Remote Desktop Protocol: Frequently Asked Questions

Topic

This article answers frequently asked questions (FAQ) about using Microsoft's Remote Desktop Protocol (RDP) technology to access managed devices in NinjaOne.

Environment

• NinjaOne remote access
• Windows Professional, Enterprise, and Server operating systems

Index

Click a question to view the answer: 

• Where do I go to enable Cloud RDP for my organization or devices?
• What operating systems are compatible with RDP?
• Can I connect to a device via Cloud RDP from a device that does not run one of the compatible operating systems?
• How long do I have until the RDP access file expires?
• How many times may I use the same RDP access file?
• What is NinjaOne doing to ensure the link for RDP access is not intercepted?
• Can the end user see their screen when a technician is connected via RDP?
• I provisioned a device for RDP connection, but now that I have completed my remote session, I want to de-provision it. Is there a way for me to do so via NinjaOne?
• I want to grant a user with custom permissions (non-System Admin) the ability to access devices via Cloud RDP. How can I do this?
• Under what circumstances will NinjaOne alter the configured settings on a device to provision it for RDP access?
• Is disabling Network Level Authentication (NLA) necessary to connect via NinjaOne's Cloud RDP feature?
• Is NinjaOne's Cloud RDP functionality secure?
• How is NinjaOne securing against man-in-the-middle attacks with Cloud RDP?

FAQ

Where do I go to enable Cloud RDP for my organization or devices?

You must install or enable Microsoft's RDP technology locally on connected devices. To do so, refer to Microsoft's help documentation: How to use Remote Desktop - Microsoft Support (external). 

Once enabled, you can initiate the access from the NinjaOne device dashboard. To learn how to use RDP in NinjaOne, refer to Access Devices via Microsoft Cloud RDP.

What operating systems are compatible with RDP?

You can connect to devices running Windows Professional, Windows Enterprise, or Windows Server using RDP.

Can I connect to a device via Cloud RDP from a device that is not running one of the compatible operating systems?

To initiate RDP connections from a device running an operating system that is incompatible with RDP, you must download the Microsoft Remote Desktop application for macOS or Windows. 

• macOS: Windows App on the Mac App Store (external)
• Windows: Microsoft Remote Desktop - Free download and install | Microsoft Store (external)

When using the most recent version of macOS Catalina (10.15.x), you cannot open RDP links from Safari or Chrome, but you can use Firefox. This issue is due to changes in the most recent version of macOS Catalina (10.15.x) and must be addressed by Apple and Microsoft.

How long do I have until the RDP access file expires?

The generated RDP access file expires after 2 minutes or after it is used. At this point, you must generate a new RDP access file to connect.

How many times may I use the same RDP access file?

You can only use the access file once after it is generated.

What is NinjaOne doing to ensure the link for RDP access is not intercepted?

Network transactions, data transmissions, and API exchanges are encapsulated by encryption, which mitigates the risk of interception of the link, the RDP file, or any credentials. 

Can the end user see their screen when a technician is connected via RDP?

Our Cloud RDP integration does not allow for screen share. Therefore, the screen will be locked for the end user when a technician is remotely connected via Cloud RDP.

I provisioned a device for RDP connection, but I would like to de-provision it now that I have completed my remote session. Is there a way for me to do so via NinjaOne?

To de-provision a device for RDP access, you must do so locally on the machine. 

I want to grant a user with custom permissions (non-System Admin) the ability to access devices via Cloud RDP. How can I do this?

You can grant permissions to technicians in NinjaOne. To do so, refer to Access Devices via Microsoft Cloud RDP.

Under what circumstances will NinjaOne alter the configured settings on a device to provision it for RDP access?

NinjaOne will not alter the configured settings without your explicit request to provision a machine for RDP access. This is done when you check off the "Configure RDP automatically" option when initiating a Cloud RDP session.

Is disabling Network Level Authentication (NLA) necessary to connect via NinjaOne's Cloud RDP feature?

Yes. Currently, NLA must be disabled in order for NinjaOne's Cloud RDP to work.

Is NinjaOne's Cloud RDP functionality secure?

Yes. NinjaOne uses its own tunneling technology to create a secure channel between the user and the endpoint. NinjaOne's implementation of RDP provides three layers of obfuscation of data transmittal:

• Native RDP protocol encapsulation within TCP/IP
• Native RDP encryption
• NinjaRMM implementation:  An additional encryption layer as part of the NinjaRMM Agent-Server communications

How is NinjaOne securing against man-in-the-middle (MitM) attacks with Cloud RDP?

The NinjaRMM implemented layer of encryption "wraps" the RDP native protocol and prevents the stealing/capturing of the following:

• Login credentials
• Clipboard data
• File transfers
• Session replays