Active Client For Mac Os X

Home > Articles > Apple > Operating Systems

I understand that ActiveX is a Microsoft product and was widely used with Internet Explorer and Windows. I have a Mac running El Capitan. I have a Mediasmart server at home running Windows Home Server 2011. Unfortunately, to have remote web access to the server, it requires either a Windows computer or a Mac running a virtual environment. The PaperCut Mac User Client software is a supplied as a native Mac.app package. The User Client is delivered in two flavors: The current client, which supports Mac OS X 10.7 (Mountain Lion) and above. The legacy client, which supports Mac OS X versions from 10.4 to 10.6. It is a universal application that runs on both PowerPC and Intel hardware. There is a method of offering partial Mac client management and access to other Mac OS X Server services under Active Directory that doesn't require schema modification. The approach is twofold. In addition to the options @churnd listed, you can also extend your AD schema to directly support Mac-style managed preferences. Apple has white papers on how to extend the schema to support OS X v10.5 and OS X v10.6 (the differences aren't very important - the 10.5 instructions include a bunch of object classes and attributes that nobody used and were removed/obsoleted in 10.6; the 10.6. Jul 19, 2013  we trying to run an radiology solution on this mac. Active X is disabled: which does not allow Inteleviewer to run. How can activate Active X. The package that the OP references — if I've located the correct one — indicates support for OS X systems. Jul 19, 2013 6:29 PM Reply Helpful. Thread reply - more options. Link to this.

  1. Configuring Mac OS X to Log In Using Active Directory
Page 1 of 6Next >
It's easy to integrate Mac OS X into an Active Directory environment. This chapter shows you how.
This chapter is from the book Active Client For Mac Os X
Apple Training Series: Mac OS X Directory Services v10.5

This chapter is from the book

This chapter is from the book

Apple Training Series: Mac OS X Directory Services v10.5

Active Directory is Microsoft’s directory services solution that provides LDAP and Kerberos services for identification and authentication. Many organizations with Windows computers use Active Directory because it provides these features:

  • Security and policy management for Windows computers
  • Tight integration with popular application servers such as Microsoft Exchange and Microsoft SQL Server
  • High availability, with the ability to place multiple replica servers across geographic locations in a multimaster configuration

It is easy to integrate Mac OS X into an Active Directory environment. Although Mac OS X computers can access directory information provided by Active Directory via the LDAPv3 plug-in, you should use the Active Directory plug-in, which provides the following capabilities:

  • Creating a computer account for secure communication with Active Directory services
  • Configuring mappings of Open Directory objects and attributes to Active Directory objects and attributes
  • Setting up the Kerberos environment for seamless integration with Active Directory
  • Enabling SMB packet signing and packet encryption
  • Support of Active Directory password policies
  • Support of Active Directory Sites, which directs Windows and Mac OS X client computers to the most appropriate services based on their IP network
  • Caching information from Active Directory services so that Mac OS X computers can use the information even if they are not connected to the network

In this chapter you will learn how to use both Directory Utility and the command line to bind to Active Directory, and to modify the default settings for the Active Directory plug-in to enable login and access to a network home folder. You will learn how to overcome problems with your initial bind to Active Directory, and you will learn troubleshooting techniques for login problems with an Active Directory user account.

Configuring Mac OS X to Log In Using Active Directory

You can either use Directory Utility or dsconfigad to bind a Mac OS X client computer to an Active Directory domain. dsconfigad allows you to configure some features that Directory Utility does not expose, but if you use dsconfigad you need to take some additional steps (such as enabling the Active Directory plug-in and adding the Active Directory node to your search paths). Before you can bind with either method, however, you need to know a few things about your Active Directory service.

Understanding Active Directory Terms

When you bind to Active Directory, you need to know the domain name and you must have the credentials of a user who has authorization to join computers to Active Directory.

A domain is the building block of Active Directory; it is a collection of directory objects such as users, groups, and computers. An Active Directory domain requires a domain controller, which can be a computer running any version of Windows Server 2000 through Windows Server 2008. A domain is identified by its DNS namespace; in this book the example server windows-server.pretendco.com hosts the domain pretendco.com. Active Directory relies on DNS records generated by a DNS service that is tightly integrated with Active Directory, so you should configure Mac OS X to use the DNS service associated with the Active Directory domain before attempting to bind.

A tree is one or more domains in a contiguous name space. A forest is a set of domain trees that have a common schema and global catalog, which is used to describe a best-effort collection of all the resources in a domain. The global catalog is commonly used for email address lookups.

Like standard Windows clients, Mac OS X binds to only one Active Directory domain at a time.

Understanding the Active Directory Computer Object

When you bind a Mac OS X client computer to Active Directory, you use or create a computer object for Mac OS X. Just like user objects, computer objects are used for identification, authentication, and authorization. The computer object has rights to do certain things, such as to bind and update its own DNS record.

When you bind a Mac OS X computer to Active Directory, Mac OS X uses the user credentials you supply to set up a computer account and password. This password is a shared secret between your Mac OS X computer and the Active Directory service. Your Mac OS X computer uses this password to authenticate to Active Directory and set up a secure channel to enable your Mac OS X computer to communicate with Active Directory. The password is randomly generated, and is unrelated to the user account you use to perform the bind. For more information, see “Confirming Your Active Directory Plug-in and the Samba Service Are Using the Same Active Directory Computer Password” in Chapter 8.

