# Connect to your Windows instance using RDP You can connect to Amazon EC2 instances created from most Windows Amazon Machine Images (AMIs) using Remote Desktop. Remote Desktop uses the Remote Desktop Protocol (RDP) to connect to and use your instance in the same way you use a computer sitting in front of you (local computer). It is available on most editions of Windows and is also available for Mac OS. The license for the Windows Server operating system allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your Windows instance. If you require more than two simultaneous remote connections, you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error occurs. **Tip** If you need to connect to your instance in order to troubleshoot boot, network configuration, and other issues for instances built on the [AWS Nitro System](https://aws.amazon.com/ec2/nitro/), you can use the [EC2 Serial Console for instances](ec2-serial-console.md). **Topics** + [ # Connect to your Windows instance using an RDP client ](connect-rdp.md) + [ # Connect to your Windows instance using Fleet Manager ](connect-rdp-fleet-manager.md) + [ # Transfer files to a Windows instance using RDP ](connect-to-linux-instanceWindowsFileTransfer.md) # Connect to your Windows instance using an RDP client Connect using an RDP client You can connect to your Windows instance using an RDP client as follows. **Tip** Alternatively, you can connect to your Windows instance using [Systems Manager Fleet Manager](connect-rdp-fleet-manager.md) or [EC2 Instance Connect Endpoint](connect-with-ec2-instance-connect-endpoint.md). ## Prerequisites You must meet the following prerequisites to connect to your Windows instance using an RDP client. + **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). + **Install an RDP client.** + (Windows) Windows includes an RDP client by default. To verify, type **mstsc** at a Command Prompt window. If your computer doesn't recognize this command, download the [Microsoft Remote Desktop app](https://apps.microsoft.com/detail/9wzdncrfj3ps) from the Microsoft Store. + (macOS X) Download the [Windows App for Mac (previously named Microsoft Remote Desktop](https://apps.apple.com/us/app/windows-app/id1295203466?mt=12) from the Mac App Store. + (Linux) Use [Remmina](https://remmina.org/). + **Allow inbound RDP traffic from your IP address.** Ensure that the security group associated with your instance allows incoming RDP traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). ## Retrieve the administrator password If you joined your instance to a domain, you can connect to your instance using the domain credentials from Directory Service. On the Remote Desktop login screen, instead of using the local computer name and the generated password, use the fully-qualified username for the administrator (for example, **corp.example.com\$1Admin**), and the password for this account. To connect to a Windows instance using RDP, you must retrieve the initial administrator password and then enter this password when you connect to your instance. It takes a few minutes after instance launch before this password is available. Your account must have permission to call the [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) action. For more information, see [Example policies to control access the Amazon EC2 API](ExamplePolicies_EC2.md). The default username for the Administrator account depends on the language of the operating system (OS) contained in the AMI. To determine the correct username, identify the language of the OS, and then choose the corresponding username. For example, for an English OS, the username is `Administrator`, for a French OS it's `Administrateur`, and for a Portuguese OS it's `Administrador`. If a language version of the OS does not have a username in the same language, choose the username `Administrator (Other)`. For more information, see [Localized Names for Administrator Account in Windows](https://learn.microsoft.com/en-us/archive/technet-wiki/13813.localized-names-for-administrator-account-in-windows) in the Microsoft website. **To retrieve the initial administrator password** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and then choose **Connect**. 1. On the **Connect to instance** page, choose the **RDP client** tab. 1. For **Username**, choose the default username for the Administrator account. The username you choose must match the language of the operating system (OS) contained in the AMI that you used to launch your instance. If there is no username in the same language as your OS, choose **Administrator (Other)**. 1. Choose **Get password**. 1. On the **Get Windows password** page, do the following: 1. Choose **Upload private key file** and navigate to the private key (`.pem`) file that you specified when you launched the instance. Select the file and choose **Open** to copy the entire contents of the file to this window. 1. Choose **Decrypt password**. The **Get Windows password** page closes, and the default administrator password for the instance appears under **Password**, replacing the **Get password** link shown previously. 1. Copy the password and save it in a safe place. This password is required to connect to the instance. ## Connect to your Windows instance The following procedure uses the Remote Desktop Connection client for Windows (MSTSC). If you're using a different RDP client, download the RDP file and then see the documentation for the RDP client for the steps to establish the RDP connection. **To connect to a Windows instance using an RDP client** 1. On the **Connect to instance** page, choose **Download remote desktop file**. When the file download is finished, choose **Cancel** to return to the **Instances** page. The RDP file is downloaded to your `Downloads` folder. 1. Run `mstsc.exe` to open the RDP client. 1. Expand **Show options**, choose **Open**, and select the .rdp file from your `Downloads` folder. 1. By default, **Computer** is the public IPv4 DNS name of the instance and **User name** is the administrator account. To connect to the instance using IPv6 instead, replace the public IPv4 DNS name of the instance with its IPv6 address. Review the default settings and change them as needed. 1. Choose **Connect**. If you receive a warning that the publisher of the remote connection is unknown, choose **Connect** to continue. 1. Enter the password that you saved previously, and then choose **OK**. 1. Due to the nature of self-signed certificates, you might get a warning that the security certificate could not be authenticated. Do one of the following: + If you trust the certificate, choose **Yes** to connect to your instance. + [Windows] Before you proceed, compare the thumbprint of the certificate with the value in the system log to confirm the identity of the remote computer. Choose **View certificate** and then choose **Thumbprint** from the **Details** tab. Compare this value to the value of `RDPCERTIFICATE-THUMBPRINT` in **Actions**, **Monitor and troubleshoot**, **Get system log**. + [Mac OS X] Before you proceed, compare the fingerprint of the certificate with the value in the system log to confirm the identity of the remote computer. Choose **Show Certificate**, expand **Details**, and choose **SHA1 Fingerprints**. Compare this value to the value of `RDPCERTIFICATE-THUMBPRINT` in **Actions**, **Monitor and troubleshoot**, **Get system log**. 