We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Remote Desktop Alt+Tab

Abdul Raheem
Abdul Raheem asked
on
High Priority
67 Views
Last Modified: 2020-05-19
Alt+Tab not working in windows Remote desktop. How to resolve it?
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Use Alt+Ins
You won't get the graphical selection view in the middle of the screen, but the applications will be put into the foreground one after the other.
CERTIFIED EXPERT

Commented:
You could use the following:
Alt + PageUp
or
Alt + PageDown

This will cycle through the open applications.
Keep holding the Alt after pressing PageUp or PageDown will keep the window with applications open which you can select with the mouse.

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Are you in full screen mode?

Author

Commented:
In full screen mode. Using Windows server 2012 RDS publishing remote desktop. Also Local Resources>Keyboard settings options. No Luck.
 
CERTIFIED EXPERT

Commented:
The functionality is described here.
https://docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-shortcut-keys
They also mention the ALT+TAB mapping to ALT+PAGE UP and Local Resources, Apply Windows key combinations

Does the Windows key work, and if yes, on which computer is the menu opened ?
Is this a direct RDP session from a physical computer or do you maybe work with a nested RDP session ?
You could try "Shift + Alt + PageUp"

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Zalazar's comment does it not work for you?
Do you use another keyboard layout , language that may alter the key combinations.

Author

Commented:
not working. Tried all ALT+Pageup or ALT+Pagedown or Shift+Alt+Pageup or ALT+Ins.
I am connecting to the jump box via rd web and the taking remote of the machine. Pressing windows key , opening in local pc.

Author

Commented:
The same is working from the Microsoft Remote desktop App from app store. But that cannot be used in RDS rdweb. 
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You are double passing which seems to be your issue
Workstation => jump box => RDP final session
=> RDP sessions?

Look at VPN as an access mechanism
So you have ==> RDP final session with ==> RDP via VPN

Author

Commented:
it is Workstation==>vpn==>jumb box==> RDP final session
CERTIFIED EXPERT

Commented:
If you would set "Local Resources", "Apply Windows key combinations" to "On the remote computer"
Is the Windows key then still opening the menu on the local computer ?

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Are you using RDP to jumpbox.
What do you need with alt tab, where looking at the task bar will not do?

CERTIFIED EXPERT

Commented:
Can you try to make sure that the .RDP file that will be run from your "RD Web Access" session to access the remote server, contains the following.
keyboardhook:i:1
This will set "Apply Windows key combinations" to "On the remote computer"

Author

Commented:
Are you using RDP to jumpbox.
Yes
What do you need with alt tab,
Toggling between applications
 where looking at the task bar will not do?
I dont understand your question

Author

Commented:
@Zalazar
Not available. It has only below.
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:0
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:0
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:
alternate shell:s:||mstsc
remoteapplicationprogram:s:||mstsc
remoteapplicationname:s:Remote Desktop Connection
remoteapplicationcmdline:s:
workspace id:
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.
alternate full address:
signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource,PromptCredentialOnce,Alternate Shell,RemoteApplicationProgram,RemoteApplicationMode,RemoteApplicationName,RemoteApplicationCmdLine,RedirectDrives,RedirectPrinters,RedirectCOMPorts,RedirectSmartCards,RedirectClipboard,DevicesToRedirect,DrivesToRedirect,LoadBalanceInfo
signature:s:
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Usually a jumpbox is an exposed directly to the outside using MFA to gain access.
If you have a VPn connection, why are you not going directly to the end system?
Not sure you can  map different key combos to pass through....

Author

Commented:
To avoid , direct RDP to the end system. I have the jump box. It is not advisable to go directly.

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not advisable, By whom?
The not advisable commonly is exposing multiple systems to the outside.
1) is the RDP accessible to the VPN Conncted system?
Do not attach local drives to the RDP session if that is the concern.

Author

Commented:
by me.
Jumpbox is on a DMZ.
Do you have the solution or not?

CERTIFIED EXPERT

Commented:
Thanks.
If you would open a registry editor (regedit) and then go to:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms]
Then browse to your Collection name, Applications or RemoteDesktops and try to find the icon you click.
There should be a registry entry named: RDPFileContents
This contains all the RDP options.
Can you copy the line and paste it to a notepad and verify that it contains the same options as posted.
Important: You can not edit the line directly as it contains new line characters and binary data so it's not possible to simply add the proposed parameter at the end of the line.

In addition: The RDP file is also signed so editing is more difficult.
And I can't find the setting in the "Session Collection" parameters where you normally define these RDP parameters.

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Does your VPN policy restrict your access to the DMZed system only?
You are looking to remap a key-combos on a keyboard connected to the workstation, passed to the jump box and then translated to the end system as alt-page up/down.

Consider the following question, does the office manager check in with the sevurity guard at the front entrance after entering through the employee entrance and before going to their office?