If you delete the computer object or reset the computer object password in Active Directory, you need to rebind Mac OS X to Active Directory in order for Mac OS X to access Active Directory.

When you use Directory Utility to bind to Active Directory, Directory Utility suggests a computer ID to use for the name of the Active Directory computer object. This computer ID is based on the computer name or Bonjour name that you set in the Sharing pane of System Preferences. If your computer name is longer than 15 characters, you may experience errors when binding to Active Directory. Also note that Directory Utility may replace any instance of a dash (-) with an underscore (_) and change capital letters to lowercase in the suggested computer ID. You should use the same Mac OS X computer name and Active Directory computer name to help keep track of computer names, unless you have a good reason not to do so.

Specifying a User to Create the Computer Object

When binding to Active Directory, you need to supply the credentials of an Active Directory administrator or user who is authorized to create computer objects. By default, you can use a regular active directory user to bind to Active Directory ten times, but after that you will encounter an error. “Troubleshooting Binding Issues,” later in this chapter, offers some solutions for this problem.

Binding to Active Directory with Directory Utility

The simplest way to bind Mac OS X to Active Directory is to use Directory Utility with all the default settings in place. The steps are as follows:

  1. Quit Directory Utility if it is open.
  2. Use the Sharing preference in System Preferences to set your computer name to be the name of the computer object you want to create for binding to Active Directory.
  3. Open Directory Utility.
  4. If necessary, click the lock in the lower-left corner and provide credentials for a local administrator.
  5. Click the Add (+) button in the lower-left corner.
  6. Click the “Add a new directory of type” pop-up menu and choose Active Directory.
  7. In the Active Directory Domain field, type the name of the Active Directory domain—in other words, “pretendco.com” not “windows-server.pretendco.com.”

    This can be any domain in the forest, but remember that the domain name is the DNS namespace of the domain, not the DNS name of the domain controller.

  8. In the Computer ID field, type the name of the Active Directory computer object to use for this Mac OS X computer.
  9. In the AD Administrator Username field, type the name of an Active Directory administrator or the name of an Active Directory user who can join a computer to the domain.
  10. In the AD Administrator Password field, type the password for the user you specified in step 9.
  11. Click OK.

Mac OS X attempts to bind to Active Directory with the default settings.

Logging In as an Active Directory User on Mac OS X

Once you bind your Mac OS X computer to Active Directory, you can log in with your Active Directory user account at your Mac OS X login window.

The following figure shows the default desktop for an Active Directory that logs in to a Mac OS X computer. Note that the home folder is located on the startup disk (Option-clicking the name of a folder in the title bar of a Finder window reveals the path to the folder). The user launched the Kerberos application (in /System/Library/CoreServices), which shows that Mac OS X obtained a Kerberos ticket-granting ticket (TGT) for the user as part of the login process.

Specifying a User Name at the Login Screen

By default the Mac OS X login window displays the names of local user accounts and Other to allow you to specify a user name from a different directory node, as shown in this figure.

Client os vs server os

When you choose Other, the login window reveals a field for Name and Password.

At the Mac OS X login window, you can use many combinations of the user identifiers “Full name,” “User login name,” or “User login name (Pre-Windows 2000)” from Active Directory, along with other elements of the domain name. Consider the figure at left, which shows a user created with Active Directory tools.

You can log in with any of the following names in the Name field in Mac OS X’s login window:

Understanding the Home Folder Default Behavior

When you log in with a user account for Active Directory, by default Mac OS X creates a home folder for the user on the startup disk in /Users/usershortname.

If a directory already exists with that name, Mac OS X will not create a new home folder. You may experience unexpected results because the Active Directory user does not have write permissions to the home folder.

See “Transitioning from a Local User to an Active Directory User,” later in this chapter, if that is appropriate for your situation.

Understanding Home Folder Synchronization

The default settings do not configure Mac OS X to synchronize the local home folder with a network home folder. If you log in as the same Active Directory user on multiple Mac OS X computers that are configured with the default settings for the Active Directory plug-in, you will have a different home folder on each computer, and the contents will not be synchronized. To prevent this situation you can do the following:

  • Configure mobile accounts and home folder synchronization. See “Understanding Mobile Accounts” for more on this.
  • Deselect the option to force the creation of a local home folder, and use Active Directory tools to assign a network home folder for the Active Directory user account. See “Specifying a Network Home Folder” for details.

Changing the Active Directory Plug-in Default Settings

The Active Directory plug-in’s default settings might not meet your needs. For instance, you may want to not force local home folders on the startup disk, or you may want to use custom mappings or to specify Active Directory groups to members that have local administrative access on your Mac OS X computer. In this section you will learn how to use Directory Utility and the command line to configure some of the advanced options of the Active Directory plug-in.

Follow these steps to use Directory Utility to access Active Directory Advanced Options:

  1. Open Directory Utility. If necessary, click the lock in the lower-left corner and provide credentials for a local administrator. If necessary, click the Show Advanced Settings button in the lower-right corner of the Directory Utility window.
  2. Click Services in the toolbar.
  3. Make sure the Active Directory service checkbox is selected.
  4. Select the Active Directory service.
  5. Click the Edit button in the lower-left corner of the Directory Utility window.
  6. Click the disclosure triangle next to Show Advanced Options.

