Remote Desktop Protocol (RDP) is aproprietary protocol developed byMicrosoft Corporation which provides a user with agraphical interface to connect to another computer over a network connection.[1] The user employs RDP client software for this purpose, while the other computer must run RDP server software.
Several clients exist for most versions ofMicrosoft Windows (includingWindows Mobile but the support has ended),Linux (for exampleRemmina),Unix,macOS,iOS,Android, and otheroperating systems. RDP servers are built into the server and professional editions of Windows operating systems but not home editions; an RDP server for Unix and OS X also exists (for examplexrdp). By default, the server listens onTCPport 3389[2] andUDP port 3389.[3]
Microsoft currently refers to their official RDP client software asRemote Desktop Connection, formerly "Terminal Services Client".
The protocol is an extension of theITU-TT.128 application sharing protocol. Microsoft makes some specifications public on their website.[4]
![]() | This articlemay need tosummarise its corresponding main article in better quality. Please help out toedit this article and make improvements to the summary. (Learn how and when to remove this message) |
Every server and professional version of Microsoft Windows from Windows XP onward[5] includes an installed Remote Desktop Connection (RDC) ("Terminal Services") client (mstsc.exe) whose version is determined by that of the operating system or by the last appliedWindows Service Pack. The Terminal Services server is supported as an official feature onWindows NT 4.0 Terminal Server Edition, released in 1998,Windows 2000 Server, all editions ofWindows XP except Windows XP Home Edition,Windows Server 2003,Windows Home Server, onWindows Fundamentals for Legacy PCs, inWindows Vista Ultimate, Enterprise and Business editions, Windows Server 2008 and Windows Server 2008 R2 and on Windows 7 Professional and above. The home versions of Windows do not support RDP.
Microsoft provides the client required for connecting to newer RDP versions for downlevel operating systems. Since the server improvements are not available downlevel, the features introduced with each newer RDP version only work on downlevel operating systems when connectingto a higher version RDP server from these older operating systems, and not when using the RDP server in the older operating system.[clarification needed]
Based on theITU-T T.128 application sharing protocol (during draft also known as "T.share") from theT.120 recommendation series, the first version of RDP (named version 4.0) was introduced by Microsoft with "Terminal Services", as a part of their productWindows NT 4.0 Server, Terminal Server Edition.[1] The Terminal Services Edition of NT 4.0 relied onCitrix's MultiWin technology, previously provided as a part ofCitrix WinFrame atop Windows NT 3.51, in order to support multiple users and login sessions simultaneously. Microsoft required Citrix to license their MultiWin technology to Microsoft in order to be allowed to continue offering their own terminal-services product, then named Citrix MetaFrame, atop Windows NT 4.0. The Citrix-provided DLLs included in Windows NT 4.0 Terminal Services Edition still carry a Citrix copyright rather than a Microsoft copyright. Later versions of Windows integrated the necessary support directly. The T.128 application sharing technology was acquired by Microsoft from UK software developerData Connection Limited.[6]
This version was introduced withWindows 2000 Server, added support for a number of features, including printing to local printers, and aimed to improve network bandwidth usage. The RDP clients available through the Windows 2000 Terminal Server Disk Creation Tool is tested and working on even 16 bit Windows 3.1 using 3rd party TCP/IP libraries such as Trumpet WinSock.
This version was introduced withWindows XP Professional and included support for 24-bit color and sound. It is supported onWindows 2000,Windows 9x, andWindows NT 4.0.[7] With this version, the name of the client was changed fromTerminal Services Client toRemote Desktop Connection; the heritage remains to this day, however, as the underlying executable is still namedmstsc.exe.
This version was introduced withWindows Server 2003, included support for console mode connections, a session directory, and local resource mapping. It also introduces Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications.[8] This version is built intoWindows XP Professional x64 Edition and Windows Server 2003 x64 & x86 Editions, and also available for Windows XP as a download.
This version was introduced withWindows Vista and incorporated support forWindows Presentation Foundation applications,Network Level Authentication, multi-monitor spanning and large desktop support, andTLS 1.0 connections.[9] The RDP 6.0 client is available on Windows XP SP2, Windows Server 2003 SP1/SP2 (x86 and x64 editions) and Windows XP Professional x64 Edition through KB925876. Microsoft Remote Desktop Connection Client for Macintosh OS X is also available with support for Intel and PowerPC Mac OS versions 10.4.9 and greater.
