Configure Custom SSL Certificate for RDP on Windows Server at Remote administration mode

Q:

So the release of Windows Server have removed a lot of the old Remote Desktop related configuration utilities. In particular, there are no more Remote Desktop Session Host Configuration Utility This gave you access to the RDP -TCP Properties dialog that let's configure a custom certificate for the RDSH to use. In it place was a nice new consolidated GUI that's part of the overall "Edit deployment Properties" workflow in the new S Erver Manager. The catch is so you only get access to that workflow if you have the Remote Desktop Services role installed (as far as I can tell).

This seems is a bit of a oversight on Microsoft's part. How can we configure a custom SSL certificate for RDP on Windows Server if it's running in the default Remote Admin Istration mode without needlessly installing the Remote Desktop Services role?

Important:you need open a CMD by "Run as Administrator" then perform the WMIC command.

A:

Vote Accepted

It turns out this much of the configuration data for RDSH are stored in the win32_tsgeneralsetting class in WMI in The root\cimv2\terminalservices namespace. The configured certificate for a given connection are referenced by the thumbprint value of this certificate on a property Called Sslcertificatesha1hash. In order to get the thumbprint value Open the properties dialog for your certificate and select the Details tab Scroll down to the Thumbprint field and copy the space delimited hex string into something like Notepad Remove all the spaces from the string. You'll also want to watch out for and remove a non-ascii character that sometimes gets copied just before the first Charac ter in the string. It ' s not visible in Notepad. This is the value of need to set in WMI. It should look something like this: 1ea1fd5b25b8c327be2c4e4852263efdb4d16af4. Now it has the thumbprint value, here's a one-liner you can use to set the value using WMIC: wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT" Or If PowerShell is your thing, you can use this instead: $path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName=‘RDP-tcp‘").__pathSet-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="THUMBPRINT"} It occurs to me the this solution would probably work on Windows 8 systems as well. I Haven ' t played with it much myself yet though. Note: The certificate must is in the ' Personal ' certificate Store for the computer account.

Configure Custom SSL Certificate for RDP on Windows Server at Remote administration mode