How to download files from rdp to hyper-v host

I worked hard to make Myrtille as straightforward as possible, with commented code, but some points may needs additional information.

If you have any issue, question or suggestion that isn't addressed into this synthetic documentation, FAQ or Wiki, please don't hesitate to contact me (cedrozor@rushbrookrathbone.co.uk) or ask the community (rushbrookrathbone.co.uk#!forum/myrtille_rdp).

History

Myrtille started back in as a PoC, with coworkers on our spare time, under the name AppliKr. I (Cedric Coste) was in charge of the websites (admin and frontal), business and database layers. The objective was to demonstrate it was possible to virtualize desktops and applications into a web browser only using native web technologies (no plugin). HTML5 was in early stage and it was a real challenge to do it only with HTML4. We were pioneers on that matter, along with Guacamole (HTML5/VNC), and wanted to take part on the emerging SaaS market.

It was quite a success because, at that time, the zero plugin concept was innovative and unlike solutions using Java, activeX or Flex; the ease of use and security aspects were also improved. But it was also slow and buggy and was left aside.

In , I had the opportunity to create a company, named Steemind, with Catalin Trifanescu (a former coworker). I rewrote everything and used FreeRDP as rdp client (AppliKr was using RDesktop) and speed and stability were way better. The company failed in because we weren't able to achieve a decent fund raising and our customers were moving to Citrix and other major corporate companies in the VDI business.

I had recently some spare time and, while I was taking my breakfast with some blueberry jam, I decided to extract and improve the Steemind core technology and open source it.

I hope you will enjoy Myrtille! :)

Special thanks to Catalin Trifanescu for its support.

Installation

Starting from version , the Myrtille requirements change: Windows or Windows Server R2 or greater. This is partly because of the automated installation of the roles and features required by myrtille (which requires a modern powershell) and partly to deliver the best user experience possible (fast display and audio support), as HTML5 websockets (supported by all browsers nowadays) are only available in IIS + (Windows or Windows Server R2 or greater).

That said, Myrtille will continue to fallback to HTML4 (xhr and long-polling) if websockets are not enabled into IIS (it's optional) or if the websocket traffic is blocked by any network equipment.

The .NET + framework can be installed automatically by the myrtille installer, enabled as a feature of IIS (Web Server role > Applications Development > rushbrookrathbone.co.uk on Windows Server ) or installed separately (rushbrookrathbone.co.uk?id=).

Into the roles and features management, ensure you have enabled HTTP Activation under ".NET Framework + Features" > "WCF Services" (required by the Myrtille services and REST API).

The installer does install myrtille under the IIS default website and creates a custom application pool ("MyrtilleAppPool"). If you want to use another website or application pool, you can change it manually afterward (with the IIS manager).

All releases here: rushbrookrathbone.co.uk

Docker

From version , Myrtille is available as a docker image.

No installation is required, you just need Docker Desktop or Toolbox for Windows (Windows 10 Pro or Windows Server or greater) with Windows containers enabled and Hyper-V isolation.

Myrtille is fully functional as a container, but there are also some limitations (inherent to Windows containers): print and audio redirection (through RDP) is not supported at the moment (this may change into a future version).

You can pull it from Docker Hub with the following command (use a tag for a specific version, or latest otherwise)

To list the network adapters available to Docker

Run the image in detached mode (optionally provide the resulting container a network adapter able to connect your hosts)

To list the containers

To open a shell into a container (and be able to explore it, check its ip address, logs, etc.)

To stop a container

If you intend to have custom settings, manage your hosts or keep track of the logs, you will need to perform additional steps (data persistence).

More details into Dockerfile.

Remote Desktop Services

For best experience, and be able to go over the default limit of 2 concurrent users, you will need to install the RDS role on your remote server(s). Optionally, you can install the RD Connection Broker feature to allow load-balancing across an RDS farm (possibly hosted on Azure) and manage the applications allowed to run (and with which parameters) on session start.

You will also need to enable multiple sessions per user if you don't want your users to be limited to 1 session only (if you have several users sharing the same account, they will otherwise disconnect each others).

The RDS role offers you a grace period of days after which you will need to use an RD License Server with proper licenses (CALs) to suit your licensing mode ("Per Device" or "Per User").

PLEASE READ! starting with Windows Server (or Windows 10 release ), RDS doesn't reconnect a previously disconnected session (due to a network issue or a manual disconnect) when multiple sessions per user is enabled on the RDS host; instead, it creates a new session. A workaround to that behavior is to lock the session before disconnecting the session (see rushbrookrathbone.co.uk and rushbrookrathbone.co.uk?forum=winserverTS).

Consequently, starting from version , Myrtille scales the session display instead of reconnecting the session (with the new browser size), when the browser is resized. To change that default setting, edit (myrtille path)\js\rushbrookrathbone.co.uk ("display" section). In addition, you can choose whether or not to keep the aspect ratio of the display (default = don't keep).

