KeePassRDP is a plugin for KeePass 2.x that adds useful options to connect to the URL of an entry with RDP.
KeePassRDP is a plugin for KeePass 2.x designed to enhance remote desktop protocol (RDP) connectivity by adding useful options to connect to the URL of an entry directly. It simplifies managing and connecting to RDP resources within KeePass, streamlining workflows for users who frequently access remote systems.
Key Features:
Connect to hosts via RDP with support for admin sessions using mstsc.exe parameters.
Automatically manage credentials in the Windows credential manager for secure access.
Configurable keyboard shortcuts and context menu items for quick access.
Customizable credential picker dialog and per-entry settings for tailored workflows.
Support for advanced features like session shadowing, DPI scaling, and secure desktop modes.
Integration with winget for easy installation via winget install KeePassRDP.KeePassRDP.
Audience & Benefit:
Ideal for system administrators, IT professionals, and managed service providers (MSPs) who need to securely manage multiple RDP connections. KeePassRDP enhances productivity by automating credential handling, reducing manual steps, and offering customizable tools to suit specific workflows. Its secure credential management ensures compliance with best practices while maintaining efficiency in remote access operations.
README
KeePassRDP
Overview
KeePassRDP is a plugin for KeePass 2.x that adds useful options to connect to the URL of an entry with RDP.
Installation
of the latest .
Run the msi setup, self-extracting exe or unzip (and copy) the KeePassRDP.plgx file to your KeePass plugins folder.
To connect to target computers using RDP select one or multiple entries containing the IP-address(es) or hostname(s), right-click and select KeePassRDP > Open RDP connection(or simply press CTRL + M).
A selection dialog will be shown when multiple credentials are found. To use one of the other connection options select the corresponding item from the context menu, or press the configurable keyboard shortcut.
Features
Connect to host via RDP
Connect to host via RDP admin session (mstsc.exe /admin parameter)
Support for mstsc.exe parameters (/f, /span, /multimon, /w, /h, /public, /restrictedAdmin, /remoteGuard)
Select from matching (Windows or domain) credentials when target entry is inside configurable trigger group (see below)
Automatic adding and removing of credentials to and from the Windows credential manager (how it works)
How we use KeePassRDP on a daily basis (I work for an MSP where KeePass securely stores credentials for accessing customer domains and computers).
Trigger group / folder
The KeePass database could be structured like this, where each group contains entries for a specific customer:
>
>
>
>
>
If there is only one jumphost or something similiar, we usually place a single entry including the credentials directly into the customer group:
>
>
>
>
>
When a customer has more hosts and/or requires multiple accounts, we create a subgroup named RDP(trigger group) inside the customer group:
>
>
>
>
>
The name of the trigger group can be configured from within the KeePassRDP options form(since v2.0).Entries in subgroups of the "RDP" group will trigger by default, too (since v2.3).
Afterwards entries for target hosts can be added to the trigger group:
>
>
>
>
>
When using the entries matching credentials are searched from the parent (customer) group (by default they will be looked up recursively within all subgroups):
>
>
>
>
>
Ignoring entries can be toggled in the KeePassRDP context menu(since v1.9.0) or from the toolbar (since v2.0).
Select one or more entries in the RDP group, press CTRL + M and KeePassRDP will show a dialog with filtered account entries (matching titles against a configurable regular expression, e.g. domain-admin, local user, ...) to connect to target hosts (using credentials).
>
>
>
>
>
Finally just choose the credential you want to use and click GO(or press Enter).
Individual entry settings can be set from the KeePassRDP tab on the edit entry form (since v2.0).
>
>
>
>
>
Advanced settings can be configured through .rdp files (since v2.1).
>
>
>
>
>
Keyboard shortcuts
Fully configurable from within the KeePassRDP options form.
>
>
>
>
>
Context menu / toolbar items
Visibility of items is configurable from within the KeePassRDP options form.
>
>
>
>
>
Credential picker
Customizable from within the KeePassRDP options form.
>
>
>
>
>
>
>
>
>
Automatization helpers
Can be activated from within the KeePassRDP options form.
>
>
>
>
>
A certificate for signing .rdp files can be selected or generated (self-signed) on the same page.
>
>
>
>
>
Session shadowing
KeePassRDP can be used to manage and shadow sessions on remote desktop/terminal servers.
>
>
>
>
>
Secure desktop
Both of credential picker and executable can be configured to run on an isolated desktop, preventing global keyboard and mouse hooks (keyloggers) from capturing the input.
:safety_vest: Running the executable in a secure desktop is experimental.
An additional toolbar is displayed when the secure desktop is in use.
>
>
>
>
>
:bulb: Clipboard content is shared throughout a window station, so it could still be read by malicious software.
How it works
The plugin basically calls the default mstsc.exe with the /v: (and optionally other) parameter(s) to connect.
Opening a connection with credentials will save the selected credential(s) into the Windows credential manager ("vault") for access by the mstsc.exe process.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>