Everything, Everything

Stuart Ashen is fundraising for Stand Up To Cancer. Donate to @ashens's JustGiving page: https://t.co/91IGqrccH9
52 days, 1 hour, 25 minutes ago
Can't decide if I should try and buy the new Pixel phone or stick with my current one. Only the XL is really an imp… https://t.co/6PEX1nHcdm
60 days, 8 hours, 16 minutes ago
Windows Server 2016 is finally here! https://t.co/V6qVKJNesa
66 days, 20 hours, 46 minutes ago
"Your client will happily derp away on SMB1 and share all its darkest secrets" LOL. Sigh. https://t.co/mVr0V353wB
77 days, 22 hours, 27 minutes ago
Configuring RDP Listener Certificates With Windows Server 2016
Saturday 22nd October, 2016 16:18
There are many things I like about Server 2016 (and Server 2012 R2), but the removal of the Remote Desktop Configuration Manager MMC snap-in that was really useful in Server 2008 (which used to run this web server for several years) makes it a lot more difficult to configure a different certificate for the RDP listener. Instead of a few clicks in a GUI you now have to find the SHA1 hash and use the command line (although you can do it by adding a registry key, but WMI is easier in my opinion).

I went with Method 1, Using Windows Management Instrumentation (WMI) script, to configure the use of my certificate on my shiny new VM running Server 2016. After identifying the SHA1 hash of the certificate, the following command can be used on newer versions of Windows including Server 2016 to replace the default self-signed certificate:

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"

Not that you'll see the certificate, as I've locked down access to RDP to a handful of trusted IP addresses.
© Robert Nicholls 2002-2016
The views and opinions expressed on this site do not represent the views of my employer.