KeePassRDP is a plugin for KeePass 2.x that adds useful options to connect to the URL of an entry with RDP.
of the latest
.
- Run the msi setup, self-extracting exe or unzip (and copy) the KeePassRDP.plgx file to your KeePass plugins folder.
(e.g. %ProgramFiles%\KeePass Password Safe 2\Plugins) - Start KeePass and enjoy using KeePassRDP.
> winget install KeePassRDP.KeePassRDPTo connect to target computers using RDP select one or multiple entries containing the IP-address(es) or hostname(s), right-click and select KeePassRDP > Open RDP connection (or simply press CTRL + M).
A selection dialog will be shown when multiple credentials are found. To use one of the other connection options select the corresponding item from the context menu, or press the configurable keyboard shortcut.
- Connect to host via RDP
- Connect to host via RDP admin session (
mstsc.exe /adminparameter) - Support for
mstsc.exeparameters (/f,/span,/multimon,/w,/h,/public,/restrictedAdmin,/remoteGuard) - Select from matching (Windows or domain) credentials when target entry is inside configurable trigger group (see below)
- Automatic adding and removing of credentials to and from the Windows credential manager (how it works)
- Configurable keyboard shortcuts
- Configurable context menu
- Configurable toolbar items
- Configurable credential lifetime
- Customizable credential picker
- Customizable per entry settings
- General automatization helpers
- Support for advanced settings through .rdp files
- Support for self-signing of .rdp files
- π Support for session shadowing
- π Support for secure desktop
- Support for DPI-scaling
- Made with β€οΈ and π
See how to translate.
How we use KeePassRDP on a daily basis (I work for an MSP where KeePass securely stores credentials for accessing customer domains and computers).
The KeePass database could be structured like this, where each group contains entries for a specific customer:
If there is only one jumphost or something similiar, we usually place a single entry including the credentials directly into the customer group:
When a customer has more hosts and/or requires multiple accounts, we create a subgroup named RDP (trigger group) inside the customer group:
The name of the trigger group can be configured from within the KeePassRDP options form (since v2.0).
Entries in subgroups of the "RDP" group will trigger by default, too (since v2.3).
Afterwards entries for target hosts can be added to the trigger group:
When using the entries matching credentials are searched from the parent (customer) group (by default they will be looked up recursively within all subgroups):
Ignoring entries can be toggled in the KeePassRDP context menu (since v1.9.0) or from the toolbar (since v2.0).
Select one or more entries in the RDP group, press CTRL + M and KeePassRDP will show a dialog with filtered account entries (matching titles against a configurable regular expression, e.g. domain-admin, local user, ...) to connect to target hosts (using credentials).
Finally just choose the credential you want to use and click GO (or press Enter).
Fully configurable from within the KeePassRDP options form.
Visibility of items is configurable from within the KeePassRDP options form.
Customizable from within the KeePassRDP options form.
Can be activated from within the KeePassRDP options form.
A certificate for signing .rdp files can be selected or generated (self-signed) on the same page.
KeePassRDP can be used to manage and shadow sessions on remote desktop/terminal servers.
Both of credential picker and executable can be configured to run on an isolated desktop, preventing global keyboard and mouse hooks (keyloggers) from capturing the input.
An additional toolbar is displayed when the secure desktop is in use.
π‘ Clipboard content is shared throughout a window station, so it could still be read by malicious software.
The plugin basically calls the default mstsc.exe with the /v:<address> (and optionally other) parameter(s) to connect.
Opening a connection with credentials will save the selected credential(s) into the Windows credential manager ("vault") for access by the mstsc.exe process.
The credential(s) will then be removed depending on how KeePassRDP is configured.
When using .rdp files a temporary file is created and removed after the mstsc.exe process exits.
Configurable from within the KeePassRDP options form.
You can use Resources.de.resx as a starting point.
- Copy and rename the file according to the language you are translating into (e.g. KeePassRDP.es-ES.resx for spanish).
- Translate as much as wanted.
- Create a binary resource file from the ResX template by running the following in a VS Developer Command Prompt:
> resgen.exe KeePassRDP.es-ES.resx- Copy the generated
KeePassRDP.es-ES.resourcesfile to%AppData%\KeePass. - Please share your progress with the KeePassRDP community β€οΈ.
The following example will extract the .plgx file and overwrite it in the target folder:
> KeePassRDP_v2.3.exe /Q:A /C /T:"%ProgramFiles%\KeePass Password Safe 2\Plugins"When using the msi setup, the installation directory is determined automatically:
> KeePassRDP_v2.3.msi /qbπ‘ Writing into %ProgramFiles% usually requires administrator privileges. The msi setup requests elevation if necessary.
Just clone the repository:
> git clone https://github.com/iSnackyCracky/KeePassRDP.gitOpen the solution file (KeePassRDP.sln) with Visual Studio (2022) and build the KeePassRDP project:
You should get ready-to-use .plgx, .zip, and .exe files like the ones from the releases. To get an msi file build the KeePassRDPSetup project.
KeePassRDP makes use of the following third-party libraries:
- the awesome Json.NET by James Newton-King
- the awesome PLGX Build Tasks by Walter Goodwin
- the awesome WixSharp by Oleg Shilo
- Visual Studio 2022 Image Library by Microsoft