This version was released in February 2008 and is first included withWindows Server 2008 and Windows Vista with Service Pack 1 and later backported to Windows XP with Service Pack 3. The RDP 6.1 client is available on Windows XP SP2, Windows Server 2003 SP1/SP2 (x86 and x64 editions) and Windows XP Professional x64 Edition through KB952155.[10] In addition to changes related to how a remote administrator connects to the "console",[11] this version has new functionality introduced in Windows Server 2008, such as connecting remotely to individual programs and a new client-side printer redirection system that makes the client's print capabilities available to applications running on the server, without having to install print drivers on the server[12][13] also on the other hand, remote administrator can freely install, add/remove any software or setting at the client's end. However, to start aremote administration session, one must be a member of the Administrators group on the server to which one is trying to get connected.[14]
This version was released to manufacturing in July 2009 and is included withWindows Server 2008 R2, as well as withWindows 7.[15] With this release, also changed fromTerminal Services toRemote Desktop Services. This version has new functions such as Windows Media Player redirection, bidirectional audio, multi-monitor support, Aero glass support, enhanced bitmap acceleration, Easy Print redirection,[16]Language Bar docking. The RDP 7.0 client is available on Windows XP SP3 and Windows Vista SP1/SP2 through KB969084,[17] and is not officially supported on Windows Server 2003 x86 and Windows Server 2003 / Windows XP Professional x64 editions. It is also not officially supported on Windows Server 2008.
Most RDP 7.0 features like Aero glass remote use, bidirectional audio, Windows Media Player redirection, multiple monitor support and Remote Desktop Easy Print are only available in Windows 7 Enterprise or Ultimate editions.[18][19]
Release 7.1 of RDP was included with Windows 7 Service Pack 1 and Windows Server 2008 R2 SP1 in 2010. It introducedRemoteFX, which provides virtualized GPU support and host-side encoding.
This version was released inWindows 8 andWindows Server 2012. This version has new functions such as Adaptive Graphics (progressive rendering and related techniques), automatic selection of TCP or UDP as transport protocol,multi touch support, DirectX 11 support for vGPU,USB redirection supported independently of vGPU support, etc.[20][21] A "connection quality" button is displayed in the RDP client connection bar for RDP 8.0 connections; clicking on it provides further information about connection, including whether UDP is in use or not.[22]
The RDP 8.0 client and server components are available on Windows 7 SP1 and Windows Server 2008 R2 SP1 through KB2592687. The RDP 8.0 client is also available for Windows Server 2008 R2 SP1, but the server components are not. The RDC 8.0 client includes support for session encryption using theTLS 1.2 standard.[23] The add-on requires theDTLS protocol to be installed as prerequisite.[22] After installing the updates, for the RDP 8.0 protocol to be enabled between Windows 7 machines, an extra configuration step is needed using theGroup Policy editor.[24]
A new feature in RDP 8.0 is limited support for RDP session nesting; it only works for Windows 8 and Server 2012 though, Windows 7 and Server 2008 R2 (even with the RDP 8.0 update) do not support this feature.[25]
The "shadow" feature from RDP 7, which allowed an administrator to monitor (snoop) on a RDP connection has been removed in RDP 8. The Aero Glass remoting feature (applicable to Windows 7 machines connecting to each other) has also been removed in RDP 8.[21][22]
This version was released withWindows 8.1 andWindows Server 2012 R2. The RDP 8.1 client, like the RDP 8.0 client, is available on Windows 7 SP1 and Windows Server 2008 R2 SP1 through KB2923545 but unlike the RDP 8.0 update for Windows 7, it does not add a RDP 8.1 server component to Windows 7. Furthermore, if RDP 8.0 server function is desired on Windows 7, the KB 2592687 (RDP 8.0 client and server components) update must be installed before installing the RDP 8.1 update.[26][27]
Support for session shadowing was added back in RDP version 8.1. This version also fixes some visual glitches withMicrosoft Office 2013 when running as aRemoteApp.[26]
