Windows 7 Remote Desktop Connection no prompts

=Registry file=

Stops the "The identity of the remote computer cannot be verified. Do you want to connect anyway?"


 * This assumes you are using a gateway
 * Target server is 2008 (R2 Enterprise in this example)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\LocalDevices] "server.xxx.xx.xx.xx;gateway.xxx.xx.xx.xx"=dword:0000004c

[HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers\server.xxx.xx.xx.xx] "CertHash"=hex:xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx "UsernameHint"="DOMAIN\\username"

CertHash = thumbprint from servers certificate - [connect once with GUI to look at the cert you are presented with to get this, or just connect and then copy the registry key]


 * Update - if the certhash gets set as all 00's, then you need to change cmdkey below to use /generic instead of /add (due to a server setting)

=Add credentials=

Stops credential prompting

cmdkey /add:gateway.xxx.xx.xx.xx /user:DOMAIN\username /pass:password cmdkey /add:TERMSRV/server.xxx.xx.xx.xx /user:DOMAIN\username /pass:password

You can check these with either netpass

or run "rundll32.exe keymgr.dll, KRShowKeyMgr"


 * Note, if your certhash is 00's change /add:TERMSRV to /generic:TERMSRV above to autologin to server so it is "cmdkey /generic:TERMSRV/server.xxx.xx.xx.xx /user:DOMAIN\username /pass:password"

=RDP file=

Sample RDP file

screen mode id:i:2 use multimon:i:0 desktopwidth:i:1152 desktopheight:i:864 session bpp:i:32 winposstr:s:0,3,0,0,800,600 compression:i:1 keyboardhook:i:2 audiocapturemode:i:0 videoplaybackmode:i:1 connection type:i:2 displayconnectionbar:i:1 username:s:DOMAIN\username disable wallpaper:i:1 allow font smoothing:i:0 allow desktop composition:i:0 disable full window drag:i:1 disable menu anims:i:1 disable themes:i:0 disable cursor setting:i:0 bitmapcachepersistenable:i:1 full address:s:server.xxx.xx.xx.xx audiomode:i:0 redirectprinters:i:1 redirectcomports:i:0 redirectsmartcards:i:1 redirectclipboard:i:1 redirectposdevices:i:0 redirectdirectx:i:1 autoreconnection enabled:i:1 authentication level:i:2 prompt for credentials:i:0 negotiate security layer:i:1 remoteapplicationmode:i:0 alternate shell:s: shell working directory:s: gatewayhostname:s:gateway.xxx.xx.xx.xx gatewayusagemethod:i:1 gatewaycredentialssource:i:0 gatewayprofileusagemethod:i:1 promptcredentialonce:i:1 use redirection server name:i:0 smart sizing:i:1


 * Note, secret "smart sizing:i:1" lets you resize the window, very useful.

=Batch file to tie together=

This lets you be on a clean machine, just run the bat file and you are straight into the server with no dicking about accepting silly prompt messages.

Basically this adds the target servers identity to the registry, adds the credentials, runs the rdp file.

@echo off regedit /s %~dp0server.reg cmdkey /add:gateway.xxx.xx.xx.xx /user:DOMAIN\username /pass:password cmdkey /add:TERMSRV/server.xxx.xx.xx.xx /user:DOMAIN\username /pass:password start mstsc %~dp0server.rdp


 * Remeber /add:TERMSRV becomes /generic:TERMSRV if certhash is 00's

=Multiple entries=

In my case I have half a dozen servers to connect too, I have all the servers together in the .reg file, all the credentials added in the one batch file and create shortcuts to the batch file for each server, passing as an arguement the server name.

The last line of the batch being instead this, which calls the .rdp connection file of the same name. start mstsc %~dp0%1.rdp

i.e. have a shortcut (.lnk) called "serverC", the 'Target' being "rdp.bat serverC", therefore rdp.bat is called, passed the arg 'serverC' which makes it call serverC.rdp.

=Comments=