1. If the RDP connection is successful, the RDP client displays the Windows login screen and then the Windows desktop. If you receive an error message instead, see [Remote Desktop can't connect to the remote computer](troubleshoot-connect-windows-instance.md#rdp-issues). When you are finished with the RDP connection, you can close the RDP client. ## Configure user accounts After you connect to your instance over RDP, we recommend that you perform the following tasks: + Change the administrator password from the default value. You [can change the password while you are logged on to the instance itself](https://support.microsoft.com/en-us/windows/change-or-reset-your-windows-password-8271d17c-9f9e-443f-835a-8318c8f68b9c), just as you would on any computer running Windows Server. + Create another user with administrator privileges on the instance. This is a safeguard in case you forget the administrator password or have a problem with the administrator account. The new user must have permission to access the instance remotely. Open **System Properties** by right-clicking on the **This PC** icon on your Windows desktop or File Explorer and selecting **Properties**. Choose **Remote settings**, and choose **Select Users** to add the user to the **Remote Desktop Users** group. ![\[System Properties window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/windows-connect-properties-rdp.png) # Connect to your Windows instance using Fleet Manager Connect using Fleet Manager You can use Fleet Manager, a capability of AWS Systems Manager, to connect to Windows instances using the Remote Desktop Protocol (RDP) and display up to four Windows instances on the same page in the AWS Management Console. You can connect to the first instance in the Fleet Manager Remote Desktop directly from the **Instances** page in the Amazon EC2 console. For more information about Fleet Manager, see [Connect to a managed instance using Remote Desktop](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html) in the *AWS Systems Manager User Guide*. You do not need to specifically allow incoming RDP traffic from your IP address if you use Fleet Manager to connect. Fleet Manager handles that for you. **Prerequisites** Before attempting to connect to an instance using Fleet Manager, you must set up your environment. For more information, see [Setting up your environment](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html#rdp-prerequisites) in the *AWS Systems Manager User Guide*. **To connect to a Windows instance using Fleet Manager** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation pane, choose **Instances**. 1. Select the instance and then choose **Connect**. 1. On the **RDP client** tab, for **Connection Type**, choose **Connect using Fleet Manager**. 1. Choose **Fleet Manager Remote Desktop**. This opens the **Fleet Manager Remote Desktop** page in the AWS Systems Manager console. 1. Enter your credentials and then choose **Connect**. 1. If the RDP connection is successful, Fleet Manager displays the Windows desktop. When you are finished with the session, choose **Actions**, **End session**. For more information, see [Connecting to a Windows Server managed instance using Remote Desktop](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html) in the *AWS Systems Manager User Guide*. # Transfer files to a Windows instance using RDP Transfer files using RDP You can work with your Windows instance in the same way that you would work with any Windows server. For example, you can transfer files between a Windows instance and your local computer using the local file sharing feature of the Microsoft Remote Desktop Connection (RDP) software. You can access local files on hard disk drives, DVD drives, portable media drives, and mapped network drives. To access your local files from your Windows instances, you must enable the local file sharing feature by mapping the remote session drive to your local drive. The steps are slightly different depending on whether your local computer operating system is Windows or macOS X. For more information about the prerequisites to connect using RDP, see [Prerequisites](connect-rdp.md#rdp-prereqs). ------ #### [ Windows ] **To map the remote session drive to your local drive on your local Windows computer** 1. Open the Remote Desktop Connection client. 1. Choose **Show Options**. 1. Add the instance host name to the **Computer** field and username to the **User name** field, as follows: 1. Under **Connection settings**, choose **Open...**, and browse to the RDP shortcut file that you downloaded from the Amazon EC2 console. The file contains the Public IPv4 DNS host name, which identifies the instance, and the Administrator user name. 1. Select the file and choose **Open**. The **Computer** and **User name** fields are populated with the values from the RDP shortcut file. 1. Choose **Save**. 1. Choose the **Local Resources** tab. 1. Under **Local devices and resources**, choose **More...** ![\[RDP Local Resources window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/windows-connect-rdp-local-resources.png) 1. Open **Drives** and select the local drive to map to your Windows instance. 1. Choose **OK**. ![\[RDP Local devices and resources window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/windows-connect-rdp-drives.png) 1. Choose **Connect** to connect to your Windows instance. ------ #### [ macOS X ] **To map the remote session drive to your local folder on your local macOS X computer** 1. Open the Remote Desktop Connection client. 1. Browse to the RDP file that you downloaded from the Amazon EC2 console (when you initially connected to the instance), and drag it onto the Remote Desktop Connection client. 1. Right-click the RDP file, and choose **Edit**. 1. Choose the **Folders** tab, and select the **Redirect folders** checkbox. ![\[Microsoft Remote Desktop Edit PC window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/mac-map-folder-1.png) 1. Choose the **\$1** icon at bottom left, browse to the folder to map, and choose **Open**. Repeat this step for every folder to map. 1. Choose **Save**. 1. Choose **Connect** to connect to your Windows instance. You'll be prompted for the password. 1. On the instance, in File Explorer, expand **This PC**, and find the shared folder from which you can access your local files. In the following screenshot, the **Desktop** folder on the local computer was mapped to the remote session drive on the instance. ![\[Microsoft Remote Desktop Edit PC window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/mac-map-folder-2.png) For more information on making local devices available to a remote session on a Mac computer, see [Get started with the macOS client](https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-mac). ------