Skip to content

Instantly share code, notes, and snippets.

@fffonion
Created December 19, 2023 14:20
Show Gist options
  • Save fffonion/3ee2bc80a01e34afe8f6200feefbd386 to your computer and use it in GitHub Desktop.
Save fffonion/3ee2bc80a01e34afe8f6200feefbd386 to your computer and use it in GitHub Desktop.
Replace cert for Remote desktop and Windows Admin Center
function 测试UAC
{
[OutputType([bool])]
param()
process {
[Security.Principal.WindowsPrincipal]$用户 = [Security.Principal.WindowsIdentity]::GetCurrent();
return $用户.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator);
}
}
if(-not (测试UAC))
{
$脚本名 = $MyInvocation.MyCommand.Definition
Start-Process powershell -Verb runas -ArgumentList "& '$脚本名'"
exit
}
$指纹 = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -like "CN=gen8.*"}).Thumbprint
echo $指纹
echo 更新WAC证书
Get-Service ServerManagementGateway* | Stop-Service
(netsh http show sslcert ipport=0.0.0.0:443 | Select-String -Pattern "应用程序 ID\s+:\s+({.+?})").Matches.Groups
$应用程序ID = (netsh http show sslcert ipport=0.0.0.0:443 | Select-String -Pattern "应用程序 ID\s+:\s+({.+?})").Matches.Groups[1].Value
netsh http delete sslcert ipport=0.0.0.0:443
# $应用程序ID="{278c9b6c-ae4d-4485-aa1f-a159611f6ac3}"
netsh http add sslcert ipport=0.0.0.0:443 certhash=$指纹 appid="$应用程序ID"
Get-Service ServerManagementGateway* | Start-Service
echo 更新RDP证书
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$指纹"
Restart-Service -Name TermService -Force
pause
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment