Remote Desktop: How and why you want to sign your RDP file

When you have your Remote Desktop farm spinning with connection broker and the right certificates, all should be over with the certificate warnings…..ehh should??

You create a RDP profile for your users, so they have a shortcut on their desktops for the RD farm, but they get this screen:

But did i just not install certificates on my connection broker and all my RDS hosts?!


But when I just open the remote desktop connection client (mstsc.exe) and type in the fqdn of my tsfarm I get no errors?!


What’s wrong then?

When you SAVE the RDP file, with all the settings, the file itself is not signed in any way, and therefore not trusted!

Luckily Microsoft has made RDPSIGN which come to aid!

You go to your server, where you have already installed the certificates in the Personal Certificate store, you open the certificate, and find it’s thumbprint:

Billedresultat for windows certificate thumbprint

You copy paste that thumprint above, and go to your command prompt and type:

rdpsign /sha1 <hash> <your-rdp.file.rdp>

UPDATE: 25/7-2018:

RDPSIGN is updated and now want’s a SHA256 option in stead:

rdpsign /sha256 <hash> <your-rdp.file.rdp>

is your certificate is new, you can just use the sha1 value from the thumprint, it works either way 😉

And thats it!

Distribute the file to your users by mail or script, and when they try to connect the next time, they will see this:

Now they can just check the “Don’t ask me” dialog, but not worry about a “dangerous” publisher 🙂

1 Comment

  1. Hans-Werner


    this does not work on my server 2012r2.
    It says that all rdp files were signed, but the “publisher cannot be identied” pops up .
    How can I check that the rdp file is signed?



Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.