Skip to main content

RDP Configurations

Motadata ServiceOps allows you to configure and record RDP sessions. Before configuration, install the RDP Server from the backend. Once configured, install the necessary RDP Agent on the target machine. For more details, refer to the Agent Installation Guide.

To view the RDP Configurations page, navigate to Admin > Asset Management > RDP Configurations.

RDP

The page displays four tabs:

  • RDP Configuration: Configure RDP sessions.
  • RDP Permission: Grant department heads remote access to machines within their department.
  • User Confirmation Settings: Configure settings for user confirmation during RDP sessions.
  • Recorded RDP Sessions: View and download recorded RDP sessions.

RDP Configuration

To establish an RDP connection, first install the RDP Server, then configure the following fields:

Config Type - RDP

  • Enable RDP: Enable Remote Desktop functionality. If enabled, the following parameters become available for configuration.

  • Enable Video Recording: Enable video recording for remote sessions.

  • Show Remote Session Indicator: Enable to view the remote session indicator (enabled by default).

  • Refresh Cycle: Enter the time in minutes after which the remote desktop display refreshes and updates are displayed.

  • Connection Type: Select the connection type for the RDP server.

    • Local: If both the ServiceOps Server and the RDP Server are installed on the same PC, enter the Username and Password of the RDP server.

    • Remote: If both are on different machines and an RDP session needs to be established, select Remote and provide the following additional details.

      • Server FQDN: Enter the Fully Qualified Domain Name (FQDN) of the RDP server.
      • Server IP Address: Enter the IP Address of the RDP server.
      • SSH Port: Enter the SSH communication port number (e.g., 22).
      • Username: Enter the username of the RDP server.
      • Authentication Type: Select the authentication type as Password or SSH Key.
        • Password: Enter the password of the RDP server.
        • SSH Key: Enter the SSH Key of the RDP server if hosted in a cloud environment.

Once all configurations are complete, click Update. Click Reload Certificate whenever the FQDN is modified.

Now, install the RDP agent on the target machine, then establish the RDP session.

note
  • The RDP session will last for a maximum of 90 minutes.
  • The Auto-Upgrade feature does not support Combined Agents (Discovery + RDP). To auto-upgrade Discovery and RDP agents, upload them separately.

RDP Permission

Here, you can allow department heads to take RDP access only for machines within their department. By default, this is disabled.

note

This tab is available only if RDP functionality is enabled and configured.

User Confirmation Settings

The User Confirmation Settings tab provides administrators with enhanced control over RDP session behavior in ServiceOps. Traditionally, RDP confirmation prompts were uniformly enforced across all assets. This enhancement allows admins to define confirmation exceptions, enabling RDP sessions to bypass user confirmation for selected, less-sensitive assets. This feature helps maintain strict controls on critical systems while improving operational efficiency on trusted endpoints.

This feature is available for both On-Premises and SaaS deployments with valid Asset and RDP module licenses.

To view the User Confirmation Settings, navigate to Admin > Asset Management > RDP Configurations > User Confirmation Settings tab. The following screen will then appear.

It contains the following components:

  • Ask user before taking RDP session?: Enables or disables the global confirmation prompt for all RDP sessions. When switching this setting, a warning message is displayed with an option to clear the current exclusion list.
    • Excluded assets will automatically follow the new global behavior in reverse if the list is not cleared.
  • Ask Technician to Enter Reason Before Remote Access?: Enables or disables the prompt for technicians to provide a reason before initiating an RDP session. This helps maintain accountability and ensures users are informed about the purpose of remote access. When enabled, technicians will see a mandatory prompt to enter a reason each time they initiate a remote session from the Hardware Asset Details page. Once submitted, the reason is shown to the end-user in the confirmation dialog before access is granted. Additionally, it is recorded in the RDP history and reports for audit and compliance purposes.
note

Viewing Reason Message after Upgrade to v8.7.0

If you're upgrading your server to v8.7.0, follow these steps to configure and view the Reason message in the consent prompt:

  1. Login to the terminal server as the root user.

  2. Navigate to the directory:

    /opt/meshcentral/meshcentral-data/

  3. Open the config.json file for editing. The structure will look similar to the example below.

  1. In the Consent Messages section, add the following parameter to the message body:

    \n\nReason : {2}

  1. Save the config.json file.

  2. Restart the meshcentral service using the following command:

    systemctl restart meshcentral.service

This ensures that the reason for the remote connection is clearly displayed to the user.

  • Excluded Assets: Allows admins to configure specific assets where the global confirmation behavior should be reversed. For example:

  • If "Ask user before taking RDP session?" is set to Yes, excluded assets will not prompt for confirmation.

  • If set to No, excluded assets will prompt for confirmation.

Assets can be added to the exclusion list using the Add Assets link. Only RDP-enabled assets are available for selection, and multiple assets can be added or removed at once.

Once assets are added, they will appear in the exclusion grid. All configuration changes are tracked via audit logs, and updates apply only to new sessions (not active ones).

Recorded RDP Sessions

Recorded RDP Sessions

The consolidated list of all the recordings are available here. These can be used for reference at a later stage.

note
  • The sessions are recorded only if the setting is enabled from the RDP Configuration tab.
  • Records are available for RDP config types.

Recorded RDP Sessions

Also, you can do the following:

  • Refresh: Refresh the list to get the latest records.
  • Download: Download the required recording for later usage.
  • Play: Play the recording to verify anything. Once clicked, the player will ask you to open the file to play. Here, select the downloaded file.

Recorded RDP Sessions

Once the file is opened, its details will appear as shown below. You can now play the recording by clicking the Play button.

Recorded RDP Sessions

  • Delete: Delete the recording if no longer required.

Frequently Asked Questions

What is the use of Reload Session & Reload Certificate?

A: The use of the below options are:

  • Reload Certificate: Used when the RDP server certificate is updated; the RDP Agent must be re-bound to the new certificate.
  • Reload Session: Helps manage concurrent RDP sessions when license details are updated in ServiceOps and Mesh Central.
When should the RDP configuration be done?

A: Once the RDP server is successfully installed and the necessary changes are made, you can configure RDP settings from the UI.

Does RDP support concurrent sessions?

A: Yes, but there are limitations on concurrent RDP sessions based on the purchased license.