<# April2026-RDPPopupBypass Copyright (c) 2026 ACO Services Inc. Developed by Tanner Van Teeffelen This project contains code derived from: April-2026-security-update-Remote-Desktop-Conection-security-warning Copyright (c) IanVanLier Licensed under the MIT License #> Clear-Host Add-Type -AssemblyName System.Windows.Forms if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` [Security.Principal.WindowsBuiltInRole] "Administrator")) { Write-Host "Insufficient permissions to run this script. Please run this as an administrator.`n" -ForegroundColor Red $HOST.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”) | OUT-NULL $HOST.UI.RawUI.Flushinputbuffer() exit 1 } Write-Host "-------------------------------------------" -ForegroundColor Blue Write-Host "|Developed by Tanner Van Teeffelen |" -ForegroundColor Blue Write-Host "|Copyright ACO Services Inc. 2021 |" -ForegroundColor Blue Write-Host "|Based on MIT-licensed work by IanVanLier |" -ForegroundColor Blue Write-Host "-------------------------------------------`n" -ForegroundColor Blue # 1. Configuration $rdpFile $certSubjectName $FileBrowser = New-Object System.Windows.Forms.OpenFileDialog $FileBrowser.Filter = "RDP Files (*.rdp)|*.rdp|All Files (*.*)|*.*" $FileBrowser.DefaultExt = "rdp" $FileBrowser.Title = "Select an RDP file." if ($FileBrowser.ShowDialog() -eq "OK") { $rdpFile = $FileBrowser.FileName } else { Write-Host "File browser dialog closed. Please try again and select an .rdp file." -ForegroundColor Red $HOST.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”) | OUT-NULL $HOST.UI.RawUI.Flushinputbuffer() exit 2 } if ([IO.Path]::GetExtension($rdpFile) -ne ".rdp") { Write-Host "Invalid file type. Please try again and select an .rdp file." -ForegroundColor Red $HOST.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”) | OUT-NULL $HOST.UI.RawUI.Flushinputbuffer() exit 3 } $certSubjectName = Read-Host "Please type in your desired certificate subject name (e.g. 'CompanyNameIT-RDP')" $certSubject = "CN=$certSubjectName" # 2. Check for existing certificate Write-Host "Searching for existing certificate: $certSubjectName..." -ForegroundColor Cyan $existingCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -eq $certSubject } | Select-Object -First 1 if ($existingCert) { Write-Host "Found existing certificate with Thumbprint: $($existingCert.Thumbprint)" -ForegroundColor Green $thumbprint = $existingCert.Thumbprint } else { Write-Host "No existing certificate found. Creating new one..." -ForegroundColor Yellow # Create the Self-Signed Certificate $cert = New-SelfSignedCertificate -Subject $certSubject ` -CertStoreLocation "Cert:\LocalMachine\My" ` -Type CodeSigningCert ` -KeyExportPolicy None ` -NotAfter (Get-Date).AddYears(5) $thumbprint = $cert.Thumbprint # Add to Trusted Root $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("Root", "LocalMachine") $rootStore.Open("ReadWrite") $rootStore.Add($cert) $rootStore.Close() # Add to Trusted Publishers $pubStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher", "LocalMachine") $pubStore.Open("ReadWrite") $pubStore.Add($cert) $pubStore.Close() # --- Updated GPO Registry Key Logic --- # Per your screenshot, path is Terminal Services (not Client) and key is TrustedCertThumbprints $gpoPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" $keyName = "TrustedCertThumbprints" if (!(Test-Path $gpoPath)) { New-Item -Path $gpoPath -Force | Out-Null } $currentRegistry = Get-ItemProperty -Path $gpoPath -Name $keyName -ErrorAction SilentlyContinue $currentValues = if ($currentRegistry) { $currentRegistry.$keyName } else { "" } if ($currentValues -notlike "*$thumbprint*") { Write-Host "Updating registry trust list at $gpoPath..." -ForegroundColor Cyan $newValue = if ([string]::IsNullOrWhiteSpace($currentValues)) { $thumbprint } else { "$currentValues,$thumbprint" } # Using Set-ItemProperty with string type to match your screenshot Set-ItemProperty -Path $gpoPath -Name $keyName -Value $newValue -Type String } else { Write-Host "Thumbprint already exists in registry. Skipping update." -ForegroundColor Yellow } Write-Host "New certificate created and trusted." -ForegroundColor Green } # 3. Sign the RDP File if (Test-Path $rdpFile) { Write-Host "Signing RDP file: $rdpFile" -ForegroundColor Cyan # Signing with /sha256 to match modern security standards rdpsign.exe /sha256 $thumbprint "$rdpFile" Write-Host "Success! RDP file is ready for use." -ForegroundColor Green } else { Write-Error "Target RDP file not found at $rdpFile" } $HOST.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”) | OUT-NULL $HOST.UI.RawUI.Flushinputbuffer()