Problem
As most IT-pro’s encounter multiple times per day/week when you use Remote Desktop connection (mstsc.exe) to connect to a remote server/workstation via RDP you get this annoying popup:
You can tick the don’t ask me again for connections to this computer but that’s something you need to do for all individual connections that you have on your workstations and that is not really a workable solution for users or admins with a lot of servers..
Solution
There are multiple ways to solve this :-).
First option: Override
As mentioned earlier you can tick the “don’t ask me again for connections to this computer’ box to solve the issue but thats time consuming.
Second option: Override via Registry
If you have multiple connections and don’t want to tick the box you can deploy this registry setting via Microsoft Endpoint Manager/GPO etc.
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client] "AuthenticationLevelOverride"=dword:00000000 Or offcourse via Powershell:
Set-ItemProperty -Path “HKCU:\Software\Microsoft\Terminal Server Client” -name “AuthenticationLevelOverride” -value 0 |
Third option: Use a trusted certificate from your internal CA.
Shameless plug 🙂 I wrote an article on how to implement an internal Certificate Authority. If you install that it will automatically create certificates for RDP for the servers in your environment. So if the client and the server are both in the Active Directory domain that also has the Certificate Authority installed the root certificate is automatically distributed to all machines in the domain so the RDP certificate will be trusted.
Fourth Option
If all else fails you can always export the Remote Desktop Certificate from the destination server and deploy it via GPO or any other way you prefer to the machines from which you are using RDP . To do this open on the RDP destination server the local certificates store (open MMC.exe and choose certificates). Export the certificate to your prefered location.
Next step is to import this in the destination server in the trusted root certificates folder.
After that the message shouldn’t appear again. If needed you can distribute this certificate via GPO (Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities).
Hope this helps someone 🙂