CERTIFIED EXPERT

Commented:
It's possible to specify custom properties on the Session Collection.
https://docs.microsoft.com/en-us/powershell/module/remotedesktop/set-rdsessioncollectionconfiguration?view=win10-ps
-CustomRdpProperty
Specifies Remote Desktop Protocol (RDP) settings to include in the .rdp files for all Windows Server 2012 RemoteApp programs and remote desktops published in this collection.

Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty "keyboardhook:i:1"

Before setting it you could first check if the parameter already contains a value via:
Get-RDSessionCollectionConfiguration -CollectionName QuickSessionCollection | Select -ExpandProperty CustomRdpProperty

Author

Commented:
@zalazar
Is keyboardhook:i:1 alone sufficient for lt+tab? I have added this via poweshell as you mentioned. But still no luck.

Author

Commented:
One good news is Ithat I am able to do ALT+TAB by connecting to Jump box using the below RDP file and from there remote to end system. ALT+TAB is working fine.But if I go with RDS rdweb remote only it is not working.

screen mode id:i:2
use multimon:i:0
desktopwidth:i:1366
desktopheight:i:768
session bpp:i:32
winposstr:s:0,1,12,45,1366,728
compression:i:1
keyboardhook:i:1
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:...
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:0
gatewaybrokeringtype:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
drivestoredirect:s:


Author

Commented:
Registry content

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\Server\Applications\mstsc]
"Name"="Remote Desktop Connection"
"SecurityDescriptor"=""
"Path"="C:\\Windows\\system32\\mstsc.exe"
"VPath"="%SYSTEMDRIVE%\\Windows\\system32\\mstsc.exe"
"CommandLineSetting"=dword:00000000
"RequiredCommandLine"=""
"ShowInPortal"=dword:00000001
"Folders"=hex(7):2f,00,00,00,00,00
"RDPFileContents"="redirectclipboard:i:0

redirectprinters:i:1

redirectcomports:i:0

redirectsmartcards:i:1

devicestoredirect:s:*

drivestoredirect:s:

session bpp:i:32

prompt for credentials on client:i:1

span monitors:i:1

use multimon:i:1

remoteapplicationmode:i:1

server port:i:3389

allow font smoothing:i:1

promptcredentialonce:i:0

videoplaybackmode:i:1

audiocapturemode:i:1

gatewayusagemethod:i:0

gatewayprofileusagemethod:i:1

gatewaycredentialssource:i:0

full address:s:

alternate shell:s:||mstsc

remoteapplicationprogram:s:||mstsc

remoteapplicationname:s:Remote Desktop Connection

remoteapplicationcmdline:s:

screen mode id:i:2

workspace id:s:....

use redirection server name:i:1

loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1......

alternate full address:s:...

signscope:s:Full Address,Alternate Full Address,Use Redirection Server Name,Server Port,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource,PromptCredentialOnce,Alternate Shell,RemoteApplicationProgram,RemoteApplicationMode,RemoteApplicationName,RemoteApplicationCmdLine,RedirectPrinters,RedirectCOMPorts,RedirectSmartCards,RedirectClipboard,DevicesToRedirect,DrivesToRedirect,LoadBalanceInfo

signature:s:AQABAAEAAAD4EAAAMIIQ9AYJKoZIhvcNAQcCoIIQ5TCCEOECAQExCzAJBgUrDgMC  0dHA6Ly9jZXJ0cy5n
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What you are trying to achieve is
Key-combo on workstation
Through RDP session
The key-combo has to be ignored, and passed on
Through second RDP session
Interpreted as alt-tab
The issue is whether you when you establish the first RDP you declare/define a session key map translation
Establish the second RDP and do the same to handle the keystrokes being passed from the original key board.
If you make registry changes, you will run into issues when there are internal direct access to the RDP.

Author

Commented:
I dont understand.

Establish the second RDP and do the same to handle the keystrokes being passed from the original key board.

Author

Commented:
Is it possible to use the same commands in second RDP with session key mappping?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Keystrokes are received and interpreted on a session by session basis.
The RDP session to the jumpbox is effectively have to pass the keystrokes from the keyboard on the workstation amd not interpret it,
I.e. If you establish an RDP session to the jumpbox.
You the. Establish an RDP session from tHe jumpbox To the end system.
When you hit ctrl-alt-end is seen by the jumpbox and acted accordingly by presenting the options on the jumpbox RDP
You are trying to pass a key-combo from the workstation all the way through the two RDP sessions and have the last system act on that key combo.

There is a powershell cmdlet taht deals with setting session parameters.

My prior statement dealing with the existence of the VPN connection which effectively places the workstation wihtin the most secure  limit.
Having passed the security barrier, going through seemingly unnecessary step of going through a jump box to then RDP again to the final destination.

