Wow, I found a second blog and video that I didn’t publish from 2022. So here is it. Now that that you have created the Remote Desktop (RDP) Certificate template. How do you enroll ensure that computer will use it? Group Policy Object (GPO) is the easiest way. This article will show you How to How to Create RDP Certificate enrollment GPO. This article includes both the step-by-step to create the GPO with video, as well as the steps to confirm that a computer has enrolled.
How to Create RDP Certificate Enrollment GPO?
This Article assume that you have already created the RDP Certificate template, if you have not done that step, go back and review. How to Create RDP Certificates?
Starting on you domain controller (DC), start the Group Policy Management administrative tool.
Select a GPO to edit or create and new GPO. In my case I will use the GPO Remote Desktop, Right click and select Edit…
The Group Policy Management Editor appears. Browser to Computer | Configuration Policies | Administrative Templates: Policy | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Security.
Double-click Server authentication certificate template setting. Then select Enabled, enter the Certificate Template Name in the text box. If you are not sure what the template name is, Please see the section below How to Confirm the Certificate Template name? Click OK to close the windows then close the Group Policy Management Editor. With that last step done, in approximately an hour when each computer refreshes it’s GPO settings, they will enroll the RDP cert for their computer.
How to Confirm the Certificate Template name?
If you forgot to save you template name to notepad, you can look it up within your Certificate Authority (CA).
Open your CA, select Certificate Templates node, The right-click and select Manage.
In the Certificate Template Console window, find your certificate and right-click and select Change Name.
Copy the Template Name. Use this for your GPO setting.
How to Confirm that RDP Certificate was Created?
You would think that the cert would be found within Remote Desktop | Certificates node. But you would be wrong.
It is found within the Local Computer | Personal | Certificate node. Notice that the intended purpose is listed as RDP. This is the name of the certificate application that I created in a previous article. Again, there are no tricks to validating this certificate. You would do that as you would any other cert.
The one thing that you can notice if you double-click the cert is that is shows without any errors or warning. You can also notice that it is valid for a year vs 6 months.
How to Create RDP Certificate Enrollment GPO?
In this video, I will go over the step listed above so that you can see the whole processes in action.
Please also subscribe to my YouTube channel and newsletter to stay on top of the latest trips and tricks. Additionally, if you have any questions, please feel free to touch base @Garthmj.