA-1 SSL certificates. This has important ramifications for your users and your IT environment. Don't be caught unaware.

Read "Is Your Organization Using SHA-1 SSL Certificates?" on Windows IT Pro here.

Read more ...

How to Enable RelayState in ADFS 2.0 and ADFS 3.0

RelayState is a parameter of the SAML protocol that is used to identify the specific resource the user will access after they are signed in and directed to the relying party’s federation server. It is used by Google Apps and other SAML 2.0 resource providers.

If RelayState is not enabled in AD FS, users will see something similar to this error after they authenticate to resource providers that require it:

The Required Response Parameter RelayState Was Missing

For ADFS 2.0, you must install update KB2681584 (Update Rollup 2) or KB2790338 (Update Rollup 3) to provide RelayState support. ADFS 3.0 has RelayState support built in. In both cases RelayState still needs to be enabled.

Use the following steps to enable the RelayState parameter on your AD FS servers:

• For ADFS 2.0, open the following file in Notepad: 

%systemroot%\inetpub\adfs\ls\web.config

• For ADFS 3.0, open the following file in Notepad:

%systemroot%\ADFS\Microsoft.IdentityServer.Servicehost.exe.config

• In the microsoft.identityServer.web section, add a line for useRelyStateForIdpInitiatedSignOn as follows, and save the change:

<microsoft.identityServer.web>    ...    <useRelayStateForIdpInitiatedSignOn enabled="true" />    ...</microsoft.identityServer.web>

• For ADFS 2.0, run IISReset to restart IIS.

• For both platforms, restart the Active Directory Federation Services (adfssrv) service.

If you're using ADFS 3.0 you only need to do the above on your ADFS 3.0 servers, not the WAP servers.

Read more ...