Exploring the “User Experience” Advanced Options Pane

The default pane for Directory Utility’s Advanced Options is the User Experience pane, shown in the figure to the left.

The first option, “Create mobile account at login,” is disabled by default. A mobile account caches user credentials locally so they can be used when the computer is not connected to the directory node. See “Understanding Mobile Accounts” for more details about mobile accounts and synchronized home folders.

The “Force local home directory on startup disk” option is enabled by default. If you deselect this option, and an Active Directory user who does not have a network home folder defined logs in, Mac OS X creates a local home folder in /Users/username for the user when the user logs in (unless a local home folder already exists).

Specifying a Network Home Folder

There are two possible ways to specify a network home folder:

  • If your Active Directory schema has been extended to support Apple objects and attributes, map dsAttrTypeStandard:HomeDirectory to an extended attribute in your user record, and use Workgroup Manager to specify the home folder.
  • Enable the option “Use UNC path from Active Directory to derive network home location” and use Active Directory tools to populate the Home Folder field for an Active Directory user. The Active Directory plug-in maps dsAttrTypeStandard:SMBHomeDirectory to Active Directory’s dsAttrTypeNative:homeDirectory. You can also specify this option with the -uncpath option of dsconfigad.

You must specify which file-sharing protocol to use: SMB or AFP (Apple Filing Protocol). SMB is the default setting, so it is easy to use Windows file services to host home folders for Active Directory users who log in to a Mac OS X computer.

New in Mac OS X v10.5 is full support for SMB packet signing, a security feature designed to prevent man-in-the-middle attacks, which is required by default on Windows Server 2003 SP1 and later. Many Windows Server administrators require client computers to use this option, which makes it impossible for computers using earlier versions of Mac OS X to access their SMB share points without installing third-party SMB client software.

AFP offers some advantages over SMB as a file service protocol for Mac OS X client computers: It is faster, native to Mac OS X, supports Time Machine and network Spotlight searching, has better auto-reconnect, and handles a wider range of file names in a mixed environment. Unfortunately, Windows servers do not offer AFP by default.

Although Windows Server 2000 and Windows Server 2003 can offer AFP via Services for Macintosh (SFM), the SFM version of AFP is not current. For example, SFM supports only 31 characters in a file name, which causes a problem when Mac OS X uses a long file name, such as ~/Library/Preferences/ByHost/com.apple.iCal.helper.0017f3e00523.plist. SFM is not recommended for Mac OS X network home folders. If you must use your Windows server for network home directories, consider running a third-party AFP file service, such as GroupLogic’s ExtremeZ-IP, on your Windows server.

You can use a Mac OS X Server to host network home folders for Active Directory users, whether they log in to Mac OS X computers or Windows computers. You can use Mac OS X Server’s AFP service for users who log in to Mac OS X computers, and Mac OS X Server’s SMB service for users who log in to Windows computers. Discourage users from simultaneously logging in as the same user simultaneously on Mac OS X and Windows computers, because if they edit the same file over two different protocols simultaneously, this could corrupt the file.

For more information about offering file services from a Mac OS X Server, see Chapter 10 of Mac OS X Advanced System Administration v10.5.

Logging In with a Windows Home Folder

If you use Active Directory tools to define a network home folder (dsAttrTypeNative:SMBHome) for the user, as shown in the figure to the left, Mac OS X mounts the network volume that contains that Active Directory home folder. Unless you specify otherwise, by default the Active Directory plug-in creates a local home folder on the startup disk, so Mac OS X mounts the Windows home folder but does not use it as the user’s home folder.

The network folder appears in the Dock, but the volume does not appear on the user’s desktop by default. The default preference for the Finder in Mac OS X v10.5 is to not display mounted network volumes on the desktop. To change this in the Finder, select Finder > Preferences and select the checkbox for “Connected servers.”

The next figure illustrates what the standard desktop looks like for an Active Directory user who has an Active Directory home folder defined. The user opened Finder preferences and enabled “Connected servers” so that the Windows share point appears on the desktop. Note also that the user’s home folder is located on the startup disk, which is the default setting for the Active Directory plug-in.

The figure below shows the desktop of an Active Directory user who has a Windows home folder set (dsAttrTypeStandard:SMBHome) and logs in to a Mac OS X computer that does not have the “force local home directory on startup disk” option enabled in the User Experience pane of the Active Directory plug-in.

Some things to note:

  • The home folder is not on the startup disk.
  • This user did not enable the option to show connected volumes on the desktop, so the volume containing the network home folder does not appear on the desktop.
  • The user launched the Kerberos application to confirm that Mac OS X obtained a TGT, then the user closed the main window of the Kerberos application. The icon for the Kerberos application displays how much time is remaining (in hours and minutes) in the validity of the TGT. The usual TGT lifetime is 10 hours; after that time, the user can reauthenticate to renew the TGT.
  • The question mark in the user’s Dock represents the user’s Documents folder, which has not yet been created. If the network home folder was hosted on a Mac OS X Server file service, Mac OS X Server would create the set of standard folders.

