Share via

Remediate Nessus Plugins 51192 and 57582

Jamie Kennell 5 Reputation points
2024-01-16T18:04:06.5533333+00:00

The problem is with the self-signed signed cert for Remote Desktop. I have deleted the certificate, and it recreates itself upon remoting back in to the server. How do you delete the cert permanently? Or is it even possible to remove the self signed certificate from the Remote Desktop certificate store?

Server version is Server 2019.

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dexter Thomas 0 Reputation points
    2025-02-18T19:52:21.2266667+00:00

    If you are not using self-signed certificates for your computer certificate, IE you have a valid Intermediate and/or Root Certificate signed by a valid Certificate Authority:

    Even if you remove this certificate from the Remote Desktop store, the next time someone remotes into that device, the RDP self-signed certificate will re-appear.

    You need to use a wmic command to configure TerminalServices (RDP) to use your computer certificate.

    From an administrative powershell window:

    Get-ChildItem -Path Cert:\LocalMachine\My

    Copy the thumbprint of the certificate your computer is issued

    Paste it into the following command to tell windows to use this certificate instead of the default self-signed RDP certificate. Ensure there are no spaces in the thumbprint and make sure it is enclosed in quotes as follows:

    wmic /namespace:\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"

    Even if the self-signed certificate shows back up in the Remote Desktop store, your computer will ignore it, and your findings for Plugins 51192 and 57582 will no longer show in your scans.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-01-18T02:33:52.3466667+00:00

    Hello amie Kennell

    You can check the installed certificates using the command certmgr.msc.

    1. Press Windows Key + R Key together, type certmgr.msc and hit enter. You will get a new window with the list of Certificates installed on your computer.
    2. Locate the certificate you want to delete and then click on Action button then, click on Delete. You can find the actual registry entries under: \SOFTWARE\Microsoft\SystemCertificates
      In HKEY_CURRENT_USER for user-specific certificates and HKEY_LOCAL_MACHINE for machine-specific certificates.

    I hope this helps! Please let me know if you need any further assistance.

    Kind Regards,
    Karlie Weng

    ---If the Answer is helpful, please click "Accept Answer" and upvote it.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.