How to ignore the certificate warning on remote desktop connection

僤鯓⒐⒋嵵緔 提交于 2020-01-09 22:31:20

问题


I am trying to ignore the certificate warning on remote desktop connection - the one in the image:

So far I have found that when I check the "don't ask again" checkbox it is generating registry key over here:

HKCU:\Software\Microsoft\Terminal Server Client\Servers

A new record is generated with the name of the server and key name CertHash that contains a value that is specific for a machine. The key is the same for a machine - if I delete it and check the checkbox the same value is again generated. There is a new value in case I recreate the virtual machine so I think it is something machine specific.

Can someone tell me how is this hash generated so I can populate the key from command line? Adding certificate is not an option and the machines will be frequently regenerated so I need an option to ignore this automatically as I need to connect a user to the machine and run some programs in it.


回答1:


I know this is an old question. But this may help someone who is looking for the same solution.

Method 1

You may over ride the certificate check for ALL RDP connections (use it at your own risk)

Just add a new registry key as below.

reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f

Method 2

Considering if you have admin rights on the remote machine, you could actually get the crethash value from the remote machine using the below wmic command. So you could make a small batch file to get this value before you launch the mstsc and add this value in registry. I haven't included the complete batch file but thats the idea.

wmic /node:Testserver /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting get SSLCertificateSHA1Hash



回答2:


See this link.

Run Microsoft Management Console (mmc) and add the Certificates snap-in if you don't already have it for the computer you would like to connect to. In the Certificates, find the Remote Desktop folder, and open the certificate in that folder. On the Details tab, scroll down to find the Thumbprint value - this is the value you should copy to the registry.



来源:https://stackoverflow.com/questions/20686361/how-to-ignore-the-certificate-warning-on-remote-desktop-connection

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!