Skip to content

RDS Remote Application: Windows RDP Client (mstsc)

MSTSC is the native Windows RDP client used to establish interactive Remote Desktop sessions with other Windows hosts. When integrated with the 12Port Access Broker via Remote Desktop Services (RDS), MSTSC enables Zero Trust access to Windows Hosts through a fully monitored and credential-injected session, enabling automated jump host scenarios.

Installation and Configuration

1. Download Required Files
* Executable:
https://bin.12port.com/product/remote-apps/mstsc/app-mstsc.exe
* Configuration File (.ini):
https://bin.12port.com/product/remote-apps/mstsc/app-mstsc.ini

Source file: https://bin.12port.com/product/remote-apps/mstsc/app-mstsc.au3

* Place both the Executable (.exe) and Configuration (.ini) files in the same directory on the RDS Server where the Remote Application will be published. For example: C:\12Port-RDSApps.

2. Modify Configuration (Optional)
The .ini configuration file can be updated to define the method used to launch the mstsc RDP client on the RDS host server. The available configuration options are:

* Using mode=public will launch the mstsc client directly from command-line using the /public parameter. This is the default mode.

[app]
mode=public

* Alternatively, the mode=rdp configuration option will launch the mstsc client by using a temporary .rdp file on the RDS host server.

[app]
mode=rdp

3. Publish the Remote Application
Use the following PowerShell command as an example to publish MSTSC as a RemoteApp on the RDS server. This command must be executed from an elevated (Administrator) PowerShell session:

New-RDRemoteApp `
  -CollectionName "QuickSessionCollection" `
  -Alias "app-mstsc" `
  -DisplayName "app-mstsc" `
  -FilePath "C:\12Port-RDSApps\app-mstsc\app-mstsc.exe" `
  -ShowInWebAccess $true `
  -CommandLineSetting "Allow"

Ensure the CommandLineSetting is set to "Allow" to enable the Access Broker to pass connection parameters to the application.

Note

Make sure the -FilePath value accurately reflects the location of the executable on the RDS server.

RDS Application Asset Configuration

To enable Zero Trust access to MSTSC via the 12Port Access Broker:

  • In the RDS Remote Application asset, set the Remote App field to: 
    ||app-mstsc

  • Set the Remote Arguments field to: 

    Host,User,Password

    • Specify Host as the destination Computer that the MSTSC (RDP) client will connect to from the RDS Host server. Note: Host value should match the name on the RDP certificate to avoid connection errors.

    • Specify User as a privileged account for zero trust access.

    • Specify Password for the privileged account for zero trust access.

MSTSC RDP Client - Asset View

These values allow the Access Broker to inject credentials into the RDP connection without exposing them to the user.

RDS Session - MSTSC RDP Client

Example shown in non-fullscreen view for documentation purposes only. Actual RDS session defaults to fullscreen mode for increased user experience.