如何忽略远程桌面连接上的证书警告 [英] How to ignore the certificate warning on remote desktop connection

问题描述

我正在尝试忽略远程桌面连接上的证书警告-图像中的一个:

I am trying to ignore the certificate warning on remote desktop connection - the one in the image:

到目前为止，我发现当我选中不再询问"复选框时，它会在此处生成注册表项:

So far I have found that when I check the "don't ask again" checkbox it is generating registry key over here:

HKCU:\ Software \ Microsoft \ Terminal Server Client \ Servers

HKCU:\Software\Microsoft\Terminal Server Client\Servers

将生成一个新记录，其中包含服务器名称和键名CertHash，其中包含特定于计算机的值.密钥对于一台机器是相同的-如果我将其删除并选中该复选框，则会再次生成相同的值.如果我重新创建虚拟机，则有一个新的价值，因此我认为这是特定于计算机的.

A new record is generated with the name of the server and key name CertHash that contains a value that is specific for a machine. The key is the same for a machine - if I delete it and check the checkbox the same value is again generated. There is a new value in case I recreate the virtual machine so I think it is something machine specific.

有人可以告诉我此哈希是如何生成的，以便可以从命令行填充密钥吗?添加证书不是一种选择，并且计算机将经常被重新生成，因此我需要一个选项来自动忽略它，因为我需要将用户连接到计算机并在其中运行一些程序.

Can someone tell me how is this hash generated so I can populate the key from command line? Adding certificate is not an option and the machines will be frequently regenerated so I need an option to ignore this automatically as I need to connect a user to the machine and run some programs in it.

推荐答案

我知道这是一个老问题.但这可能会帮助正在寻找相同解决方案的人.

I know this is an old question. But this may help someone who is looking for the same solution.

方法1

您可能会跳过所有RDP连接的证书检查(使用后果自负)

You may over ride the certificate check for ALL RDP connections (use it at your own risk)

只需添加一个新的注册表项，如下所示.

Just add a new registry key as below.

reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f

方法2

考虑到您是否在远程计算机上具有管理员权限，实际上您可以使用以下wmic命令从远程计算机上获取crethash值.因此，您可以在启动mstsc并将其添加到注册表之前，制作一个小的批处理文件以获取该值.我没有包括完整的批处理文件，但这就是想法.

Considering if you have admin rights on the remote machine, you could actually get the crethash value from the remote machine using the below wmic command. So you could make a small batch file to get this value before you launch the mstsc and add this value in registry. I haven't included the complete batch file but thats the idea.

wmic /node:Testserver /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting get SSLCertificateSHA1Hash

这篇关于如何忽略远程桌面连接上的证书警告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！