The same way you are trying to translate the keystrokes through RDP session from the workstation through the jumpbox to the end system, you can translate and attach the local harddrive and resources through the RDP session to the jumpbox to the end system via that RDP session.

Registry changes are commonly permanent..

Author

Commented:
Is there a resolution?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What is the issue with direct access once the vpn is setup?

Is the jumbos runs as RDS? Does the end system res? Or remote administration ?

Author

Commented:
No resolution provided
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
An approach you refuse to use is not the same as no resolution. You are requiring a specific option.
and the only way to achieve what you want is to handle keystroke remaping through each RDP session.

https://www.nextofwindows.com/how-to-use-the-same-win-key-combinations-on-remote-desktop

note you need to try to pass this from workstaion to jump box and then from the jumpbox to the end system


Author

Commented:
@Arnold. Have some wide thinking when you look at a problem.
I already conveyed that I am able to achieve Alt+Tab successfully via RDP to Jumpb box and then the end machine. Only when I go via RDWEB , the problem arises. Now tell me the reason. 
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Note the last link to see whether you can use the options displayed where you would setup the respective connection, potentially when full screen mode is used, that the keystrokes from the workstations will pass through the intermediate RDP session, to the end session.

I am uncertain I understand the circumstances that your setup is making you so rigid.

A jumpbox is a system with an MFA that is Internet facing. Once accessed provides access to other internal systems.

A VPN with or without an X-user and an MFA is providing access to the Office LAN.

You are insisting even though you are already on the LAN to use the JUMPBOX which is situated in a more restrictive zone that the system on which your keyboard/screen interface is.

I can not understand the scenario under which conditions you are envisioning a one to one access.
Anything you can attach directly, you can pass through the jumpbox
A GPO can restrict what resources can be attached to the individual server on LAN as applied to the JUMPBOX if any. I.e. You are currently applying a GPO to the JUMOBOX to deny users attachment of local DRIVES, printers, etc.
This same restriction can be imposed on all servers.

Are you familiar with ssh tunnels?

what it seems from here.
1) you have a highly secured environment
2) you have a secure number which you can use to call for the outside and then connect, make other choices to contact different individuals.
3) the phone system was upgraded such that it made it possible for your phine to register with the phine system after an establishment of a VPN connection.
4) even with your phone being directly connected to the phone system you are still insisting on calling the external number through which you dial other people.

This is what I do not understand.

Author

Commented:
There is no need of a VPN to have access to entire LAN. It can be restricted only to the jump box. There is no rule to have a jump box to face the internet directly. A jump box can be accessed via a secure VPN. You are keep on deviating from my question. 
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I am trying to get a picture of the environment.

In your setup, VPN required to access a jumpbox from which other things are accessiblle.

Over the VPN are you connecting to the jump box in full screen mode, or used the option as illustrated in the link while not connecting the RDP session in full screen mode?
The RDP session from the jumpbox to the end system, which mode of the options are you using, full screen mode to try and see whether that will create a passthrough of the keystrokes from the workstation to the final destination system?

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Does the jumpbox agave ssh server options?
Ssh tunnel through the jumpbox to the final destination?
CERTIFIED EXPERT
Commented:
I did do a few tests. Instead of setting Apply Windows key combinations to "On the remote computer" you could try to set it to "On this computer". In my test setup this works.
Set-RDSessionCollectionConfiguration –CollectionName Server -CustomRdpProperty "keyboardhook:i:0"

Open in new window

It could be that it's because the mstsc.exe process is running on the jumpserver.
Only when you posted the "RDPFileContents" contents the "keyboardhook:i:1" was not displayed so I'm not sure it's processed.
As an alternative you could, on the jumpserver, create a RDP file name FLR18.RDP with Apply Windows key combinations set to "On this computer"
In the same directory create a file named "FLR18.cmd" with the following contents.
@echo off
mstsc.exe "%~dp0FLR18.RDP"

Open in new window

And then publish this FL1R18.cmd as an application and test if this works.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
@Zalazar

You are great man. Your first method works. But I could use only ALT+Pageup or Pagedown.
Any chance of using ALT_TAB?
CERTIFIED EXPERT

Commented:
Thanks and great to hear it's working !
I could not find a way to use ALT-TAB unfortunately.
Only the alternative key combinations work.

There is a possibility but you would need an external RDP program named Royal TS for this.
By saving and importing the RDP file and setting the option "Advanced |Input |Windows Keys Passthrough: Enabled" for the connection.
Then ALT-TAB within the RDP session works fine.

Author

Commented:
Thanks Zalazar. Its a great help from you. Please suggest any open source of RDS if you aware of.
CERTIFIED EXPERT

Commented:
mRemoteNG is open source and has a possiblity to set
Redirect |Key Combinations: Yes
but the software is not capable to run the RDP session via the published application.
I couldn't find any other open source or free RDP program which is capable to run the session via the published application and passthrough ALT-TAB in combination with this setup.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.