Changing User and Group Mappings

By default, the Active Directory plug-in generates a dsAttrTypeStandard:UniqueID for an Active Directory user record based on that user’s GUID attribute. The calculated UniqueID is unique across the domain, yet consistent across every Mac OS X computer in the domain. Likewise, the Active Directory plug-in generates a unique integer for each Active Directory group record as well. If you have extended your Active Directory schema, you can use the Mappings pane to access the appropriate attributes from the Active Directory user and group records.

Be forewarned that if you change the mappings, users may lose access to files that they previously owned or could access.

The Mappings pane, shown below, allows you to change the mappings for the following:

  • UID—dsAttrTypeStandard:UniqueID
  • User GID—dsAttrTypeStandard:PrimaryGroupID
  • Group GID—dsAttrTypeStandard:PrimaryGroupID

If the Active Directory schema were extended with Microsoft’s Services for UNIX, the following would hold:

  • Map UID to msSFU-30-Uid-Number
  • Map both user GID and group GID to msSFU-30-Gid-Number

If the Active Directory schema were extended with RFC2307 or Apple object classes and attributes:

  • Map UID to uidNumber
  • Map both user GID and group GID to gidNumber

Exploring the “Administrative” Advanced Options Pane

The “Prefer this domain server” option shown in the figure below specifies a domain controller to use for the initial bind.

Use the “Allow administration by” option to enable any user of the Active Directory groups that you specify to be in the group of local administrators for this Mac OS X computer. This is useful if you create an Active Directory group and populate it with users who should have the authority to administer the Mac OS X computers in your organization.

When you add Active Directory to your search path, Directory Utility adds the node Active Directory/All Domains to your search path by default. If you want to restrict the authentication search path to use specific domains only in your forest, follow these steps:

  1. Deselect the option “Allow authentication from any domain in the forest,” then click OK to dismiss the Active Directory services pane.
  2. Click Search Policy in the toolbar of Directory Utility, and then click the Authentication tab.
  3. Select Active Directory/All Domains, click the Remove (-) button in the lower-left corner of the Directory Utility window, and then click OK at the confirmation dialog.
  4. Click the Add (+) button in the lower-left corner of the Directory Utility window. Directory Utility displays a list of the domains in your forest. Select the domains that you want to enable in your authentication search path and click Add, as shown in this figure:
  5. Click Apply to activate the change.

Creating the Computer Account in a Custom Location

Unless you specify otherwise, the Active Directory plug-in creates computer objects in CN=Computers with the domain that you specified to join. Depending on the configuration of your Domain Controller, this may not be correct. For example, some administrators have a special container (CN) for all Mac OS X computers, while others use organizational units (OU).

Follow the steps listed below to tell the Active Directory plug-in to add the computer to the container CN=MacComputers,DC=pretendco,DC=com. Rather than binding from the default pane in Directory Utility, you will bind from within the Active Directory services pane, which offers different binding options.

  1. Open Directory Utility. If necessary, click the lock in the lower-left corner and provide credentials for a local administrator. If necessary, click the Show Advanced Settings button in the lower-right corner of the Directory Utility window.
  2. If your Mac OS X computer is already bound to Active Directory, you must first unbind. See “Unbinding from Active Directory” for instructions.
  3. Click Services in the toolbar.
  4. Make sure the Active Directory service checkbox is selected.
  5. Select the Active Directory service.
  6. Click the Edit button in the lower-left corner of the Directory Utility window.

    If you are not already bound to Active Directory, Directory Utility displays the dialog shown in the figure below. If you are already bound, you must first unbind in order to change the location of your computer account.

  7. In the Active Directory Domain field, type the Active Directory domain.
  8. In the Computer ID field, type the name of the Active Directory computer object to use for this Mac OS X computer.
  9. Click Bind.

    Directory Utility displays the authentication and Computer OU dialog shown in this figure:

  10. In the Username field, type the name of an Active Directory administrator or the name of an Active Directory user who has authority to join a computer to the domain.
  11. In the Password field, type the password for the user you specified in step 10.
  12. In the Computer OU field, type the custom container in which to create the computer object for this Mac OS X computer to use.
  13. Click OK to start the bind process, and then click OK to dismiss the Active Directory services pane. Quit Directory Utility.

Binding to Active Directory with dsconfigad

The dsconfigad command is particularly useful for scripting the process of binding to Active Directory, and it offers a way to bind with custom settings in one step. This command has drawbacks, however: It does not enable the plug-in, nor does it add the Active Directory node to the search paths. You must also use the defaults and dscl commands to accomplish those tasks.

