Setting Security Levels in RDP Vuser Scripts

Note: This topic applies to RDP Vuser scripts only.

Remote Desktop Protocol (RDP) enables a client computer to connect to a server. Various security options are available for the connection, depending on the particular Windows operating systems that are installed on the client and server computers. The security options define security-related issues, such as the authentication and encryption, that are used for the connection.

The list of security options that are available for a Vuser script is different when you record a Vuser script and when you replay the script.

Security levels when recording an RDP Vuser Script

Standard RDP security is the only form of security that you can use when you record an RDP Vuser script. Before you record an RDP Vuser script, make sure that the server is configured to allow connections from computers that are running any version of Remote Desktop, and not only from computers that are running Remote Desktop with Network Level Authentication. You use the Remote tab in the System Properties dialog box on the server to set the security level that is required to establish the connection.

Note: If your RDP session is launched through an RDP configuration file, you must disable credssp authentication in the configuration file, using the following string: enablecredsspsupport:i:0

Security levels when replaying an RDP Vuser Script

You can use the Vuser script's runtime settings to specify the security that is used for the connection when the Vuser runs. The available security levels are:

  • RDP: Connects using standard RDP security. RDP provides the least secure connection.
  • SSL: Connects using SSL as an external security protocol to enhance the standard RDP security. SSL provides a moderate level of security.
  • CredSSP: Connects using the Credential Security Support Provider (CredSSP) protocol. CredSSP provides the most secure connection.

    Note: If you specify CredSSP authentication, you must make certain changes to the Vuser script each time the script is regenerated. For details, see Modifying a script to support CredSSP authentication below.

The security level that you specify in the runtime settings is an indication to the server of the maximum level of security that is supported by the client. However, the security that is actually used for the connection is defined by the server settings. For example, if you specify CredSSP as the encryption level in the runtime settings, when you run the Vuser, the Vuser will inform the server that the Vuser supports CredSSP, SSL, and RDP security. If the server supports only RDP security (for example,its operating system is Windows 2003), then the connection will be made using RDP.

To set the RDP security level for the Vuser script, click Replay > Runtime Settings > RDP > Configuration and then select the required level from the Supported Encryption Level list.

Modifying a script to support CredSSP authentication

If you specify CredSSP authentication in the Vuser script's runtime settings, you must perform the following tasks each time the script is regenerated:

  1. In the rdp_connect_server step in the script, modify the step to provide the user name, password, and domain that are required to access the server. For details on the rdp_connect_server step, see the Function Reference.

  2. Remove the block of code that contains the login-related mouse, keyboard, and image synchronization steps from the generated script, as described below.

    1. Locate the rdp_connect_server step in the Vuser script.

      The step after the rdp_connect_server step is the first step in the block of code to delete.

    2. Locate the rdp mouse_click step or the rdp_key step that submits the password to the server.

      This is the last step in the block of code to delete.

      Note: If an rdp_set_lock step exists immediately after the rdp_connect_server step, do not delete the rdp_set_lock step.

    3. Delete all the steps in the block of code that is defined above.

Back to top