derektamsen · August 22, 2019 21:12
diff --git a/update_rdshost_cert_thumbprint.ps1 b/update_rdshost_cert_thumbprint.ps1
 param ($forceY = $false)

 import-module pki

 function promptContinue {
  $input = Read-Host "Would you like to continue? (y/n)"

  switch -regex ($input.ToLower()) {
    'y(es)?' { return $true }
    'n(o)?' { return $false }
    default {
      promptContinue
    }
  }
 }

 function getCertThumbprint {
  $rds_certs = Get-ChildItem -Path 'Cert:\LocalMachine\My'
  $signed_cert = $rds_certs | Where-Object `
    {($_.Subject -like '*issuer*') -and ($_.Subject -like "CN=${Hostname}*")}
  return $signed_cert.Thumbprint
 }

 function getWMIPath {
  $ts_wmi_path = (Get-WmiObject -class "Win32_TSGeneralSetting" `
                                -Namespace root\cimv2\terminalservices `
                                -Filter "TerminalName='RDP-tcp'").__path
  return $ts_wmi_path
 }

 function setTSCertThumbprint {
  param (
    $wmiPath,
    $certThumbprint
  )
  Set-WmiInstance -Path $wmiPath -argument @{SSLCertificateSHA1Hash=$certThumbprint}
 }

 function restartSvc {
  param (
    $svc
  )
  Write-Host "Restarting ${svc}..."
  Restart-Service $svc
 }

 $certThumbprint = getCertThumbprint
 $wmiPath = getWMIPath

 Write-Host "Signed Cert Thumbprint: ${certThumbprint}"
 Write-Host "Remote Desktop WMI Path: ${wmiPath}"
 Write-Host "This will change the remote desktop certificate and restart RDP!"

 if (-Not $forceY) {
  $toContinue = promptContinue
  if (-Not $toContinue) {
    Write-Host 'Aborting set cert thumbprint!'
    break
  }
 }

 setTSCertThumbprint -wmiPath $wmiPath -certThumbprint $certThumbprint
 restartSvc -svc 'SessionEnv'
 Write-Host "Done"
	param ($forceY = $false)

	import-module pki

	function promptContinue {
	$input = Read-Host "Would you like to continue? (y/n)"

	switch -regex ($input.ToLower()) {
	'y(es)?' { return $true }
	'n(o)?' { return $false }
	default {
	promptContinue
	}
	}
	}

	function getCertThumbprint {
	$rds_certs = Get-ChildItem -Path 'Cert:\LocalMachine\My'
	$signed_cert = $rds_certs \| Where-Object `
	{($_.Subject -like 'issuer') -and ($_.Subject -like "CN=${Hostname}*")}
	return $signed_cert.Thumbprint
	}

	function getWMIPath {
	$ts_wmi_path = (Get-WmiObject -class "Win32_TSGeneralSetting" `
	-Namespace root\cimv2\terminalservices `
	-Filter "TerminalName='RDP-tcp'").__path
	return $ts_wmi_path
	}

	function setTSCertThumbprint {
	param (
	$wmiPath,
	$certThumbprint
	)
	Set-WmiInstance -Path $wmiPath -argument @{SSLCertificateSHA1Hash=$certThumbprint}
	}

	function restartSvc {
	param (
	$svc
	)
	Write-Host "Restarting ${svc}..."
	Restart-Service $svc
	}

	$certThumbprint = getCertThumbprint
	$wmiPath = getWMIPath

	Write-Host "Signed Cert Thumbprint: ${certThumbprint}"
	Write-Host "Remote Desktop WMI Path: ${wmiPath}"
	Write-Host "This will change the remote desktop certificate and restart RDP!"

	if (-Not $forceY) {
	$toContinue = promptContinue
	if (-Not $toContinue) {
	Write-Host 'Aborting set cert thumbprint!'
	break
	}
	}

	setTSCertThumbprint -wmiPath $wmiPath -certThumbprint $certThumbprint
	restartSvc -svc 'SessionEnv'
	Write-Host "Done"