certify icon indicating copy to clipboard operation
certify copied to clipboard
verified publisher icon webprofusion

Feature Request: Remove the WMIC dependency

Open MichaelGrafnetter opened this issue 1 year ago • 4 comments

Hello, the RDP deployment task depends on WMIC.exe, which has been deprecated by Microsoft

image

Although this issue can temporarily be resolved manually installing the WMIC feature, a different approach (e.g. PowerShell + WMI/CIM) is recommended.

image

MichaelGrafnetter avatar Aug 01 '24 14:08 MichaelGrafnetter

Hi @MichaelGrafnetter thanks for raising this issue and we'll look to getting the existing task deprecated and new replacement task added.

webprofusion-chrisc avatar Aug 02 '24 05:08 webprofusion-chrisc

@webprofusion-chrisc You could just maybe modify the RDPListenerService.ps1 file and replace this line:

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$($result.ManagedItem.CertificateThumbprintHash)"

with the following one:

Get-WmiObject -Class Win32_TSGeneralSetting -Namespace 'root\cimv2\TerminalServices' -Filter 'TerminalName="RDP-Tcp"' |
  Set-WmiInstance -Arguments @{ SSLCertificateSHA1Hash = $result.ManagedItem.CertificateThumbprintHash } -PutType UpdateOnly

It should do the same thing, while not requiring the external wmic.exe tool. I have not tested it though.

MichaelGrafnetter avatar Aug 09 '24 10:08 MichaelGrafnetter

on year later, and still no fix. (tested v6.1.9, 7.0.9 and 7.0.10)

the workaround from @MichaelGrafnetter does not work here. but used manualy with cert thumbprint from installed own-system-cert, it works:

Get-WmiObject -Class Win32_TSGeneralSetting -Namespace 'root\cimv2\TerminalServices' -Filter 'TerminalName="RDP-Tcp"' |
        Set-WmiInstance -Arguments @{ SSLCertificateSHA1Hash = "494..thumbprint-from-installed-cert...7275" } -PutType UpdateOnly

xenDE avatar Oct 12 '25 16:10 xenDE

Thanks, yes we are very constrained on development and testing resources (hi!). This is at the bottom of a deep pile until our Management Hub and Management Agent products are fully released and bug free. As you stated, what works for one might not work for another, so we have to be careful changing existing tasks. Michael's change should indeed work for you, so your task (if you're interested in helping) is finding out why it doesn't.

As a workaround you can use your own Powershell script with the Run PowerShell Script deployment task: https://docs.certifytheweb.com/docs/script-hooks this is what most people do if there requirements are even slightly different to the built in tasks.

Realistically there are hundred of thousands of services a cert could be deployed to and we can't provide a built in task for them all, and even the ones we do provide will not suit every edge case.

webprofusion-chrisc avatar Oct 13 '25 00:10 webprofusion-chrisc