Policy
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: WindowsVista
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Comma-separated list of SHA1 trusted certificate thumbprints: ID TRUSTED_CERTIFICATE_THUMBPRINTS | text | HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TrustedCertThumbprints Type REG_SZ | None |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow .rdp files from unknown publishersAt least Windows Vista with Service Pack 1
- UserAllow .rdp files from unknown publishersAt least Windows Vista with Service Pack 1
- ComputerAllow .rdp files from valid publishers and user's default .rdp settingsAt least Windows Vista with Service Pack 1
- UserAllow .rdp files from valid publishers and user's default .rdp settingsAt least Windows Vista with Service Pack 1
- ComputerConfigure server authentication for clientAt least Windows Vista with Service Pack 1
- ComputerDisable Cloud Clipboard integration for server-to-client data transferAt least Windows 11 Version 22H2
- ComputerDo not allow hardware accelerated decodingAt least Windows Server 2016, Windows 10
- UserDo not allow passwords to be savedAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerDo not allow passwords to be savedAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerPrompt for credentials on the client computerAt least Windows Vista with Service Pack 1
- ComputerSpecify SHA1 thumbprints of certificates representing trusted .rdp publishersAt least Windows Vista with Service Pack 1
- ComputerTurn Off UDP On ClientAt least Windows 8 or Windows RT