Remote Desktop client on Windows 10 doesn't appear to support WIP?

MVP
 

2020-05-08_15-51-28.jpg

 

If I try and use the latest desktop client on a Windows 10 machine with Windows information Protection enabled I get he above error. I have tried adding it as a Protected and exempt app without luck.

 

Any sugestions?

10 Replies

Hi @Robert Crane , which executable did you add to Windows Information Protection? Ensure you add both msrdcw.exe and msrdc.exe.

@Robert CraneDid you find a solution for this?

@MarlonSeidl *** Solution – ensure the WVD feed URL (e.g. http://rdweb.wvd.microsoft.com/webclient) is part of the appropriate definitions in your WIP network isolation configuration

@Robert Crane Hi, Could you provide the values that you have in WIP policy for msrdc.exe and msrdcw.exe.  I have added both and added the URL but still fails. Would really like info on the productname, publisher and all values you have.

 

Thanks in advance.

@Myron_Coward It has more to do with getting the network isolation settings for the appropriate URL correct that what you have as the publisher and product name. All that matters there really is the .exe name. Here is a reference article for you on network isolation settings:

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-g...

@Robert Crane  

im testing version 1.2.1672.0 Remote Desktop and having the WIP conflict. Anyone seen the same thing?

I have tried to exempt the MSRDCW.EXE and MSRDC.EXE completely but they are still recognized at ‘personal’ apps on the endpoint client.

Any ideas?

This is how I got mine to work:
Created 2 entries in Targeted apps:
Name-- product name-- type-- publisher-- file-- Min ver
msrdcw --* --Desktop App-- O=..... --msrdcw.exe-- *
msrdc-- *--Desktop App-- O=.....-- msrdc-- *


publisher--> O=Microsoft Corporation, L=Redmond, S=Washington, C=US


Then in Network perimeter I added:
cloud resources/value = rdweb.wvd.microsoft.com

You can check if the policy works by going to the test computer and opening task manager.
Click the details tab
Right click on the status tab or any tab and select "select columns" pick "Enterprise Context".
You should now be able to see if the 2 apps ( msrdcw and msrdc) switched from personal to Company owned. I had to do the sync from the company portal app a couple of times to see the apps switch.
Hope this helps somebody, as it took me way to long to figure this out.

@PbermudezStill having a heck of a time with this.... can you give a little more detail regarding the settings you used?

 

thanks

@MBADTECH this is how i got mine working, maybe it will help

Davidj840_0-1619509283997.png

O=Microsoft Corporation, L=Redmond, S=Washington, C=US
msrdc.exe
msrdcw.exe
 
Running Task Manager with a column "Enterprise Context" helps show how context changes depending on your policies
Davidj840_1-1619509391480.png