Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Enables you to digitally sign a Remote Desktop Protocol (.rdp) file. for examples of how to use this command, see Examples.
In Windows Server 2008 R2, Terminal Services was renamed Remote Desktop Services. To find out what's new in the latest version, see What s New in Remote Desktop Services in Windows Server 2012 in the Windows Server TechNet Library.
rdpsign /sha1 <hash> [/q | /v |] [/l] <file_name.rdp>
|/sha1 <hash>||Specifies the thumbprint, which is the Secure Hash Algorithm 1 (SHA1) hash of the signing certificate that is included in the certificate store. Used in Windows Server 2012 R2 and older.|
|/sha256 <hash>||Specifies the thumbprint, which is the Secure Hash Algorithm 256 (SHA256) hash of the signing certificate that is included in the certificate store. Replaces /sha1 in Windows Server 2016 and newer.|
|/q||Quiet mode. No output when the command succeeds and minimal output if the command fails.|
|/v||verbose mode. Displays all warnings, messages, and status.|
|/l||Tests the signing and output results without actually replacing any of the input files.|
|/?||Displays help at the command prompt.|
The SHA1 or SHA256 certificate thumbprint should represent a trusted .rdp file publisher. To obtain the certificate thumbprint, open the Certificates snap-in, double-click the certificate that you want to use (either in the local computer's certificates store or in your personal certificates store), click the details tab, and then in the Field list, click Thumbprint.
When you copy the thumbprint for use with the rdpsign.exe tool, you must remove any spaces.
You must specify the .rdp file (or files) to sign by using the full file name. Wildcard characters are not accepted.
The signed output files will overwrite the input files.
if any of the .rdp files cannot be read or written to, the tool will continue to the next file if multiple files are specified.
- To sign an .rdp file that is named File1.rdp, navigate to the folder where you saved the .rdp file, and then type the following:
rdpsign /sha1 hash file1.rdp
The hash value represents the SHA1 certificate thumbprint, without any spaces.
- To test whether digital signing will succeed for an .rdp file without actually signing the file, type the following:
rdpsign /sha1 hash /l file1.rdp
- To sign multiple .rdp files, separate the file names by using spaces. For example, to sign multiple .rdp files that are named File1.rdp, File2.rdp, and File3.rdp, type the following:
rdpsign /sha1 hash file1.rdp file2.rdp file3.rdp
See AlsoCommand-Line Syntax Key Remote Desktop Services (Terminal Services) Command Reference