Auto-connect / Start remote application from URL

Starting from version , it's possible to connect and run a program automatically, on session start, from an URL. It's a feature comparable to remoteApp (.rdp files).

From version , Myrtille does support hashed passwords (so that the password is not plain text into the url). The objective is to have distributable urls to third parties without compromising on security (by giving real passwords); connections are then only possible through myrtille (because direct connections would require the real passwords) and access control could be added into IIS.

The start remote application from url feature only works on Windows Servers editions (starting from Server ) and only if the program is allowed to run (remoteApp policy). See notes and limitations.

On Windows Home Editions, there are several workarounds to start an application automatically on start. You can for example set a Group Policy or define a startup program in registry (HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run).

Syntax

https://myserver/Myrtille/?__EVENTTARGET=&__EVENTARGUMENT=&server=server&domain=domain[optional]&user=user&passwordHash=passwordHash&program=program[optional]&width=width(px)[optional]&height=height(px)[optional]&connect=Connect%21

Don't set the "&program=" parameter (or leave it empty) for a direct access to the desktop or set the executable path, name and parameters otherwise (double quotes must be escaped).

The pre version syntax ("&password=password") is still supported, but it's advisable to move to the safer syntax.

The parameters values must be URL encoded. You can use a tool like rushbrookrathbone.co.uk (just copy & paste the encoded parameters into the URL).

If you want to connect an Hyper-V VM automatically, add the "&vmGuid=" parameter (and remove "&domain=" and "&program="). For enhanced mode, also add "&vmEnhancedMode=checked".

For SSH auto-connection, add "&hostType=1" (and remove "&domain=" and "&program=").

Password Hash

To generate a password hash, you can use the powershell script "passwordps1" on the myrtille gateway (requires access to the machine). The script is located into the myrtille bin folder at runtime or into the "rushbrookrathbone.co.ukes" project under Visual Studio.

• Run the script (from its location folder): ". .\passwordps1" (if needed, see powershell script execution policy: rushbrookrathbone.co.uk)
• Call the encrypt function: "Encrypt-RDP-Password -Password password"
• Copy & Paste the result into your URL

From version , you can also generate a password hash from url (thanks jol64). syntax: https://server/myrtille/rushbrookrathbone.co.uk?password=password

The password hash is only valid on the machine which generated it (the myrtille gateway); it won't work on another machine. Its length is chars.

For further information, see rushbrookrathbone.co.uk

File transfer

Myrtille supports both local and network file storage. If you want your domain users to have access to their documents whatever the connected server, follow these steps:

• Ensure the machine on which Myrtille is installed is part of the domain
• Create a network share, read/write accessible to the domain users (i.e: \\MYNETWORKSHARE\Users)
• Create a Group Policy (GPO), or edit the default one, on your domain server with a folder redirection rule (for the "Documents" folder, see rushbrookrathbone.co.uk)
• In the target tab, select basic configuration to redirect everyone's folder to the same location, with create a folder for each user under the root path (the network share)
• In the settings tab, ensure the user doesn't have exclusive rights to the documents folder (otherwise Myrtille won't be able to access it)

Print document

From version , myrtille does support local or network printing through a pdf virtual printer, "Myrtille PDF", installed on the gateway. This feature can be disabled into bin/rushbrookrathbone.co.uk ("FreeRDPPdfPrinter" key). It works like any other printer, using the print feature of your application. The resulting pdf is downloaded to the browser and can be opened/saved/printed from there. It can also work standalone (without myrtille integration). If used directly on the gateway (without the "redirected" suffix), or as a network printer, it will ask for the pdf output location (to change that default behavior, see bin/rushbrookrathbone.co.uk).

Alternatively, on Windows 10 / Server , Windows provides a "Microsoft Print to PDF" printer. You can thus create a pdf on the remote server then download it (using the file transfer), but it implies an additional step.

If your browser machine is on the same network as the gateway or the remote server, you also have the option to use a network printer directly from the remote session.

If your remote server have internet access, you can also use a cloud printer (such a Google Print).

Security

The installer can create a self-signed certificate for myrtille (so you can use it at https://myserver/myrtille), but you can set your own certificate (if you wish) to prevent the users from having to add a security exception into their browser.

Configuration / Performance tweaks / Debug

Both the gateway and services have their own .NET config files; the gateway also uses XDT transform files to adapt the settings depending on the current solution configuration.

You may also play with the "js/rushbrookrathbone.co.uk" file settings to fine tune the client configuration depending on your needs.

