Registry file

Stops the "The identity of the remote computer cannot be verified. Do you want to connect anyway?"

• This assumes you are using a gateway
• Target server is 2008 (R2 Enterprise in this example)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\LocalDevices]
"server.xxx.xx.xx.xx;gateway.xxx.xx.xx.xx"=dword:0000004c

[HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers\server.xxx.xx.xx.xx]
"CertHash"=hex:xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx
"UsernameHint"="DOMAIN\\username"

CertHash = thumbprint from servers certificate - [connect once with GUI to look at the cert you are presented with to get this, or just connect and then copy the registry key]

• Update - if the certhash gets set as all 00's , then you need to change cmdkey below to use /generic instead of /add (due to a server setting)

Add credentials

Stops credential prompting

cmdkey /add:gateway.xxx.xx.xx.xx /user:DOMAIN\username /pass:password
cmdkey /add:TERMSRV/server.xxx.xx.xx.xx /user:DOMAIN\username /pass:password

You can check these with either netpass

or run "rundll32.exe keymgr.dll, KRShowKeyMgr"

• Note, if your certhash is 00's change /add:TERMSRV to /generic:TERMSRV above to autologin to server so it is "cmdkey /generic:TERMSRV/server.xxx.xx.xx.xx /user:DOMAIN\username /pass:password"

RDP file

Sample RDP file

screen mode id:i:2
use multimon:i:0
desktopwidth:i:1152
desktopheight:i:864
session bpp:i:32
winposstr:s:0,3,0,0,800,600
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:2
displayconnectionbar:i:1
username:s:DOMAIN\username
disable wallpaper:i:1
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:server.xxx.xx.xx.xx
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
redirectdirectx:i:1
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:gateway.xxx.xx.xx.xx
gatewayusagemethod:i:1
gatewaycredentialssource:i:0
gatewayprofileusagemethod:i:1
promptcredentialonce:i:1
use redirection server name:i:0
smart sizing:i:1

• Note, secret "smart sizing:i:1" lets you resize the window, very useful.

Batch file to tie together

This lets you be on a clean machine, just run the bat file and you are straight into the server with no dicking about accepting silly prompt messages.

Basically this adds the target servers identity to the registry, adds the credentials, runs the rdp file.

@echo off
regedit /s %~dp0server.reg
cmdkey /add:gateway.xxx.xx.xx.xx /user:DOMAIN\username /pass:password
cmdkey /add:TERMSRV/server.xxx.xx.xx.xx /user:DOMAIN\username /pass:password
start mstsc %~dp0server.rdp

• Remeber /add:TERMSRV becomes /generic:TERMSRV if certhash is 00's

Multiple entries

In my case I have half a dozen servers to connect too, I have all the servers together in the .reg file, all the credentials added in the one batch file and create shortcuts to the batch file for each server, passing as an arguement the server name.

The last line of the batch being instead this, which calls the .rdp connection file of the same name.

start mstsc %~dp0%1.rdp

i.e. have a shortcut (.lnk) called "serverC" , the 'Target' being "rdp.bat serverC", therefore rdp.bat is called, passed the arg 'serverC' which makes it call serverC.rdp.

Comments