Version 8.1 of the RDP also enables a "restricted admin" mode. Logging into this mode only requires knowledge of the hashed password, rather than of itsplaintext, therefore making apass the hash attack possible.[28] Microsoft has released an 82-page document explaining how to mitigate this type of attack.[29]
Version 10.0 of the RDP was introduced withWindows 10 and includes the following new features: AutoSize zoom (useful for HiDPI clients).In addition graphics compression improvements were included utilizing H.264/AVC.[30]
Microsoft introduced the following features with the release of RDP 6.0 in 2006:
Release 7.1 of RDP in 2010 introduced the following feature:
The latest version of RDP supportsTransport Layer Security (TLS) version 1.1, 1.2 and 1.3 to protect RDP traffic.[32]
Version 5.2 of the RDP in its default configuration is vulnerable to aman-in-the-middle attack. Administrators can enabletransport layer encryption to mitigate this risk.[33][34]
RDP sessions are also susceptible to in-memory credential harvesting, which can be used to launchpass the hash attacks.[35]
In March 2012, Microsoft released an update for a critical security vulnerability in the RDP. The vulnerability allowed a Windows computer to be compromised by unauthenticated clients andcomputer worms.[36]
RDP client version 6.1 can be used to reveal the names and pictures of all users on the RDP Server (no matter which Windows version) in order to pick one, if no username is specified for the RDP connection.[citation needed]
In March 2018 Microsoft released a patch forCVE-2018-0886, a remote code execution vulnerability in CredSSP, which is a Security Support Provider involved in the Microsoft Remote Desktop and Windows Remote Management, discovered by Preempt.[37][38]
In May 2019 Microsoft issued a security patch forCVE-2019-0708 ("BlueKeep"), a vulnerability which allows for the possibility ofremote code execution and which Microsoft warned was "wormable", with the potential to cause widespread disruption. Unusually, patches were also made available for several versions of Windows that had reached their end-of-life, such asWindows XP. No immediate malicious exploitation followed, but experts were unanimous that this was likely, and could cause widespread harm based on the number of systems that appeared to have remained exposed and unpatched.[39][40][41]
In July 2019, Microsoft issued a security patch forCVE-2019-0887, a RDP vulnerability that affectsHyper-V.[42]
In April 2025, a security researcher discovered that it is possible to log into accounts through RDP using passwords that have already been revoked. According to Microsoft, this was by design, and not a bug or vulnerability.[43]
Since the release ofRemote Desktop Connection, there have been several additional Remote Desktop Protocol clients created by both Microsoft and other parties includingMicrosoft Remote Desktop,rdesktop, andFreeRDP.
In addition to the Microsoft-createdRemote Desktop Services, open-source RDP servers on Unix include FreeRDP (see above), ogon project andxrdp. The Windows Remote Desktop Connection client can be used to connect to such a server. There is alsoAzure Virtual Desktop which makes use of RDP and is a part of theMicrosoft Azure platform.
There is also a VirtualBox Remote Display Protocol (VRDP) used in theVirtualBox virtual machine implementation byOracle.[44] This protocol is compatible with all RDP clients, such as that provided with Windows but, unlike the original RDP, can be configured to accept unencrypted and password unprotected connections, which may be useful in secure and trusted networks, such as home or officeLANs. By default, Microsoft's RDP server refuses connections to user accounts with empty passwords (but this can be changed with theGroup Policy Editor[45]). External and guest authorization options are provided by VRDP as well. It does not matter which operating system is installed as a guest because VRDP is implemented on the virtual machine (host) level, not in the guest system. Theproprietary VirtualBox Extension Pack is required.
Microsoft requires third-party implementations to license the relevant RDP patents.[46] As of February 2014[update], the extent to which open-source clients meet this requirement remains unknown.
Security researchers reported in 2016-17 that cybercriminals were selling compromised RDP servers on underground forums as well as specialized illicit RDP shops.[47][48] These compromised RDPs may be used as a "staging ground" for conducting other types of fraud or to access sensitive personal or corporate data.[49] Researchers further report instances of cybercriminals using RDPs to directly drop malware on computers.[50]