To bind a computer to Active Directory with dsconfigad, collect the following information for the following dsconfigad options:

  • -a—Name of Active Directory computer object to use
  • -domain—Fully Qualified Domain Name (FQDN) of Active Directory domain to join
  • -u—Name of an Active Directory user who is authorized to add this computer to the domain
  • -p—The password for the Active Directory user
  • -lu—Name of a local administrator
  • -lp—The password for the local administrator

The commands listed below enable the Active Directory plug-in, bind to Active Directory, and add the Active Directory node to the authentication and contacts search paths:

  1. Use the defaults command to modify the settings of the file /Library/Preferences/DirectoryService/DirectoryService.plist:
  2. Use dsconfigad to bind to Active Directory.
  3. For the authentication search path, use dscl to add 'Active Directory/All Domains' to the custom search path (CSPSearchPath), and set the authentication search path to use CSPSearchPath:
  4. For the contacts search path, use dscl to add 'Active Directory/All Domains' to the custom search path (CSPSearchPath), and set the contacts search path to use CSPSearchPath:
  5. Stop DirectoryService, which automatically starts up again with these new settings:
  6. Use dscl to confirm that the Active Directory node is in the search paths:
  7. Use id to confirm that Open Directory knows about an Active Directory user.

    In this example, the user aduser1 is an Active Directory user object. The -p option makes the output human readable:

    If you issue the id command after binding and the result is no such user, wait a few seconds and then try again.

Using Configuration Options Available Only with dsconfigad

dsconfigad offers much of the same functionality that Directory Utility offers: You can bind, unbind, set configuration options, and show the status of a bind. In addition, dsconfigad offers some functionality that Directory Utility does not offer, such as the following:

  • -packetsign <disable allow require>—This supports packet signing options for both SMB and LDAP. SMB signing is required by default on Windows Server 2003 SP1 and later. This caused much frustration with earlier versions of Mac OS X. The default is to allow packet signing, a new feature in Mac OS X v10.5.

  • -packetencrypt <disable allow require>—This supports packet encryption options for both SMB and LDAP. The default is to allow packet encryption, which is a new feature in Mac OS X v10.5.

  • -namespace <forest domain>—The forest option enables a user to log in even if there is another user account with an identical user name in the forest. Be forewarned that if you specify forest, the Active Directory plug-in calculates each Active Directory user’s local home folder as /Users/DOMAINusername instead of /Users/username. Toggling the namespace setting after Active Directory users have already logged in can cause confusion as Active Directory users perceive the contents of their home folder to be missing. The default is domain.

  • -passinterval <days>—This specifies how often Mac OS X changes the Active Directory computer object password, measured in days. It is common for Active Directory administrators to use Active Directory tools to look for computers that have not recently changed their passwords. The default is for Mac OS X to change its computer object password every 14 days.

Providing Managed Preferences to Active Directory Users

Using Active Directory Group Policy Objects is the traditional method for managing users, groups, and computers, but Mac OS X is not compatible with Group Policy Objects. If you want to apply Managed Preferences to Mac OS X users, you could do any of the following:

  • Augment Active Directory with an Open Directory server, and then make Active Directory users members of Open Directory groups to which you apply Managed Preferences. See “Using Workgroup Manager to Provide Managed Preferences in the Magic Triangle Configuration,” in Chapter 8, for instructions.
  • Use third-party software such as Thursby ADmitMac, Centrify DirectControl, or other similar user management utilities.
  • Extend your Active Directory schema to handle Apple-specific object classes and attributes, and then use Workgroup Manager to manage preferences for objects in the Active Directory domain. See Appendix B.

Related Resources

  • Book $55.99
  • eBook (Watermarked) $55.99
  • Web Edition $55.99
-->

We regularly update the Remote Desktop client for macOS, adding new features and fixing issues. Viber for mac os x 10.6 8 mac os x 10 6 8 to el capitan. Here's where you'll find the latest updates.

If you encounter any issues, you can always contact us by navigating to Help > Report an Issue.

Updates for version 10.3.9

Date published: 4/6/20

In this release we've made some changes to improve interoperability with the Windows Virtual Desktop service. In addition, we've included the following updates:

  • Control+Option+Delete now triggers the Ctrl+Alt+Del sequence (previously required pressing the Fn key).
  • Fixed the keyboard mode notification color scheme for Light mode.
  • Addressed scenarios where connections initiated using the GatewayAccessToken RDP file property didn't work.

Note

This is the last release that will be compatible with macOS 10.12.

Updates for version 10.3.8

Date published: 2/12/20

It's time for our first release of 2020!

With this update, you can switch between Scancode (Ctrl+Command+K) and Unicode (Ctrl+Command+U) modes when entering keyboard input. Unicode mode allows extended characters to be typed using the Option key on a Mac keyboard. For example, on a US Mac keyboard, Option+2 will enter the trademark (™) symbol. You can also enter accented characters in Unicode mode. For example, on a US Mac keyboard, entering Option+E and the 'A' key at the same time will enter the character 'á' on your remote session.

Other updates in this release include:

  • Cleaned up the workspace refresh experience and UI.
  • Addressed a smart card redirection issue that caused the remote session to stop responding at the sign-in screen when the 'Checking Status' message appeared.
  • Reduced time to create temporary files used for clipboard-based file copy and paste.
  • Temporary files used for clipboard file copy and paste are now deleted automatically when you exit the app, instead of relying on macOS to delete them.
  • PC bookmark actions are now rendered at the top-right corner of thumbnails.
  • Made fixes to address issues reported through crash telemetry.

Updates for version 10.3.7

Date published: 1/6/20

In our final update of the year, we fine-tuned some code and fixed the following behaviors:

  • Copying things from the remote session to a network share or USB drive no longer creates empty files.
  • Specifying an empty password in a user account no longer causes a double certificate prompt.

