1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
|
sudo apt-get install -y freerdp2-x11
xfreerdp --help
FreeRDP - A Free Remote Desktop Protocol Implementation
See www.freerdp.com for more information
Usage: xfreerdp [file] [options] [/v:<server>[:port]]
Syntax:
/flag (enables flag)
/option:<value> (specifies option with value)
+toggle -toggle (enables or disables toggle, where '/' is a synonym of '+')
/a:<addin>[,<options>] Addin
/action-script:<file-name> Action script
/admin Admin (or console) session
+aero Enable desktop composition
/app:<path> or ||<alias> Remote application program
/app-cmd:<parameters> Remote application command-line parameters
/app-file:<file-name> File to open with remote application
/app-guid:<app-guid> Remote application GUID
/app-icon:<icon-path> Remote application icon for user interface
/app-name:<app-name> Remote application name for user interface
/app-workdir:<workspace path> Remote application workspace path
/assistance:<password> Remote assistance password
/auto-request-control Automatically request remote assistance
input control
+async-channels Enable Asynchronous channels
(experimental)
+async-input Enable Asynchronous input
+async-update Enable Asynchronous update
/audio-mode:<mode> Audio output mode
+auth-only Enable Authenticate only
-authentication Disable Authentication (experimental)
+auto-reconnect Enable Automatic reconnection
/auto-reconnect-max-retries:<retries>
Automatic reconnection maximum retries, 0
for unlimited [0,1000]
+bitmap-cache Enable bitmap cache
/bpp:<depth> Session bpp (color depth)
/buildconfig Print the build configuration
/cert:[deny,ignore,name:<name>,tofu,fingerprint:<hash>:<hash as hex>
[,fingerprint:<hash>:<another hash>]]
Certificate accept options. Use with care!
* deny ... Automatically abort
connection if the certificate does not
match, no user interaction. *
ignore ... Ignore the certificate
checks altogether (overrules all other
options) * name
... Use the alternate <name>
instead of the certificate subject to
match locally stored certificates * tofu
... Accept certificate
unconditionally on first connect and deny
on subsequent connections if the
certificate does not match * fingerprints
... A list of certificate hashes that are
accepted unconditionally for a connection
/cert-deny [deprecated, use /cert:deny] Automatically
abort connection for any certificate that
can not be validated.
/cert-ignore [deprecated, use /cert:ignore] Ignore
certificate
/cert-name:<name> [deprecated, use /cert:name:<name>]
Certificate name
/cert-tofu [deprecated, use /cert:tofu] Automatically
accept certificate on first connect
/client-build-number:<number> Client Build Number sent to server
(influences smartcard behaviour, see
[MS-RDPESC])
/client-hostname:<name> Client Hostname to send to server
-clipboard Disable Redirect clipboard
/codec-cache:[rfx|nsc|jpeg] Bitmap codec cache
-compression Disable compression
/compression-level:<level> Compression level (0,1,2)
+credentials-delegation Enable credentials delegation
/d:<domain> Domain
-decorations Disable Window decorations
/disp Display control
/drive:<name>,<path> Redirect directory <path> as named share
<name>. Hotplug support is enabled with
/drive:hotplug,*. This argument provides
the same function as "Drives that I plug
in later" option in MSTSC.
+drives Enable Redirect all mount points as shares
/dvc:<channel>[,<options>] Dynamic virtual channel
/dynamic-resolution Send resolution updates when the window is
resized
/echo Echo channel
-encryption Disable Encryption (experimental)
/encryption-methods:[40,][56,][128,][FIPS]
RDP standard security encryption methods
/f Fullscreen mode (<Ctrl>+<Alt>+<Enter>
toggles fullscreen)
-fast-path Disable fast-path input/output
+fipsmode Enable FIPS mode
/floatbar[:sticky:[on|off],default:[visible|hidden],show:
[always|fullscreen||window]]
floatbar is disabled by default (when
enabled defaults to sticky in fullscreen
mode)
-fonts Disable smooth fonts (ClearType)
/frame-ack:<number> Number of frame acknowledgement
/from-stdin[:force] Read credentials from stdin. With <force>
the prompt is done before connection,
otherwise on server request.
/g:<gateway>[:<port>] Gateway Hostname
/gateway-usage-method:[direct|detect]
Gateway usage method
/gd:<domain> Gateway domain
/gdi:sw|hw GDI rendering
/geometry Geometry tracking channel
+gestures Enable Consume multitouch input locally
/gfx[:RFX] RDP8 graphics pipeline
+gfx-progressive Enable RDP8 graphics pipeline using progressive
codec
+gfx-small-cache Enable RDP8 graphics pipeline using small cache
mode
+gfx-thin-client Enable RDP8 graphics pipeline using thin client
mode
+glyph-cache Enable Glyph cache (experimental)
/gp:<password> Gateway password
-grab-keyboard Disable Grab keyboard
/gt:[rpc|http|auto] Gateway transport type
/gu:[[<domain>\]<user>|<user>[@<domain>]]
Gateway username
/gat:<access token> Gateway Access Token
/h:<height> Height
-heartbeat Disable Support heartbeat PDUs
/help Print help
+home-drive Enable Redirect user home as share
/ipv6 Prefer IPv6 AAA record over IPv4 A record
/jpeg JPEG codec support
/jpeg-quality:<percentage> JPEG quality
/kbd:0x<id> or <name> Keyboard layout
/kbd-lang:0x<id> Keyboard active language identifier
/kbd-fn-key:<value> Function key value
/kbd-list List keyboard layouts
/kbd-lang-list List keyboard languages
/kbd-subtype:<id> Keyboard subtype
/kbd-type:<id> Keyboard type
/load-balance-info:<info-string> Load balance info
/log-filters:<tag>:<level>[,<tag>:<level>[,...]]
