rdp files are no longer opened since version 108

Brass Contributor

since edge stable version 108 automatically open downloaded rdp files is no longer possible. the option "always open files of this type" is greyed out. 

DrDuzi_0-1670315689544.png

auto open rdp files works with edge 107.0.1418.35
auto open rdp files works with google chrome 108.0.5359.94
workaround configure group policy autoopenfiletypes
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autoopenfiletypes

12 Replies

@DrDuzi Hello!  Are you by chance using the DownloadRestrictions policy (https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#downloadrestrictions)?  I've seen some other recent feedback regarding the DownloadRestrictions policy and RDP files.  Just checking if you are running into the same thing.  

 

-Kelly

 

We are also experiencing problems with .rdp files in 108 (108.0.1462.42 (Official build) (64-bit)). Some of our users are getting warning messages that the .rdp files from our RDS servers may be dangerous and they are prompted to "Keep" or "Delete"; and also the files are not opening automatically anymore.

I looked through the list of file types at https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/core/resources/dow... and .rdp files is not listed. So this is very strange. Why is Edge, after updating to 108, detecting the .rdp files as potentially dangerous?

I've tried setting the "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings" policy for specific domains and the rdp file type but this does not resolve the problem either. I'm thinking there is some kind of "context" that Edge doesn't like but there is no documentation anywhere on this. The impact is that now, as 108 roles out, we are getting tickets from users wondering why they now have to click "Keep" and then manually open the file - a very good question.

@Kelly_Y 
Yes we have set downloadrestrictions = 1 (Block malicious downloads and dangerous file types)

@StephenFeltmate @DrDuzi Hi!  I've heard from our developer, RDP was added to the  download_file_types.asciipb file with a danger_level of ALLOW_ON_USER_GESTURE.  

 

If users are getting a warning message that RDP files might be dangerous, enterprises can leverage the ExemptFileTypeDownloadWarnings policy to flag RDP downloads from specific domains as safe.

 

We are working on updating our documentation with this information.  Thanks! 

 

-Kelly 

@Kelly_Y Thank you! That's what I thought. I've tried using the ExemptFileTypeDownloadWarnings policy but have to experiment a bit more with it because it doesn't seem to working for one of our domains. However, it does appear to be working for our primary domain. Thanks!

@StephenFeltmate its funny how we can always find the issue on the internet.  We live and die by the download of the .rdp file and as you pointed out that recently became an issue.  Is there a workaround or solution at hand or are we just at the mercy of MS?

ExemptFileTypeDownloadWarnings policy setting works if there is a domain name used in the "full address" field of the .rdp file. I had to update the Administrative Templates to the latest version of Edge as well. It does not work if an IP address is referenced rather than a domain name. I was thinking this might have been a change in the underlying Chromium platform but we do not experience the same thing in Chrome so at this point it is an Edge peculiarity.

The workaround is to click "Keep" when prompted and then click to open the file. This is very annoying for end users. At this point, my end users are able to access the RDS applications without this prompt. Our admins just have to deal with clicking on "Keep" and then "open file" because there is no way to bypass this if only an ip address is being used in the "full address" field.
Thanks for the tips.
With the ExemptFileTypeDownloadWarnings we have no more alert message but "always open files of this type" is still grey out? Does someone has a solution please?
I think we can use AutoOpenAllowedForURLs and AutoOpenFileTypes but I think in this case it will be restrictive and the user will not have the possibility to add other extension or URL.

@MichaelOliv Set Computer Configuration Policy: Administrative Templates > Microsoft Edge

 

Policies:

  List of file types that should be automatically opened on download: Enabled, "List of file types that should be automatically opened on download: rdp".

 

  URLs where AutoOpenFileTypes can apply: Enabled, "URLs where AutoOpenFile Types can apply: [URL]".

I'm still testing this one myself. We haven't rolled this out yet; still have to test on 108. Let me know if it works for you.

I need to test after holidays. But with this I think user will not have the possibility to add extension to open automatically.
So I've tried to apply this setting in Intune, but however it still popups and says : Keep or Delete ".

[ { "file_extension": "rdp", "domains": ["domain.com"] }]

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#exemptfiletypedownloadwarnings

What am I doing wrong? :)

Hello @MikkelLundKnudsen ,

 

We did this in a device configuration/Administrative Templates and it works :

MichalOliveri_0-1673452020224.png

{ "file_extension": "rdp", "domains": ["domain.com"] }

 

I hope it could help.