Updates for version 10.3.6

Date published: 1/6/20

In this release, we addressed an issue that created zero-length files whenever you copied a folder from the remote session to the local machine using file copy and paste.

Updates for version 10.3.5

Date published: 1/6/20

We made this update with the help of everyone who reported issues. In this version, we've made the following changes:

  • Redirected folders can now be marked as read-only to prevent their contents from being changed in the remote session.
  • We addressed a 0x607 error that appeared when connecting using RPC over HTTPS RD Gateway scenarios.
  • Fixed cases where users were double-prompted for credentials.
  • Fixed cases where users received the certificate warning prompt twice.
  • Added heuristics to improve trackpad-based scrolling.
  • The client no longer shows the 'Saved Desktops' group if there are no user-created groups.
  • Updated UI for the tiles in PC view.
  • Fixes to address crashes sent to us via application telemetry.

Note

In this release, we now accept feedback for the Mac client only through UserVoice.

Updates for version 10.3.4

Date published: 11/18/19

We've been hard at work listening to your feedback and have put together a collection of bug fixes and feature updates.

  • When connecting via an RD Gateway with multifactor authentication, the gateway connection will be held open to avoid multiple MFA prompts.
  • All the client UI is now fully keyboard-accessible with Voiceover support.
  • Files copied to the clipboard in the remote session are now only transferred when pasting to the local computer.
  • URLs copied to the clipboard in the remote session now paste correctly to the local computer.
  • Scale factor remoting to support Retina displays is now available for multimonitor scenarios.
  • Addressed a compatibility issue with FreeRDP-based RD servers that was causing connectivity issues in redirection scenarios.
  • Addressed smart card redirection compatibility with future releases of Windows 10.
  • Addressed an issue specific to macOS 10.15 where the incorrect available space was reported for redirected folders.
  • Published PC connections are represented with a new icon in the Workspaces tab.
  • 'Feeds' are now called 'Workspaces,' and 'Desktops' are now called 'PCs.'
  • Fixed inconsistencies and bugs in user account handling in the preferences UI.
  • Lots of bug fixes to make things run smoother and more reliably.

Updates for version 10.3.3

Date published: 11/18/19

We've put together a feature update and fixed bugs for the 10.3.3 release.

First, we've added user defaults to disable smart card, clipboard, microphone, camera, and folder redirection:

  • ClientSettings.DisableSmartcardRedirection
  • ClientSettings.DisableClipboardRedirection
  • ClientSettings.DisableMicrophoneRedirection
  • ClientSettings.DisableCameraRedirection
  • ClientSettings.DisableFolderRedirection

Next, the bug fixes:

  • Resolved an issue that was causing programmatic session window resizes to not be detected.
  • Fixed an issue where the session window contents appeared small when connecting in windowed mode (with dynamic display enabled).
  • Addressed initial flicker that occurred when connecting to a session in windowed mode with dynamic display enabled.
  • Fixed graphics mispaints that occurred when connected to Windows 7 after toggling fit-to-window with dynamic display enabled.
  • Fixed a bug that caused an incorrect device name to be sent to the remote session (breaking licensing in some third-party apps).
  • Resolved an issue where remote app windows would occupy an entire monitor when maximized.
  • Addressed an issue where the access permissions UI appeared underneath local windows.
  • Cleaned up some shutdown code to ensure the client closes more reliably.

Updates for version 10.3.2

Date published: 11/18/19

In this release, we fixed a bug that made the display low resolution while connecting to a session

Updates for version 10.3.1

Date published: 11/18/19

We've put together some fixes to address regressions that managed to sneak into the 10.3.0 release.

  • Addressed connectivity issues with RD Gateway servers that were using 4096-bit asymmetric keys.
  • Fixed a bug that caused the client to randomly stop responding when downloading feed resources.
  • Fixed a bug that caused the client to crash while opening.
  • Fixed a bug that caused the client to crash while importing connections from Remote Desktop, version 8.

Updates for version 10.3.0

Date published: 8/27/19

It's been a few weeks since we last updated, but we've been hard at work during that time. Version 10.3.0 brings some new features and lots of under-the-hood fixes.

  • Camera redirection is now possible when connecting to Windows 10 1809, Windows Server 2019 and later.
  • On Mojave and Catalina we've added a new dialog that requests your permission to use the microphone and camera for device redirection.
  • The feed subscription flow has been rewritten to be simpler and faster.
  • Clipboard redirection now includes the Rich Text Format (RTF).
  • When entering your password you have the option to reveal it with a 'Show password' checkbox.
  • Addressed scenarios where the session window was jumping between monitors.
  • The Connection Center displays high resolution remote app icons (when available).
  • Cmd+A maps to Ctrl+A when Mac clipboard shortcuts are being used.
  • Cmd+R now refreshes all of your subscribed feeds.
  • Added new secondary click options to expand or collapse all groups or feeds in the Connection Center.
  • Added a new secondary click option to change the icon size in the Feeds tab of the Connection Center.
  • A new, simplified, and clean app icon.

Updates for version 10.2.13

Date published: 5/8/2019

  • Fixed a hang that occurred when connecting via an RD Gateway.
  • Added a privacy notice to the 'Add Feed' dialog.

