hello @Vadims Podāns and thank you for your help,
here what i am trying to do exactly so you can understand my following codes:
- we are working in a workgroup environment, with windows 10 (only) machines.
- we have users that need to make RDP connections several times a day to machines in the same network, so they face the RDP warning several times a day, and there's a security note, that prohibits approving this warning.
We tested a workarround, that consists of adding the self-signed RDP certificate of computer B (acting as server) in the registry of computer A (acting as client) and it worked perfectly.
My codes are the following:
1/ in computer A (acting as server): $outfile = "\192.168.1.222\c$\temp\Outfile.csv" $cert = Get-ChildItem -Path 'Cert:\LocalMachine\Remote Desktop'
$hostname = hostname
$thumbprint = $cert.Thumbprint $res = ($thumbprint -replace ‘(..)’,’$1,’).trim(‘,’) $array = @() $cert = Get-ChildItem -Path 'Cert:\LocalMachine\Remote Desktop'
$hostname = hostname
$thumbprint = $cert.Thumbprint $obj = New-Object System.Object
$obj | Add-Member -MemberType NoteProperty -Name Hostname -Value $hostname
$obj | Add-Member -MemberType NoteProperty -Name ThumbPrint -Value $res $array = @()
$array += $obj $array | Export-Csv $outfile -Append
2/ in computer B (acting as client):
#$null = New-Item -Path HKCU:\Software\Testkey3
#Set-ItemProperty -Path HKCU:\Software\Testkey3 -Name Testvalue -Value 11,2,3,4 -Type Binar
function addCertHash($hostname, $certHash){
Write-Host Setting location to $hostname
\# Set-Location 'HKCU:\SOFTWARE\Microsoft\Terminal Server Client'
Write-Host Testing path
#if(-not (Test-RegistryValue -path "HKCU:\SOFTWARE\Microsoft\Terminal Server Client" -value $hostname)){
\# Write-Host creating $hostname
\# New-Item -Path "HKCU:\SOFTWARE\Microsoft\Terminal Server Client\Servers\$hostname" -Force
#}
Write-Host Setting location 2
#Set-Location .\$hostname
Write-Host Setting value
\# Set-ItemProperty -Path .\$hostname -Name CertHash -Value $certHash -Type Binary
}
function Test-RegistryValue {
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Path,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Value
)
try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
return $true
}
catch {
return $false
}
}
Set-Location C:\Windows
$csv = Import-Csv "\\192.168.1.222\c$\temp\Outfile.csv" -Delimiter ','
foreach($dev in $csv){
#New-Item -Path HKCU:\SOFTWARE\Microsoft\Terminal Server Client\Servers -name $dev.hostname
#Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Terminal Server Client\Servers\$dev.hostname -Name Testvalue -Value $dev.ThumbPrint -Type Binar
$dev.Hostname
$dev.ThumbPrint
addCertHash($dev.Hostname, $dev.ThumbPrint)
}
my problem is with 2nd script that refuses to:
- add the remote desktop servers in the registry of the computer B
Please, any help would be appreciated.
Regards