Remote Desktop: How and why you want to sign your RDP file

Martin 05/10/2017

When you have your Remote Desktop farm spinning with connection broker and the right certificates, all should be over with the certificate warnings…..ehh should??

You create a RDP profile for your users, so they have a shortcut on their desktops for the RD farm, but they get this screen:

But did i just not install certificates on my connection broker and all my RDS hosts?!

YES

But when I just open the remote desktop connection client (mstsc.exe) and type in the fqdn of my tsfarm I get no errors?!

CORRECTLY

What’s wrong then?

When you SAVE the RDP file, with all the settings, the file itself is not signed in any way, and therefore not trusted!

Luckily Microsoft has made RDPSIGN which come to aid!

You go to your server, where you have already installed the certificates in the Personal Certificate store, you open the certificate, and find it’s thumbprint:

Billedresultat for windows certificate thumbprint

You copy paste that thumprint above, and go to your command prompt and type:

rdpsign /sha1 <hash> <your-rdp.file.rdp>

And thats it!

Distribute the file to your users by mail or script, and when they try to connect the next time, they will see this:

Now they can just check the “Don’t ask me” dialog, but not worry about a “dangerous” publisher 🙂

About the Author

Leave a Reply