We're increasing our investments in virtualization and remote desktops, such as Windows Virtual Desktop and RDS on Microsoft Azure. RDCMan is a client that is widely used to manage multiple remote desktop connections because it's a convenient option. However, RDCMan has not kept pace with the level of advanced technology that we're pursuing. Remote Desktop Connection Manager (RDCMan) is a tool for managing multiple remote desktops. It creates a single location for IT administrators to organize, group and manage connections.
- Remote Desktop Connection Manager (RDCMan.exe). RDC Manager is a free Windows utility developed by Microsoft in order to help you manage multiple remote desktop connections. It’s been developed for Terminal Services clients and it’s suitable for servers’ labs where the user may remotely access specific numbers of computers.
- I'm using the Remote Desktop Connection Manager 2.7 on a Surface Pro 4 with Windows 10. Until recently, it was working fine: It would go to full screen and show this blue full screen connection bar at the top when pointing there with the mouse. I could close the session from there or leave full screen mode.
- As an IT enthusiast, I spend a lot of time on IT-related blogs, forums, subreddits and so on. But one thing I’ve noticed in my journey across the interwebs is that there aren’t a lot of IT pros recommending Microsoft’s Remote Desktop Connection Manager (RDCMan) these days.
In March, Microsoft announced that it was discontinuing Remote Desktop Connection Manager (RDCMan) due to a major security flaw (CVE-2020-0765). Here is the bulletin:
An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.
Here’s what ZDNet said about Microsoft’s response to the problem: “Instead of fixing the bug, Microsoft decided to retire RDCMan, seeing no reason to revive an app that received its last update almost six years ago.”
Even before this major vulnerability was discovered, many users found RDCMan frustrating and limited. For example, it lacked many of the time-saving integrations available in other (and better) alternatives. Plus, RDCMan only worked in Windows deployments. And overall, RDCMan — even by Microsoft’s admission — was always a very basic tool and never designed to handle sophisticated functions like utilizing 2FA, managing privileged accounts, securing sensitive data, generating strong passwords, creating audit logs, and so on.
Step 1: Stop Using RDCMan
If you’re a current RDCMan user, then the advice is clear: stop using it. Yes, you and your team may have been using it for years. But now that this bug has been made public, you can be certain that bad actors are mobilizing and will be specifically targeting this vulnerability. Considering the costs of a data breach (and how furious your boss would be), it’s not worth the risk.
Step 2: Give Remote Desktop Manager a Try!
If you’re looking for a free alternative to RDCMan, then Remote Desktop Manager (RDM) Free could be exactly what you need. RDM Free is designed for individual IT pros, while RDM Enterprise is designed for IT teams (co-located and remote) who need to share remote connections and privileged passwords. Here is a side-by-side comparison of the two solutions. Also, be assured that RDM Free is not nagware, donationware, or trialware. It’s a legitimate, standalone solution for IT pros that is constantly being updated.
Interested in trying RDM, but you don’t want to lose your data? Good news! You can import your sessions from an existing application or an existing file format. You can follow this online help right here.
Switching from RDCMan to Remote Desktop Manager (RDM) Enterprise is a significant upgrade in every area. Here is a helpful chart to help you compare the differences.
For a complete list of features in RDM, please head over here.
Microsoft Rdcman Vulnerability
Remote Desktop Connection Manager Window 10
We invite you to try RDM Enterprise free for 30 days, and to explore all of its features and functions. Then when your trial period is over, you can either purchase an affordable license (multiple options are available based on your needs), or you can switch over to RDM Free and use it for as long as you wish without paying anything.
If RDM (Free or Enterprise) isn’t the alternative to RDCMan that you’re looking for, then we suggest you head to AlternativeTo, where you’ll find profiles and reviews of various remote connection tools.