Auto-Opening RDP files for each Client OS

Windows

For Windows clients, Windows will auto open downloaded RDP files by setting group policy .

There are also options for individual browsers that can be configured by users instead

Kasm will automatically generate a signed RDP file using the certificate and private key in Server Settings. This certificate or an applicable CA when providing a certificate must be installed on the client machine in the trusted certificate store and the SHA1 fingerprint in capital letters must be added to the group policy as a trusted RDP publisher to avoid Windows warning that the RDP file is provided by an untrusted/unknown publisher. The location in Group Policy is Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client -> Specify SHA1 thumbprints of certificates representing trusted .rdp publishers.

../../_images/group_policy_editor.png — **Group Policy Location**

../../_images/trusted_publisher_sha.png — **Setting the Trusted Publisher Certificate SHA1**

To prevent a user from modifying a signed RDP file and then attempting to create a connection to the RDP target there is another group policy setting that can be enabled Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client -> Allow .rdp files from unknown publishers. This does have the side effect of preventing user from opening any RDP file not signed by a verified publisher, including ones users may create on their own.

../../_images/group_policy_disable_unknown_publishers.png — **Deny unknown publishers**

Google Chrome

The first option would be for the user to right-click the rdp file in the download list and select Always open files of this type. Alternatively the user or an administrator can set a registry key Software\Policies\Google\Chrome\AutoOpenFileTypes. Then set values of a number and the file extension for example Software\Policies\Google\Chrome\AutoOpenFileTypes\1 = exe.

../../_images/set_always_open.png — **Always Open Files of this Type**

Firefox

For firefox when right-clicking the download there is an option Always Open Similar Files to have Firefox automatically open rdp files in the default client.

../../_images/always_open_similar_files.png — **Always Open Similar Files**

ChromeOS

For ChromeOS the Chromebook will need to be joined to a Google Workspace Enterprise account. Then the administrator can set Chrome managed policies to ensure that Chrome will automatically open the RDP file upon download.

Google Workspace configuration

Go to admin.google.com and log into the Google Workspace account. Then navigate to Devices -> Chrome -> Settings and select the User & browser settings tab.

../../_images/chromeos_device_settings.png — **ChromeOS device settings**

On the User and browser settings tab scroll down to the Content section and select Auto open downloaded files

../../_images/chromeos_device_content_settings.png — **ChromeOS device content settings**

On this screen the administrator can configure what file extensions to have the browser auto open. Add RDP to the Auto open file types. The administrator can also restrict this setting to the url of the kasm deployment i.e. https://kasm.example.com/*

../../_images/chromeos_auto_open_download_settings.png — **ChromeOS Auto open downloaded files settings**

MacOS

On macOS the RDP connection is loaded as a URL, the OS must be configured to handle that URL with the RDP client of choice. The command to configure this is defaults write com.google.Chrome URLAllowlist -array 'rdp://*'