If one has a Remote Desktop Certificate Template and a appropriate group guidelines configured, or manually assigned a remote desktop certificateYou may want to verify that the certificates on the participating computers are being used correctly by the Remote Desktop session host.
Implementation
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Unfortunately, there is no graphical user interface to achieve this. However, it is possible to query against the Windows Management Instrumentation (WMI) via Windows PowerShell to get the desired information. This can be achieved with the following command.
(Get-WmiObject `
-class "Win32_TSGeneralSetting" `
-Namespace root\cimv2\terminalservices `
-Filter "TerminalName='RDP-tcp'"
).SSLCertificateSHA1Hash
The SHA1 fingerprint (thumbprint) of the used remote desktop certificate is returned. With this information, the used certificate can be easily identified. The fingerprint is displayed in the certificate diaog in the "Details" tab in the "Thumbprint" field.
Related links:
- Configuring a Certificate Template for Remote Desktop (RDP) Certificates
- Configuring a Group Policy (GPO) for Remote Desktop (RDP) Certificates
- Manually assigning a Remote Desktop (RDP) certificate
- Manually requesting a Remote Desktop (RDP) certificate
3 thoughts on “Identifizieren des aktiven Remotedesktop (RDP) Zertifikats”
Comments are closed.