Updates for version 10.2.12

Date published: 4/16/2019

  • Resolved random disconnects (with error code 0x904) that took place when connecting via an RD Gateway.
  • Fixed a bug that caused the resolutions list in application preferences to be empty after installation.
  • Fixed a bug that caused the client to crash if certain resolutions were added to the resolutions list.
  • Addressed an ADAL authentication prompt loop when connecting to Windows Virtual Desktop deployments.

Updates for version 10.2.10

Date published: 3/30/2019

  • In this release we addressed instability caused by the recent macOS 10.14.4 update. We also fixed mispaints that appeared when decoding AVC codec data encoded by a server using NVIDIA hardware.

Updates for version 10.2.9

Date published: 3/6/2019

  • In this release we fixed an RD gateway connectivity issue that can occur when server redirection takes place.
  • We also addressed an RD gateway regression caused by the 10.2.8 update.

Updates for version 10.2.8

Date published: 3/1/2019

  • Resolved connectivity issues that surfaced when using an RD Gateway.
  • Fixed incorrect certificate warnings that were displayed when connecting.
  • Addressed some cases where the menu bar and dock would needlessly hide when launching remote apps.
  • Reworked the clipboard redirection code to address crashes and hangs that have been plaguing some users.
  • Fixed a bug that caused the Connection Center to needlessly scroll when launching a connection.

Updates for version 10.2.7

Date published: 2/6/2019

  • In this release we addressed graphics mispaints (caused by a server encoding bug) that appeared when using AVC444 mode.

Updates for version 10.2.6

Date published: 1/28/2019

  • Added support for the AVC (420 and 444) codec, available when connecting to current versions of Windows 10.
  • In Fit to Window mode, a window refresh now occurs immediately after a resize to ensure that content is rendered at the correct interpolation level.
  • Fixed a layout bug that caused feed headers to overlap for some users.
  • Cleaned up the Application Preferences UI.
  • Polished the Add/Edit Desktop UI.
  • Made lots of fit and finish adjustments to the Connection Center tile and list views for desktops and feeds.

Note

There is a bug in macOS 10.14.0 and 10.14.1 that can cause the '.com.microsoft.rdc.application-data_SUPPORT/_EXTERNAL_DATA' folder (nested deep inside the ~/Library folder) to consume a large amount of disk space. To resolve this issue, delete the folder content and upgrade to macOS 10.14.2. Note that a side-effect of deleting the folder contents is that snapshot images assigned to bookmarks will be deleted. These images will be regenerated when reconnecting to the remote PC.

Updates for version 10.2.4

Date published: 12/18/2018

  • Added dark mode support for macOS Mojave 10.14.
  • An option to import from Microsoft Remote Desktop 8 now appears in the Connection Center if it is empty.
  • Addressed folder redirection compatibility with some third-party enterprise applications.
  • Resolved issues where users were getting a 0x30000069 Remote Desktop Gateway error due to security protocol fallback issues.
  • Fixed progressive rendering issues some users were experiencing with fit to window mode.
  • Fixed a bug that prevented file copy and paste from copying the latest version of a file.
  • Improved mouse-based scrolling for small scroll deltas.

Updates for version 10.2.3

Date published: 11/06/2018

  • Added support for the 'remoteapplicationcmdline' RDP file setting for remote app scenarios.
  • The title of the session window now includes the name of the RDP file (and server name) when launched from an RDP file.
  • Fixed reported RD gateway performance issues.
  • Fixed reported RD gateway crashes.
  • Fixed issues where the connection would hang when connecting through an RD gateway.
  • Better handling of full-screen remote apps by intelligently hiding the menu bar and dock.
  • Fixed scenarios where remote apps remained hidden after being launched.
  • Addressed slow rendering updates when using 'Fit to Window' with hardware acceleration disabled.
  • Handled database creation errors caused by incorrect permissions when the client starts up.
  • Fixed an issue where the client was consistently crashing at launch and not starting for some users.
  • Fixed a scenario where connections were incorrectly imported as full-screen from Remote Desktop 8.

Updates for version 10.2.2

Date published: 10/09/2018

  • A brand new Connection Center that supports drag and drop, manual arrangement of desktops, resizable columns in list view mode, column-based sorting, and simpler group management.
  • The Connection Center now remembers the last active pivot (Desktops or Feeds) when closing the app.
  • The credential prompting UI and flows have been overhauled.
  • RD Gateway feedback is now part of the connecting status UI.
  • Settings import from the version 8 client has been improved.
  • RDP files pointing to RemoteApp endpoints can now be imported into the Connection Center.
  • Retina display optimizations for single monitor Remote Desktop scenarios.
  • Support for specifying the graphics interpolation level (which affects blurriness) when not using Retina optimizations.
  • 256-color support to enable connectivity to Windows 2000.
  • Fixed clipping of the right and bottom edges of the screen when connecting to Windows 7, Windows Server 2008 R2 and earlier.
  • Copying a local file into Outlook (running in a remote session) now adds the file as an attachment.
  • Fixed an issue that was slowing down pasteboard-based file transfers if the files originated from a network share.
  • Addressed a bug that was causing to Excel (running in a remote session) to hang when saving to a file on a redirected folder.
  • Fixed an issue that was causing no free space to be reported for redirected folders.
  • Fixed a bug that caused thumbnails to consume too much disk storage on macOS 10.14.
  • Added support for enforcing RD Gateway device redirection policies.
  • Fixed an issue that prevented session windows from closing when disconnecting from a connection using RD Gateway.
  • If Network Level Authentication (NLA) is not enforced by the server, you will now be routed to the login screen if your password has expired.
  • Fixed performance issues that surfaced when lots of data was being transferred over the network.
  • Smart card redirection fixes.
  • Support for all possible values of the 'EnableCredSspSupport' and 'Authentication Level' RDP file settings if the ClientSettings.EnforceCredSSPSupport user default key (in the com.microsoft.rdc.macos domain) is set to 0.
  • Support for the 'Prompt for Credentials on Client' RDP file setting when NLA is not negotiated.
  • Support for smart card-based login via smart card redirection at the Winlogon prompt when NLA is not negotiated.
  • Fixed an issue that prevented downloading feed resources that have spaces in the URL.

