Thanks, I'm going to look at. Meanwhile some progress:
I can now successfully create a .rdp file and logon with even though the hashed password I create is not the same size as the one that MS makes. The hashed password remains valid during the logon session of the logged on user (the user under who's account the password was hashed). Although this achieves the goal I had in mind, I'm curious as to how MS (mstsc.exe) does it.

Debugging MSTSC.EXE while saving an RDP shows this sequence:

CryptProtectData - CRYPT32.dll
CryptUnprotectData - CRYPT32.dll
CryptUnprotectData - CRYPT32.dll
CryptProtectData - CRYPT32.dll

It seems like the first CryptProtectData crypts the username (I passed Username as user)
http://web.inter.nl.net/users/weijnen/dp/Info1.jpg
And the 2nd CryptProtectData the Password (I passed Password as the password string)
http://web.inter.nl.net/users/weijnen/dp/Info2.jpg

Perhaps the 2 sequences are appended? Don't know why and where the Base64 comes in (yet).