Wednesday, June 17, 2015

Removing the: “A website is trying to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the program.” message prompt when launching RD Web Access RemoteApp

Problem

You’ve configured your RemoteApp resources on your Remote Desktop Services and attempt to launch an application but receive the following warning message:

A website is trying to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the program.

This RemoteApp program could harm your local or remote computer. Make sure that you trust the publisher before you connect to run this program.

Don’t ask me again for remote connections from this publisher

image

imageimage

As shown in the screenshots above, you have the option of checking the checkbox that reads:

Don’t ask me again for remote connections from this publisher

… to remove this prompt but you do not want everyone in the organization to receive this prompt.

Solution

One of the ways to remove this warning prompt is to implement a GPO and apply it to the user or computer account to trust the SHA1 thumbprint of the certificate presented.  Begin by opening the properties of the certificate and navigating to the Details tab that is used for your Remote Desktop Services portal:

image

Scroll down to the bottom where the Thumbprint is listed:

image

Select the Thumbprint field:

image

Select the thumbprint and copy the text:

image

Now before we proceed to copy this into the setting of the GPO we’ll be using, it is important to paste the thumbprint you have just copied into a command prompt as such:

image

Notice how there is a question mark: ? in front of the thumbprint? Note that paste this into Notepad does not reveal this unwanted question mark:

image

Proceed and copy the thumbprint from the command prompt without the question mark.

Next, create a new GPO or open an existing GPO that you would like to use and navigate to:

Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

Note that this policy can be applied to either a computer object or a user account so use whichever fits better for your environment.

image

Proceed and open the Specify SHA1 thumbprints of certificates representing trusted .rdp publishers:

image

Paste the copied thumbprint into the Comma-separated list of SHA1 trusted certificate thumbprints field:

image

Apply the configuration:

image

The user should no longer see the warning prompt once the policy is applied to a computer object or user account.

3 comments:

amsdrs 19 said...

How do I open the properties of the certificate. I do not see that option.

Douglas Gaigher said...

Thanks man, removing that ghost char did the trick! Amazing.

MJ Almassud said...

Awesome

Thank you Terence.

MJ