From 82cc90b4ba59391bcd4ef13f60a3d2f310557d33 Mon Sep 17 00:00:00 2001 From: yois615 <38441801+yois615@users.noreply.github.com> Date: Wed, 29 Apr 2026 11:40:47 -0400 Subject: [PATCH 1/2] Require Elevation and use Open File Dialog In this commit, we require elevation which is needed to add the self-signed cert to the Personal store, and to the registry. We also use the OpenFileDialog to select the target RDP File --- RDPSign.ps1 | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/RDPSign.ps1 b/RDPSign.ps1 index 6ee1c44..489702e 100644 --- a/RDPSign.ps1 +++ b/RDPSign.ps1 @@ -1,5 +1,7 @@ -# ============================================================================== +#Requires -RunAsAdministrator +# ============================================================================== # SIGN RDP CONNECTION FILES YOU CREATE ON THE MACHINE USING A SELF-SIGNED CERTIFICATE TO SUPRESS APRIL 2026 RDP SECURITY UPDATE WARNINGS WHEN OPENING REMOTE DESKTOP FILES +# This file should be run on the machine you are connecting FROM. # https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings#:~:text=When%20an%20RDP%20file%20is,as%20the%20following%20image%20shows. # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26151 # NOTE!! THIS WILL NO LONGER SHOW THE "Remote Desktop Connection security warning" FOR ANY SIGNED FILES AND ENSURES THESE FILES CAN'T BE MODIFIED AFTER SIGNING WITHOUT INVALIDATING THE SIGNATURE, WHICH WILL MAKE THE WARNING REAPPAER @@ -9,7 +11,17 @@ # ============================================================================== # 1. Configuration -$rdpFile = "C:\Users\Desktop\RDPFILENAME.rdp" + +Add-Type -AssemblyName System.Windows.Forms + +$folderselection = New-Object System.Windows.Forms.OpenFileDialog -Property @{ +InitialDirectory = [Environment]::GetFolderPath('Desktop') +Filter = "RDP Files (*.rdp)|*.rdp" +} +$folderselection.ShowDialog() + + +$rdpFile = $folderselection.Filename $certSubjectName = "CompanyNameIT-RDP" $certSubject = "CN=$certSubjectName" @@ -75,4 +87,4 @@ if (Test-Path $rdpFile) { Write-Host "Success! RDP file is ready for use." -ForegroundColor Green } else { Write-Error "Target RDP file not found at $rdpFile" -} \ No newline at end of file +} From d2f77e3cbf556975a7757f1548ce2ebd92593735 Mon Sep 17 00:00:00 2001 From: yois615 <38441801+yois615@users.noreply.github.com> Date: Wed, 29 Apr 2026 11:49:05 -0400 Subject: [PATCH 2/2] Use computername in Cert name Since the cert is self signed on each PC, it seems to be more appropriate to use the computer name as the Cert name --- RDPSign.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RDPSign.ps1 b/RDPSign.ps1 index 489702e..8cb9805 100644 --- a/RDPSign.ps1 +++ b/RDPSign.ps1 @@ -22,7 +22,7 @@ $folderselection.ShowDialog() $rdpFile = $folderselection.Filename -$certSubjectName = "CompanyNameIT-RDP" +$certSubjectName = $env:computername+"-RDP" $certSubject = "CN=$certSubjectName" # 2. Check for existing certificate