KeePassRDP is a plugin for KeePass 2.x which adds multiple options to connect via RDP to the URL of an entry.
- Download the zip file from the newest release
- Unzip and copy the KeePassRDP.plgx file to your KeePass plugins folder.
To connect via rdp to a machine, select the entry containing the IP-address or hostname, right-click and select KeePassRDP > Open RDP connection (or just press CTRL + M).
To use the other connection options, just select the corresponding entries in the context-menu.
- Connect to host via RDP
- Connect to host via RDP admin session (mstsc.exe /admin parameter)
- Gather and show possible Windows or domain credentials when the connection entry is inside a group called "RDP" (see below for details)
RDP subgroup / folder
This is how I use the extension for on a daily basis (I work for an MSP where we store credentials for customer domains or machines inside KeePass):
Our KeePass Database is structured like this:
Where each group contains entries specific to that customer.
If there ist just a single jumphost or something like that, we just create an entry like this directly inside the customer group:
But if a customer has many hosts and multiple accounts to access them, we create a subgroup called RDP (this has to be uppercase and directly inside the customer group to work) inside a customer group:
Which may contain entries like this:
The customer group itself contains the account-entries in this case (they can also be in different subgroups one level below the customer group):
If we now want to connect to one of the machines in the RDP subgroup (with credential usage), just select the machine-entry, press CTRL + M and KeePassRDP shows you a dialog with viable account-entries (with titles like e.g. domain-admin, local user, ...) it always ignores entries where the title contains [rdpignore]
Now just select the entry you want and klick ok (or press Enter).
How it works
The plugin basically just calls the default mstsc.exe with the /v:<address> (and optionally /admin) parameter to connect.
If you choose to open a connection with credentials it first calls cmdkey.exe /generic:<address> /user:<username> /pass:<password> to save credentials to use by the mstsc.exe into the Windows Credential Manger.
These Credentials get removed via cmdkey.exe /delete:<address> after about 10 seconds.
This plugin uses the awesome C# ListView wrapper ObjectListView by Phillip Piper