Created
October 17, 2019 20:44
-
-
Save ngbrown/0054140cba0c69764d51bafabe90ff19 to your computer and use it in GitHub Desktop.
Reset RDP Cert To Let's Encrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host Clear security certificates. Removes SSLCertificateSHA1Hash from the registry. | |
| $name = 'SSLCertificateSHA1Hash' | |
| $path = 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' | |
| Remove-ItemProperty -Path $path -Name $name -ErrorAction SilentlyContinue | |
| Set-ItemProperty -Path $path -Name 'MinEncryptionLevel' -Value 1 | |
| Set-ItemProperty -Path $path -Name 'SecurityLayer' -Value 0 | |
| Remove-ItemProperty -Path 'HKLM:\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp' -Name $name -ErrorAction SilentlyContinue | |
| Remove-ItemProperty -Path 'HKLM:\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp' -Name $name -ErrorAction SilentlyContinue | |
| Write-Host Clear security certificates. Set SSLCertificateSHA1Hash to . | |
| # grab the thumbprint of the first SSL cert in the computer store | |
| $cert = (gci -path cert:/LocalMachine/My | Where-Object {($_.Issuer -Like "*Let's Encrypt*") -And ($_.NotAfter -gt (Get-Date)) -And ($_.HasPrivateKey)} | select -first 1) | |
| Write-Host $cert | |
| $thumb = ($cert).Thumbprint | |
| wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$($thumb)" | |
| Write-Host Restart the service | |
| restart-service TermService -force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment