xfreerdp - Man Page

FreeRDP X11 client

Examples (TL;DR)

Synopsis

xfreerdp [file] [options] [/v:server[:port]]

Description

xfreerdp is an X11 Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows. Alternative servers included ogon, gnome-remote-desktop, xrdp and VRDP (VirtualBox).

Options

/a:addin[,options], /addin:addin[,options]

Addin

/action-script:file-name

Action script (default:~/.config/freerdp/action.sh)

/admin,  /console

Admin (or console) session

+aero

desktop composition (default:off)

/app:program:[path|||alias],cmd:command,file:filename,guid:guid,icon:filename,name:name,workdir:directory

Remote application program

/assistance:password

Remote assistance password

/auto-request-control:

Automatically request remote assistance input control

+async-channels

Asynchronous channels (experimental) (default:off)

+async-update

Asynchronous update (default:off)

/audio-mode:mode

Audio output mode

+auth-only

Authenticate only (default:off)

/auth-pkg-list:!ntlm,kerberos

Authentication package filter (comma-separated list, use '!' to exclude)

-authentication

Authentication (experimental) (default:on)

+auto-reconnect

Automatic reconnection (default:off)

/auto-reconnect-max-retries:retries

Automatic reconnection maximum retries, 0 for unlimited [0,1000]

/bpp:depth

Session bpp (color depth) (default:16)

/buildconfig

Print the build configuration

/cache:[bitmap[:on|off],codec[:rfx|nsc],glyph[:on|off],offscreen[:on|off],persist,persist-file:filename]

/cert:[deny,ignore,name:name,tofu,fingerprint:hash:hash as hex[,fingerprint:hash:another hash]]

Certificate accept options. Use with care!

* deny ... Automatically abort connection if the certificate does not match, no user interaction.

* ignore ... Ignore the certificate checks altogether (overrules all other options)

* name ... Use the alternate <name> instead of the certificate subject to match locally stored certificates

* tofu ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match

* fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection

/client-build-number:number

Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC])

/client-hostname:name

Client Hostname to send to server

/clipboard:[[use-selection:atom],[direction-to:[all|local|remote|off]],[files-to[:all|local|remote|off]]]

Redirect clipboard:

* use-selection:<atom> ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection.

* direction-to:[all|local|remote|off] control enabled clipboard direction

* files-to:[all|local|remote|off] control enabled file clipboard directiont (default:on)

-compression,  -z

compression (default:on)

/compression-level:level

Compression level (0,1,2)

+credentials-delegation

credentials delegation (default:off)

/d:domain

Domain

-decorations

Window decorations (default:on)

/disp

Display control

/drive:name,path

Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC.

+drives

Redirect all mount points as shares (default:off)

/dump:record|replay,file

record or replay dump

/dvc:channel[,options]

Dynamic virtual channel

/dynamic-resolution

Send resolution updates when the window is resized

/echo, /echo

Echo channel

-encryption

Encryption (experimental) (default:on)

/encryption-methods:[40,][56,][128,][FIPS]

RDP standard security encryption methods

/f

Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen)

+fipsmode

FIPS mode (default:off)

/floatbar[:sticky:[on|off],default:[visible|hidden],show:[always|fullscreen|window]]

floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode)

-fonts

smooth fonts (ClearType) (default:on)

+force-console-callbacks

Use default callbacks (console) for certificate/credential/... (default:off)

/frame-ack:number

Number of frame acknowledgement

/args-from:file|stdin|fd:number|env:name

Read command line from a file, stdin or file descriptor. This argument can not be combined with any other. Provide one argument per line.

/from-stdin[:force]

Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request.

/gateway:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token, /gw:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token

Gateway Hostname

/gdi:sw|hw

GDI rendering

/geometry

Geometry tracking channel

+gestures

Consume multitouch input locally (default:off)

/gfx[:[progressive[:on|off]|RFX[:on|off]|AVC420[:on|off]AVC444[:on|off]],mask:value,small-cache[:on|off],thin-client[:on|off],progressive[:on|off]]]

RDP8 graphics pipeline

-grab-keyboard

Grab keyboard (default:on)

-grab-mouse

Grab mouse (default:on)

/h:height

Height (default:768)

-heartbeat

Support heartbeat PDUs (default:on)

/help,  /?

