So the release of Windows Server 2012 has removed a lot of the old Remote Desktop related configuration utilities. In particular, there is no more Remote Desktop Session Host Configuration utility that gave you access to the RDP-Tcp properties dialog that let you configure a custom certificate for the RDSH to use. In its place is a nice new consolidated GUI that is part of the overall "edit deployment properties" workflow in the new Server Manager. The catch is that you only get access to that workflow if you have the Remote Desktop Services role installed (as far as I can tell).
This seems like a bit of an oversight on Microsoft‘s part. How can we configure a custom SSL certificate for RDP on Windows Server 2012 when it‘s running in the default Remote Administration mode without needlessly installing the Remote Desktop Services role?
Important: you need open a CMD by "Run as administrator" then perform the wmic command.
A:
|
38 down vote accepted
|
It turns out that much of the configuration data for RDSH is stored in the Win32_TSGeneralSetting class in WMI in the root\cimv2\TerminalServices namespace. The configured certificate for a given connection is referenced by the Thumbprint value of that certificate on a property called SSLCertificateSHA1Hash. In order to get the thumbprint value
Now that you have the thumbprint value, here‘s a one-liner you can use to set the value using wmic: Or if PowerShell is your thing, you can use this instead: It occurs to me that this solution would probably work on Windows 8 systems as well. I haven‘t played with it much myself yet though. Note: the certificate must be in the ‘Personal‘ Certificate Store for the Computer account. |