Set logger filters, see wLog(7) for
details
/log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE]
Set the default log level, see wLog(7) for
details
/max-fast-path-size:<size> Specify maximum fast-path update size
/max-loop-time:<time> Specify maximum time in milliseconds spend
treating packets
+menu-anims Enable menu animations
/microphone[:[sys:<sys>,][dev:<dev>,][format:<format>,][rate:<rate>,]
[channel:<channel>]] Audio input (microphone)
/monitor-list List detected monitors
/monitors:<id>[,<id>[,...]] Select monitors to use
-mouse-motion Disable Send mouse motion
/multimon[:force] Use multiple monitors
+multitouch Enable Redirect multitouch input
+multitransport Enable Support multitransport protocol
-nego Disable protocol security negotiation
/network:[modem|broadband|broadband-low|broadband-high|wan|lan|auto]
Network connection type
/nsc NSCodec support
+offscreen-cache Enable offscreen bitmap cache
/orientation:[0|90|180|270] Orientation of display in degrees
+old-license Enable Use the old license workflow (no CAL and
hwId set to 0)
/p:<password> Password
/parallel[:<name>[,<path>]] Redirect parallel device
/parent-window:<window-id> Parent window id
+password-is-pin Enable Use smart card authentication with
password as smart card PIN
/pcb:<blob> Preconnection Blob
/pcid:<id> Preconnection Id
/pheight:<height> Physical height of display (in
millimeters)
/play-rfx:<pcap-file> Replay rfx pcap file
/port:<number> Server port
-suppress-output Disable suppress output when minimized
+print-reconnect-cookie Enable Print base64 reconnect cookie after
connecting
/printer[:<name>[,<driver>]] Redirect printer device
/proxy:[<proto>://][<user>:<password>@]<host>:<port>
Proxy settings: override env. var (see
also environment variable below). Protocol
"socks5" should be given explicitly where
"http" is default.
/pth:<password-hash> Pass the hash (restricted admin mode)
/pwidth:<width> Physical width of display (in millimeters)
/rdp2tcp:<executable path[:arg...]>
TCP redirection
/reconnect-cookie:<base64-cookie> Pass base64 reconnect cookie to the
connection
/redirect-prefer:<FQDN|IP|NETBIOS>,[...]
Override the preferred redirection order
/relax-order-checks Do not check if a RDP order was announced
during capability exchange, only use when
connecting to a buggy server
/restricted-admin Restricted admin mode
/rfx RemoteFX
/rfx-mode:[image|video] RemoteFX mode
/scale:[100|140|180] Scaling factor of the display
/scale-desktop:<percentage> Scaling factor for desktop applications
(value between 100 and 500)
/scale-device:100|140|180 Scaling factor for app store applications
/sec:[rdp|tls|nla|ext] Force specific protocol security
+sec-ext Enable NLA extended protocol security
-sec-nla Disable NLA protocol security
-sec-rdp Disable RDP protocol security
-sec-tls Disable TLS protocol security
/serial[:<name>[,<path>[,<driver>[,permissive]]]]
Redirect serial device
/shell:<shell> Alternate shell
/shell-dir:<dir> Shell working directory
/size:<width>x<height> or <percent>%[wh]
Screen size
/smart-sizing[:<width>x<height>] Scale remote desktop to window size
/smartcard[:<str>[,<str>...]] Redirect the smartcard devices containing
any of the <str> in their names.
/smartcard-logon Activates Smartcard Logon authentication.
(EXPERIMENTAL: NLA not supported)
/sound[:[sys:<sys>,][dev:<dev>,][format:<format>,][rate:<rate>,]
[channel:<channel>,][latency:<latency>,][quality:<quality>]]
Audio output (sound)
/span Span screen over multiple monitors
/spn-class:<service-class> SPN authentication service class
/ssh-agent SSH Agent forwarding channel
/t:<title> Window title
-themes Disable themes
/timeout:<time in ms> Advanced setting for high latency links:
Adjust connection timeout, use if you
encounter timeout failures with your
connection
/tls-ciphers:[netmon|ma|ciphers] Allowed TLS ciphers
/tls-seclevel:<level> TLS security level - defaults to 1
-toggle-fullscreen Disable Alt+Ctrl+Enter to toggle
fullscreen
/tune:<setting:value>,<setting:value>
[experimental] directly manipulate freerdp
settings, use with extreme caution!
/tune-list Print options allowed for /tune
/u:[[<domain>\]<user>|<user>[@<domain>]]
Username
+unmap-buttons Enable Let server see real physical pointer
button
/usb:[dbg,][id:<vid>:<pid>#...,][addr:<bus>:<addr>#...,][auto]
Redirect USB device
/v:<server>[:port] Server hostname
/vc:<channel>[,<options>] Static virtual channel
/version Print version
/video Video optimized remoting channel
/vmconnect[:<vmid>] Hyper-V console (use port 2179, disable
negotiation)
/w:<width> Width
-wallpaper Disable wallpaper
+window-drag Enable full window drag
/window-position:<xpos>x<ypos> window position
/wm-class:<class-name> Set the WM_CLASS hint for the window
instance
/workarea Use available work area
Examples:
xfreerdp connection.rdp /p:Pwd123! /f
xfreerdp /u:CONTOSO\JohnDoe /p:Pwd123! /v:rdp.contoso.com
xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489
xfreerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100
|