Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Reset RDP Cert To Let's Encrypt
Write-Host Clear security certificates. Removes SSLCertificateSHA1Hash from the registry.
$name = 'SSLCertificateSHA1Hash'
$path = 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
Remove-ItemProperty -Path $path -Name $name -ErrorAction SilentlyContinue
Set-ItemProperty -Path $path -Name 'MinEncryptionLevel' -Value 1
Set-ItemProperty -Path $path -Name 'SecurityLayer' -Value 0
Remove-ItemProperty -Path 'HKLM:\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp' -Name $name -ErrorAction SilentlyContinue
Remove-ItemProperty -Path 'HKLM:\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp' -Name $name -ErrorAction SilentlyContinue
Write-Host Clear security certificates. Set SSLCertificateSHA1Hash to .
# grab the thumbprint of the first SSL cert in the computer store
$cert = (gci -path cert:/LocalMachine/My | Where-Object {($_.Issuer -Like "*Let's Encrypt*") -And ($_.NotAfter -gt (Get-Date)) -And ($_.HasPrivateKey)} | select -first 1)
Write-Host $cert
$thumb = ($cert).Thumbprint
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$($thumb)"
Write-Host Restart the service
restart-service TermService -force
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment