Auto-Opening RDP files for each Client OS
Windows
For Windows clients, Windows will auto open downloaded RDP files by setting group policy
There are also options for individual browsers that can be configured by users instead
Kasm will automatically generate a signed RDP file using the certificate and private key in Server Settings. This certificate or an applicable CA when providing a certificate must be installed on the client machine in the trusted certificate store and the SHA1 thumbprint must be added to the group policy as a trusted RDP publisher to avoid Windows warning that the RDP file is provided by an untrusted/unknown publisher.
To make things easier Kasm provides a button to download the certificate and a button to copy the SHA1 thumbprint to your clipboard in order to add to your group policy.
The location in Group Policy is Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client -> Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
.
To prevent a user from modifying a signed RDP file and then attempting to create a connection to the RDP target there is another group policy setting that can be enabled Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client -> Allow .rdp files from unknown publishers
. This does have the side effect of preventing user from opening any RDP file not signed by a verified publisher, including ones users may create on their own.
Google Chrome
The first option would be for the user to right-click the rdp file in the download list and select Always open files of this type
. Alternatively the user or an administrator can set a registry key Software\Policies\Google\Chrome\AutoOpenFileTypes
. Then set values of a number and the file extension for example Software\Policies\Google\Chrome\AutoOpenFileTypes\1 = exe
.
Firefox
For firefox when right-clicking the download there is an option Always Open Similar Files
to have Firefox automatically open rdp files in the default client.
ChromeOS
For ChromeOS the Chromebook will need to be joined to a Google Workspace Enterprise account. Then the administrator can set Chrome managed policies to ensure that Chrome will automatically open the RDP file upon download.
Google Workspace configuration
Go to admin.google.com and log into the Google Workspace account. Then navigate to Devices -> Chrome -> Settings and select the User & browser settings tab.
On the User and browser settings tab scroll down to the Content section and select Auto open downloaded files
On this screen the administrator can configure what file extensions to have the browser auto open. Add RDP to the Auto open file types. The administrator can also restrict this setting to the url of the kasm deployment i.e. https://kasm.example.com/*
MacOS
On macOS the RDP connection is loaded as a URL, the OS must be configured to handle that URL with the RDP client of choice. The command to configure this is defaults write com.google.Chrome URLAllowlist -array 'rdp://*'