Windows 10 workgroup machines - how to delete RDP warnings?

Lotfi BOUCHERIT 91 Reputation points
2021-02-14T06:48:50.137+00:00

Hello,
We are working in a LAN network containing more than 20 computers running Windows 10 OS, in Workgroup.
Where users, need to make RDP connections several times a day to those workgroup machines, and everytime, they get the famous RDP warning:
67821-image.png

I would like to know, if there's any means we can remove this warning, because i found a setting in the mstsc advanced options, but it's somehow risky.
I thought if there was a certificate or a root certificate or a private key, for a pc, that users need to connect to using rdp, that can be deployed to all other computers so they can trust the self-signed rdp certificate?

Thank you in advance

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,838 questions
Microsoft System Center
Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
1,031 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,628 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,955 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Jenny Yan-MSFT 9,336 Reputation points
    2021-02-15T05:46:39.617+00:00

    Hi,
    The warning of server authentication fails is could be chose under advanced option of RDC. But per below article, it could also be modified by commands or scripts:
    67988-image.png

    Navigate to Configure RDSH Server Certificates
    https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
    https://ryanmangansitblog.com/2014/05/20/rds-2012-rdsh-certificate-deployment-script/
    Note: The author also confirmed the risk of this change: if you don’t mind the certificate warnings, don’t change the Session host RDP certificates. If you make the change from the default, when DNS names don’t match authentication will fail, meaning that you will not be able to access the session hosts.

    ----------

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny


  2. Lotfi BOUCHERIT 91 Reputation points
    2021-02-16T05:50:42.503+00:00

    @Jenny Yan-MSFT
    Thank you for your support,
    Unfortunately, we are working in a Workgroup environment, and we do not Windows Server machines.
    The operating system used is Windows 10 Pro edition
    If at we had AD, we could install AD CS and everything would work fine...
    I don't know if you have any proposition?
    Thank you in advance

    0 comments No comments

  3. Jenny Yan-MSFT 9,336 Reputation points
    2021-02-16T06:16:48.313+00:00

    Hi,
    Thanks for the update. So in your case, the remote connection is starting from 1 client to another?

    If then, please go to remote settings and verify if NLA has been enabled. If yes, testing by uncheck the box, but please note disabling NLA will lower the security level of remote connection.
    68494-image.png

    Another method that worthy to try is the scenario one mentioned in below blog: Export the remote machine’s certificate (no private key needed) and create a GPO that disperses the self-signed certificate from the remote machine to the local machine.

    Scenario 1: Regardless if RDS Role has been deployed, no internal PKI (no ADCS), and you’re experiencing certificate warning prompts when establishing RDP connections.
    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/remote-desktop-connection-rdp-certificate-warnings/ba-p/259301

    Last but not least, in my test environment, I always keep the NLA setting and ignore the certificate warning.

    ----------

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.