Windows: Set Machine certificate as Remote Desktop Certificate


if a Windows computer is member of a domain and the certificate autoenrollment is in place then you can use the machine certificate provided by the active directory as the RDP TLS certificate.

Get Remote Desktop WMI Path

$oTSWMIPath = (Get-WmiObject -Namespace root\cimv2\terminalservices -class "Win32_TSGeneralSetting" -Filter "TerminalName='RDP-tcp'").__path

Get the Machine Certificate issued by your domain

$oWMIComputer=Get-WmiObject -class "Win32_ComputerSystem" -Filter "DomainRole=1"
    $oDomainCert=get-item Cert:\LocalMachine\My\*|?{$_.Subject -match ("^CN="+$oWMIComputer.Name+"."+$oWMIComputer.Domain+'$')}

Just one certificate found?

if($oDomainCert.Count -eq 1)
    Set-WmiInstance -Path $oTSWMIPath -argument @{SSLCertificateSHA1Hash=$oDomainCert.Thumbprint}


Advertisment to support

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.