Hi
if a Windows computer is member of a domain and the certificate autoenrollment is in place then you can use the machine certificate provided by the active directory as the RDP TLS certificate.
Get Remote Desktop WMI Path
1 | $oTSWMIPath = (Get-WmiObject -Namespace root\cimv2\terminalservices -class "Win32_TSGeneralSetting" -Filter "TerminalName='RDP-tcp'").__path |
Get the Machine Certificate issued by your domain
1 2 3 4 5 | $oWMIComputer=Get-WmiObject -class "Win32_ComputerSystem" -Filter "DomainRole=1"if($oWMIComputer){ $oDomainCert=get-item Cert:\LocalMachine\My\*|?{$_.Subject -match ("^CN="+$oWMIComputer.Name+"."+$oWMIComputer.Domain+'$')}} |
Just one certificate found?
1 2 3 4 | if($oDomainCert.Count -eq 1){ Set-WmiInstance -Path $oTSWMIPath -argument @{SSLCertificateSHA1Hash=$oDomainCert.Thumbprint}} |
Michael