Print help

+home-drive

Redirect user home as share (default:off)

/ipv6,  /6

Prefer IPv6 AAA record over IPv4 A record

/jpeg

JPEG codec support

/jpeg-quality:percentage

JPEG quality

/kbd:[layout:[0xid|name],lang:0xid,fn-key:value,type:value,subtype:value,unicode[:on|off],remap:key1=value1,remap:key2=value2,pipe:filename]

Keyboard related options:

* layout: set the keybouard layout announced to the server

* lang: set the keyboard language identifier sent to the server

* fn-key: Function key value

* pipe: Name of a named pipe that can be used to type text into the RDP session

/kerberos:[kdc-url:url,lifetime:time,start-time:time,renewable-lifetime:time,cache:path,armor:path,pkinit-anchors:path,pkcs11-module:name]

Kerberos options

/load-balance-info:info-string

Load balance info

/list:[kbd|kbd-scancode|kbd-lang[:value]|smartcard[:[pkinit-anchors:path][,pkcs11-module:name]]|monitor|tune]

List available options for subcommand (default:List available options for subcommand)

/log-filters:tag:level[,tag:level[,...]]

Set logger filters, see wLog(7) for details

/log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE]

Set the default log level, see wLog(7) for details

/max-fast-path-size:size

Specify maximum fast-path update size

/max-loop-time:time

Specify maximum time in milliseconds spend treating packets

+menu-anims

menu animations (default:off)

/microphone[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]], /mic[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]]

Audio input (microphone)

/monitors:id[,id[,...]]

Select monitors to use

-mouse-motion

Send mouse motion (default:on)

+mouse-relative

Send mouse motion with relative addressing (default:off)

/mouse:[relative:[on|off],grab:[on|off]]

Mouse related options:

* relative: send relative mouse movements if supported by server

* grab: grab the mouse if within the window

/multimon[:force]

Use multiple monitors

+multitouch

Redirect multitouch input (default:off)

-multitransport

Support multitransport protocol (default:on)

-nego

protocol security negotiation (default:on)

/network:[modem|broadband|broadband-low|broadband-high|wan|lan|auto]

Network connection type

/nsc,  /nscodec

NSCodec support

/orientation:[0|90|180|270]

Orientation of display in degrees

+old-license

Use the old license workflow (no CAL and hwId set to 0) (default:off)

/p:password

Password

/parallel[:name[,path]]

Redirect parallel device

/parent-window:window-id

Parent window id

/pcb:blob

Preconnection Blob

/pcid:id

Preconnection Id

/pheight:height

Physical height of display (in millimeters)

/play-rfx:pcap-file

Replay rfx pcap file

/port:number

Server port

-suppress-output

suppress output when minimized (default:on)

+print-reconnect-cookie

Print base64 reconnect cookie after connecting (default:off)

/printer[:name[,driver]]

Redirect printer device

/proxy:[proto://][user:password@]host[:port]

Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default.

/pth:password-hash, /pass-the-hash:password-hash

Pass the hash (restricted admin mode)

/pwidth:width

Physical width of display (in millimeters)

/rdp2tcp:executable path[:arg...]

TCP redirection

/reconnect-cookie:base64-cookie

Pass base64 reconnect cookie to the connection

/redirect-prefer:FQDN|IP|NETBIOS,[...]

Override the preferred redirection order

/relax-order-checks, /relax-order-checks

Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server

/restricted-admin,  /restrictedAdmin

Restricted admin mode

/rfx

RemoteFX

/rfx-mode:[image|video]

RemoteFX mode

/scale:[100|140|180]

Scaling factor of the display (default:100)

/scale-desktop:percentage

Scaling factor for desktop applications (value between 100 and 500) (default:100)

/scale-device:100|140|180

Scaling factor for app store applications (default:100)

/sec:[rdp[:[on|off]]|tls[:[on|off]]|nla[:[on|off]]|ext[:[on|off]]|aad[:[on|off]]]

Force specific protocol security. e.g. /sec:nla enables NLA and disables all others, while /sec:nla:[on|off] just toggles NLA

/serial[:name[,path[,driver[,permissive]]]], /tty[:name[,path[,driver[,permissive]]]]

Redirect serial device

/server-name:name

User-specified server name to use for validation (TLS, Kerberos)

/shell:shell

Alternate shell

/shell-dir:dir

Shell working directory

/size:widthxheight or percent%[wh]

Screen size (default:1024x768)

/smart-sizing[:widthxheight]

Scale remote desktop to window size

/smartcard[:str[,str...]]