Updates for version 10.2.1

Date published: 08/06/2018

  • Enabled connectivity to Azure Active Directory (AAD) joined PCs. To connect to an AAD joined PC, your username must be in one of the following formats: 'AzureADuser' or 'AzureADuser@domain'.
  • Addressed some bugs affecting the usage of smart cards in a remote session.

Updates for version 10.2.0

Date published: 07/24/2018

  • Incorporated updates for GDPR compliance.
  • MicrosoftAccountusername@domain is now accepted as a valid username.
  • Clipboard sharing has been rewritten to be faster and support more formats.
  • Copy and pasting text, images or files between sessions now bypasses the local machine's clipboard.
  • You can now connect via an RD Gateway server with an untrusted certificate (if you accept the warning prompts).
  • Metal hardware acceleration is now used (where supported) to speed up rendering and optimize battery usage.
  • When using Metal hardware acceleration we try to work some magic to make the session graphics appear sharper.
  • Got rid of some instances where windows would hang around after being closed.
  • Fixed bugs that were preventing the launch of RemoteApp programs in some scenarios.
  • Fixed an RD Gateway channel synchronization error that was resulting in 0x204 errors.
  • The mouse cursor shape now updates correctly when moving out of a session or RemoteApp window.
  • Fixed a folder redirection bug that was causing data loss when copy and pasting folders.
  • Fixed a folder redirection issue that caused incorrect reporting of folder sizes.
  • Fixed a regression that was preventing logging into an AAD-joined machine using a local account.
  • Fixed bugs that were causing the session window contents to be clipped.
  • Added support for RD endpoint certificates that contain elliptic-curve asymmetric keys.
  • Fixed a bug that was preventing the download of managed resources in some scenarios.
  • Addressed a clipping issue with the pinned connection center.
  • Fixed the checkboxes in the Display tab of the Add a Desktop window to work better together.
  • Aspect ratio locking is now disabled when dynamic display change is in effect.
  • Addressed compatibility issues with F5 infrastructure.
  • Updated handling of blank passwords to ensure the correct messages are shown at connect-time.
  • Fixed mouse scrolling compatibility issues with MapInfra Pro.
  • Fixed some alignment issues in the Connection Center when running on Mojave.

Updates for version 10.1.8

Date published: 05/04/2018

  • Added support for changing the remote resolution by resizing the session window!
  • Fixed scenarios where remote resource feed download would take an excessively long time.
  • Resolved the 0x207 error that could occur when connecting to servers not patched with the CredSSP encryption oracle remediation update (CVE-2018-0886).

Updates for version 10.1.7

Date published: 04/05/2018

  • Made security fixes to incorporate CredSSP encryption oracle remediation updates as described in CVE-2018-0886.
  • Improved RemoteApp icon and mouse cursor rendering to address reported mispaints.
  • Addressed issues where RemoteApp windows appeared behind the Connection Center.
  • Fixed a problem that occurred when you edit local resources after importing from Remote Desktop 8.
  • You can now start a connection by pressing ENTER on a desktop tile.
  • When you're in full screen view, CMD+M now correctly maps to WIN+M.
  • The Connection Center, Preferences, and About windows now respond to CMD+M.
  • You can now start discovering feeds by pressing ENTER on the **Adding Remote Resources*- page.
  • Fixed an issue where a new remote resources feed showed up empty in the Connection Center until after you refreshed.

Updates for version 10.1.6

Sip Client Mac Os X

Date published: 03/26/2018

Active Client Install

  • Fixed an issue where RemoteApp windows would reorder themselves.
  • Resolved a bug that caused some RemoteApp windows to get stuck behind their parent window.
  • Addressed a mouse pointer offset issue that affected some RemoteApp programs.
  • Fixed an issue where starting a new connection gave focus to an existing session, instead of opening a new session window.
  • We fixed an error with an error message - you'll see the correct message now if we can't find your gateway.
  • The Quit shortcut (⌘ + Q) is now consistently shown in the UI.
  • Improved the image quality when stretching in 'fit to window' mode.
  • Fixed a regression that caused multiple instances of the home folder to show up in the remote session.
  • Updated the default icon for desktop tiles.