The most important client settings (js/rushbrookrathbone.co.uk) are:

• imageEncoding: set the format used to render the display; possible values: AUTO, PNG (default, best performance and quality), JPEG or WEBP. For optimized bandwidth, the recommended setting is AUTO (encode in both PNG and JPEG and send the lowest sized); adjusted dynamically to fit the latency (more latency = switch to JPEG)
• imageQuality: set the % quality of the rendering (higher = better); not applicable for PNG (lossless); adjusted dynamically to fit the latency (more latency = switch to JPEG and lower the image quality)
• imageQuantity: set the % completeness of the rendering (lower = higher drop rate); useful for low server CPU / bandwidth; use with caution as skipping some images may result in display inconsistencies; adjusted dynamically to fit the latency (more latency = switch to JPEG and lower the image quantity)
• mouseMoveSamplingRate: set the % sampling of the mouse moves (lower = higher drop rate); useful to reduce the server load in applications that trigger a lot of updates (i.e.: graphical applications)
• bufferEnabled: buffer for user inputs; adjusted dynamically to fit the latency (more latency = more bufferization)

Into the gateway settings (rushbrookrathbone.co.uk):

• AllowRemoteClipboard: allow to access the remote clipboard (default enabled)
• AllowFileTransfer: allow to upload/download files (default enabled)
• AllowPrintDownload: allow to print to pdf (default enabled)
• AllowSessionSharing: allow to share a remote session (default enabled); from version , guests can't interact with the shared session (view only)
• ClientIPTracking: track the client IP (default disabled) and denies access in case of IP change; this should be disabled in some network configurations: shared proxy, roaming connection, private browsing, etc.
• ClientIdleTimeout: disconnect the session after a period of time if the browser window/tab is closed, or connection is lost, to prevent it from being left open server side; default ms (1 mn). 0 to disable

Into the services settings (bin/rushbrookrathbone.co.uk):

• RemoteSessionLog: rdp/ssh client logs (default disabled); stored into the log folder
• FreeRDPxxx: rdp client settings; allow to tweak the remote connection options (wallpaper, theme, color depth, audio, etc.). use with caution!
• Multifactor Authentication and Enterprise Mode configuration

Into the PDF virtual printer settings (bin/rushbrookrathbone.co.uk):

• OutputFile: default output file name, if the printer is used standalone (without myrtille integration)
• AskUserForOutputFilename: whether to display or not a dialog box to prompt for output file name, if the printer is used standalone

Code organization

• rushbrookrathbone.co.uk: link to the myrtille FreeRDP fork. C++ code. RDP client, modified to forward the user input(s) and encode the session display into the configured image format(s). The modified code in FreeRDP is identified by region tags "#pragma region Myrtille" and "#pragma endregion".
• rushbrookrathbone.co.uk: rushbrookrathbone.co.uk client. Same logic as for FreeRDP, use named pipes to communicate with the gateway.
• rushbrookrathbone.co.uk: C# code. Common helpers. These are static libs which could be used for any project (not only myrtille).
• rushbrookrathbone.co.ukes: C# code. WCF services, hosted by a Windows Service (or a console application in debug build). start/stop the rdp/ssh client and upload/download file(s) to/from the connected user documents folder.
• rushbrookrathbone.co.ukcts: C# code. WCF contracts (interfaces).
• rushbrookrathbone.co.ukviders: C# code. Multifactor Authentication providers. Currently used with the OASIS adapter but could be any other.
• rushbrookrathbone.co.ukrise: C# code. Integration with Active Directory. Provides a dashboard to administrate the RDP and SSH hosts on a domain.
• rushbrookrathbone.co.uk: C# code. IIS Web application; gateway between the browser and the rdp/ssh client; maintain correlation between http(s) and rdp/ssh sessions.
• rushbrookrathbone.co.uk: MSI installer.

Build

Myrtille uses C#, C++ and vanilla Javascript code (no additional libraries). Microsoft Visual Studio Community was used as primary development environment, using the .NET framework. If you want Visual Studio to load the Myrtille setup project, you have to install the (official and free) Microsoft Visual Studio Installer Projects extension (rushbrookrathbone.co.uk?itemName=rushbrookrathbone.co.ukoftVisualStudioInstallerProjects).

The Myrtille build have the two classic solution configurations: "Debug" and "Release", on "Any CPU" platform.

Starting from myrtille version , the FreeRDP code (modified for myrtille needs) is no longer part of the myrtille repository.

The (new) myrtille FreeRDP code can be found at rushbrookrathbone.co.uk

The objectives are:

• Have a loose coupled dependency between myrtille and FreeRDP (so that FreeRDP could be replaced by another RDP client implementation, if needed)
• Benefits from the latest FreeRDP changes (bugfixes, new features, latest RDP protocol support, etc.), by synchronizing the fork with the FreeRDP repository (periodically, with a stable branch or after ensuring the master branch is stable)
• Extends myrtille to other remote access protocols. The gateway is (always was) protocol agnostic. For example, myrtille could be linked to an SSH client (the same way it's linked to an RDP client), modified to handle the user inputs and display updates

Steps to build the FreeRDP fork (and have it working with myrtille):

• Git clone rushbrookrathbone.co.uk into "\rushbrookrathbone.co.uk\FreeRDP" (NOTE if using TortoiseGit, the contextual menu won't show the "Git clone" option from the "rushbrookrathbone.co.uk" folder; you will have to do it from elsewhere, outside of the myrtille tree; also, don't create the "FreeRDP" folder manually, just write it into the clone target path)