Redirect the smartcard devices containing any of the <str> in their names.

/smartcard-logon[:[cert:path,key:key,pin:pin,csp:csp name,reader:reader,card:card]]

Activates Smartcard (optional certificate) Logon authentication.

/sound[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]], /audio[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]]

Audio output (sound)

/span

Span screen over multiple monitors

/spn-class:service-class

SPN authentication service class

/ssh-agent, /ssh-agent

SSH Agent forwarding channel

/sspi-module:SSPI module path

SSPI shared library module file path

/winscard-module:WinSCard module path

WinSCard shared library module file path

/disable-output

Deactivate all graphics decoding in the client session. Useful for load tests with many simultaneous connections

/t:title, /title:title

Window title

-themes

themes (default:on)

/timeout:time in ms, /timeout:time in ms

Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection (default:9000)

/tls:[ciphers|seclevel|secrets-file|enforce]

TLS configuration options: * ciphers:[netmon|ma|<cipher names>]

* seclevel:<level>, default: 1, range: [0-5] Override the default TLS security level, might be required for older target servers

* secrets-file:<filename>

* enforce[:[ssl3|1.0|1.1|1.2|1.3]] Force use of SSL/TLS version for a connection. Some servers have a buggy TLS version negotiation and might fail without this. Defaults to TLS 1.2 if no argument is supplied. Use 1.0 for windows 7

-toggle-fullscreen

Alt+Ctrl+Enter to toggle fullscreen (default:on)

/tune:setting:value,setting:value

[experimental] directly manipulate freerdp settings, use with extreme caution! (default:)

/u:[[domain\]user|user[@domain]]

Username

+unmap-buttons

Let server see real physical pointer button (default:off)

/usb:[dbg,][id:vid:pid#...,][addr:bus:addr#...,][auto]

Redirect USB device

/v:server[:port]

Server hostname

/vc:channel[,options]

Static virtual channel

/version

Print version

/video

Video optimized remoting channel

/prevent-session-lock[:time in sec]

Prevent session locking by injecting fake mouse motion events to the server when the connection is idle (default interval: 180 seconds)

/vmconnect[:vmid]

Hyper-V console (use port 2179, disable negotiation)

/w:width

Width (default:1024)

-wallpaper

wallpaper (default:on)

+window-drag

full window drag (default:off)

/window-position:xposxypos

window position

/wm-class:class-name

Set the WM_CLASS hint for the window instance

/workarea

Use available work area

Environment Variables

wlog environment variable

xfreerdp uses wLog as its log facility, you can refer to the corresponding man page (wlog(7)) for more informations. Arguments passed via the /log-level or /log-filters have precedence over the environment variables.

Examples

xfreerdp connection.rdp /p:Pwd123! /f

Connect in fullscreen mode using a stored configuration connection.rdp and the password Pwd123!

xfreerdp /u:USER /size:50%h /v:rdp.contoso.com

Connect to host rdp.contoso.com with user USER and a size of 50 percent of the height. If width (w) is set instead of height (h) like /size:50%w. 50 percent of the width is used.

xfreerdp /u:CONTOSO\\JohnDoe /p:Pwd123! /v:rdp.contoso.com

Connect to host rdp.contoso.com with user CONTOSO\\JohnDoe and password Pwd123!

xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489

Connect to host 192.168.1.100 on port 4489 with user JohnDoe, password Pwd123!. The screen width is set to 1366 and the height to 768

xfreerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100

Establish a connection to host 192.168.1.100 with user JohnDoe, password Pwd123! and connect to Hyper-V console (use port 2179, disable negotiation) with VMID C824F53E-95D2-46C6-9A18-23A5BB403532

+clipboard

Activate clipboard redirection

/drive:home,/home/user

Activate drive redirection of /home/user as home drive

/smartcard:<device>

Activate smartcard redirection for device device

/printer:<device>,<driver>

Activate printer redirection for printer device using driver driver

/serial:<device>

Activate serial port redirection for port device

/parallel:<device>

Activate parallel port redirection for port device

/sound:sys:alsa

Activate audio output redirection using device sys:alsa

/microphone:sys:alsa

Activate audio input redirection using device sys:alsa

/multimedia:sys:alsa

Activate multimedia redirection using device sys:alsa

/usb:id,dev:054c:0268

Activate USB device redirection for the device identified by 054c:0268

Author

The FreeRDP Team

Referenced By

wlfreerdp(1).

2024-02-22 freerdp