ACO/April2026-RDPPopupBypass
1
1
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions
April2026-RDPPopupBypass/RDPSign.ps1

139 lines
No EOL
5.7 KiB
PowerShell
Raw Blame History

<#
April2026-RDPPopupBypass
Copyright (c) 2026 ACO Services Inc.
Developed by Tanner Van Teeffelen
This project contains code derived from:
April-2026-security-update-Remote-Desktop-Conection-security-warning
Copyright (c) IanVanLier
Licensed under the MIT License
#>
Clear-Host
Add-Type -AssemblyName System.Windows.Forms
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` [Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "Insufficient permissions to run this script. Please run this as an administrator.`n" -ForegroundColor Red
$HOST.UI.RawUI.ReadKey(NoEcho,IncludeKeyDown) | OUT-NULL
$HOST.UI.RawUI.Flushinputbuffer()
exit 1
}
Write-Host "-------------------------------------------" -ForegroundColor Blue
Write-Host "|Developed by Tanner Van Teeffelen |" -ForegroundColor Blue
Write-Host "|Copyright ACO Services Inc. 2026 |" -ForegroundColor Blue
Write-Host "|Based on MIT-licensed work by IanVanLier |" -ForegroundColor Blue
Write-Host "-------------------------------------------`n" -ForegroundColor Blue
# 1. Get existing .rdp file.
$rdpFile
$certSubjectName
Write-Host "Before proceeding, please ensure that the .RDP file you select has the permissions you want" -ForegroundColor Green
Write-Host "This includes redirected printers, drives, and clipboard." -Foreground Green
Write-Host "If you make a change to the .RDP file, please run this program again after making your changes.`n" -ForegroundColor Red
Write-Host "Press any key to continue.`n" -ForegroundColor Green
$HOST.UI.RawUI.ReadKey(NoEcho,IncludeKeyDown) | OUT-NULL
$HOST.UI.RawUI.Flushinputbuffer()
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog
$FileBrowser.Filter = "RDP Files (*.rdp)|*.rdp|All Files (*.*)|*.*"
$FileBrowser.DefaultExt = "rdp"
$FileBrowser.Title = "Select an RDP file."
if ($FileBrowser.ShowDialog() -eq "OK") {
$rdpFile = $FileBrowser.FileName
} else {
Write-Host "File browser dialog closed. Please try again and select an .rdp file." -ForegroundColor Red
$HOST.UI.RawUI.ReadKey(NoEcho,IncludeKeyDown) | OUT-NULL
$HOST.UI.RawUI.Flushinputbuffer()
exit 2
}
if ([IO.Path]::GetExtension($rdpFile) -ne ".rdp") {
Write-Host "Invalid file type. Please try again and select an .rdp file." -ForegroundColor Red
$HOST.UI.RawUI.ReadKey(NoEcho,IncludeKeyDown) | OUT-NULL
$HOST.UI.RawUI.Flushinputbuffer()
exit 3
}
# 2. Set the certificate name.
$certSubjectName = Read-Host "Please type in your desired certificate subject name. Leave blank to use hostname"
if ([string]::IsNullOrWhiteSpace($certSubjectName)) {
$certSubjectName = $env:COMPUTERNAME
}
$certSubject = "CN=$certSubjectName"
# 3. Check for existing certificate
Write-Host "Searching for existing certificate: $certSubjectName..." -ForegroundColor Cyan
$existingCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -eq $certSubject } | Select-Object -First 1
if ($existingCert) {
Write-Host "Found existing certificate with Thumbprint: $($existingCert.Thumbprint)" -ForegroundColor Green
$thumbprint = $existingCert.Thumbprint
} else {
Write-Host "No existing certificate found. Creating new one..." -ForegroundColor Yellow
# Create the Self-Signed Certificate
$cert = New-SelfSignedCertificate -Subject $certSubject `
-CertStoreLocation "Cert:\LocalMachine\My" `
-Type CodeSigningCert `
-KeyExportPolicy None `
-NotAfter (Get-Date).AddYears(5)
$thumbprint = $cert.Thumbprint
# Add to Trusted Root
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("Root", "LocalMachine")
$rootStore.Open("ReadWrite")
$rootStore.Add($cert)
$rootStore.Close()
# Add to Trusted Publishers
$pubStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher", "LocalMachine")
$pubStore.Open("ReadWrite")
$pubStore.Add($cert)
$pubStore.Close()
# --- Updated GPO Registry Key Logic ---
# Per your screenshot, path is Terminal Services (not Client) and key is TrustedCertThumbprints
$gpoPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"
$keyName = "TrustedCertThumbprints"
if (!(Test-Path $gpoPath)) { New-Item -Path $gpoPath -Force | Out-Null }
$currentRegistry = Get-ItemProperty -Path $gpoPath -Name $keyName -ErrorAction SilentlyContinue
$currentValues = if ($currentRegistry) { $currentRegistry.$keyName } else { "" }
if ($currentValues -notlike "*$thumbprint*") {
Write-Host "Updating registry trust list at $gpoPath..." -ForegroundColor Cyan
$newValue = if ([string]::IsNullOrWhiteSpace($currentValues)) { $thumbprint } else { "$currentValues,$thumbprint" }
# Using Set-ItemProperty with string type to match your screenshot
Set-ItemProperty -Path $gpoPath -Name $keyName -Value $newValue -Type String
} else {
Write-Host "Thumbprint already exists in registry. Skipping update." -ForegroundColor Yellow
}
Write-Host "New certificate created and trusted." -ForegroundColor Green
}
# 4. Sign the RDP File
if (Test-Path $rdpFile) {
Write-Host "Signing RDP file: $rdpFile" -ForegroundColor Cyan
# Signing with /sha256 to match modern security standards
rdpsign.exe /sha256 $thumbprint "$rdpFile"
Write-Host "Success! RDP file is ready for use" -ForegroundColor Green
} else {
Write-Error "Target RDP file not found at $rdpFile"
}
Write-Host "Press any key to exit." -ForegroundColor Green
$HOST.UI.RawUI.ReadKey(NoEcho,IncludeKeyDown) | OUT-NULL
$HOST.UI.RawUI.Flushinputbuffer()
Reference in a new issue View git blame Copy permalink