How to suppress the "Unverified Publisher" Security Warnings

How to suppress the "Unverified Publisher" Security Warnings in TruGrid


Applies to: Windows 10, Windows 11, Windows Server 2012 through Windows Server 2025


In this article:


Summary


The April 2026 Windows security update (CVE-2026-26151) introduced new security dialogs in the Remote Desktop Connection client when users open RDP connections using .rdp files. These dialogs appear before any connection is established and affect all RDP file-based connections, including TruGrid SecureRDP sessions.



The preferred solution below should be applied to End User Computers making RDP connections.



End User Options


What Users Will See


First launch dialog (one time): After installing the update, the first .rdp file opened on a user account triggers an educational dialog about RDP file risks. The user must select "Allow" to proceed. This dialog does not appear again.



Connection security dialog (every connection):


Each .rdp file launch displays a dialog showing the remote computer address, publisher identity, and a checklist of requested local resource redirections (clipboard, drives, printers, etc.). All redirections are disabled by default and must be explicitly enabled before connecting.

Unsigned .rdp files display a "Caution: Unknown remote connection" banner. Signed files show the publisher name with a prompt to verify:



What Users Should Do


  1. Select "Allow" on the first-launch dialog to enable RDP file connections.
  2. Verify the remote computer address on the connection dialog.
  3. Enable only the redirections needed for the session.
  4. Click "Remember my choices for remote connections from this publisher"
  5. Select "Connect" to proceed.


If an .rdp file is unexpected or unrecognized, do not open it. Contact your IT administrator or TruGrid support.


Administrator Options


1.PowerShell Deployment



This is the recommended approach for TruGrid environments as the .rdp files are already signed and trusted. It requires administrative privileges, takes effect immediately with no reboot, and is not affected by Microsoft's warning that the RedirectionWarningDialogVersion registry workaround may be removed in a future update.


This command adds TruGrid's RDP signing certificate thumbprint to the Windows Terminal Services trusted publisher policy. When mstsc.exe encounters a signed .rdp file whose thumbprint matches this value, it skips the "Verify the publisher of this remote connection" dialog entirely and connects using the redirection settings configured in the .rdp file without user interaction.


New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services" -Force | Out-Null; New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services" -Name "TrustedCertThumbprints" -Value "FBAFE092ED992675200A4C84FDA835F4889CE912" -PropertyType String -Force


2.Group Policy Deployment



This is the recommended approach in Active Directory / managed environments. It uses the native Windows ADMX policy to trust TruGrid's signing certificate, eliminating the security dialog entirely for TruGrid signed .rdp files.


Option A: Via Administrative Templates (native ADMX):

  1. Open Group Policy Management and edit the target GPO.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client.
  3. Open "Specify SHA1 thumbprints of certificates representing trusted .rdp publishers".
  4. Set to Enabled.
  5. Enter the thumbprint: FBAFE092ED992675200A4C84FDA835F4889CE912


Option B: Via Registry Preferences:

  1. In the same or a separate GPO, navigate to Computer Configuration > Preferences > Windows Settings > Registry.
  2. Create a new Registry Item with the following values:


Field

Value

Action

Update

Hive

HKEY_LOCAL_MACHINE

Key Path

Software\Policies\Microsoft\Windows NT\Terminal Services

Value name

TrustedCertThumbprints

Value type

REG_SZ

Value data

FBAFE092ED992675200A4C84FDA835F4889CE912


Run gpupdate /force on target machines or wait for the next Group Policy refresh cycle. Verify deployment with gpresult /h report.html or by checking the registry values directly.

Note: This approach is not affected by Microsoft's warning that the RedirectionWarningDialogVersion workaround may be removed in a future update. The trusted publisher thumbprint policy is a long-standing, supported feature.


Machine wide dialogue suppression


In Microsofts article announcing this change, they noted that this registry key is temporary and might be phased out later as it was added to reduce user confusion during rollout.

1.Powershell Deployment


Suppress first-launch dialog (per-user, run in user context)


This is mostly meant for Admin deploying via RRM tools. For end users, they won't be able to make a connection unless they click on the "I understand" checkmark in the dialogue, once that is checked the dialogue writes to the same registry key, so this user action is the same as adding it via registry with the command.


This suppresses the one-time "Remote Desktop Connection files can harm your device" educational dialog that appears the first time a user opens any .rdp file after the April 2026 update. Setting this value pre-acknowledges the dialog on behalf of the user, so it never appears. Without this fix, each user must manually select "Allow" before the first .rdp connection can proceed.


New-ItemProperty -Path "HKCU:\Software\Microsoft\Terminal Server Client" -Name "RdpLaunchConsentAccepted" -Value 1 -PropertyType DWord -Force


Revert connection dialog (per-machine, run elevated)


This reverts the new "Caution: Unknown remote connection" dialog that appears on every .rdp file launch. That dialog requires users to manually enable each resource redirection (clipboard, drives, printers, etc.) before connecting. Setting this value restores the previous connection behavior where the .rdp file settings, including redirections configured in the TruGrid admin panel, are respected automatically without additional user interaction.


New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\Client" -Force
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\Client" -Name "RedirectionWarningDialogVersion" -Value 1 -PropertyType DWord -Force


2.GPO for suppressing the dialogue


This approach suppresses the dialogue for all RDP connections, not just TruGrid, proceed with caution.


Suppress the first-launch dialog (per-user):

  1. Open Group Policy Management and edit the target GPO.
  2. Navigate to User Configuration > Preferences > Windows Settings > Registry.
  3. Create a new Registry Item with the following values:


Field

Value

Action

Update

Hive

HKEY_CURRENT_USER

Key Path

Software\Microsoft\Terminal Server Client

Value name

RdpLaunchConsentAccepted

Value type

REG_DWORD

Value data

1


Suppress the per-connection security dialog (per-machine):

  1. In the same or a separate GPO, navigate to Computer Configuration > Preferences > Windows Settings > Registry.
  2. Create a new Registry Item with the following values:


Field

Value

Action

Update

Hive

HKEY_LOCAL_MACHINE

Key Path

Software\Policies\Microsoft\Windows NT\Terminal Services\Client

Value name

RedirectionWarningDialogVersion

Value type

REG_DWORD

Value data

1


Run gpupdate /force on target machines or wait for the next Group Policy refresh cycle. Verify deployment with gpresult /h report.html or by checking the registry values directly.

Note: The RedirectionWarningDialogVersion setting sits under the Policies hive, so it behaves as a policy-enforced value and takes precedence over any local configuration. Microsoft may remove support for this setting in a future update.



Contact Support

If you experience issues with RDP connections after applying the April 2026 update, contact TruGrid support for assistance.

Updated on: 27/04/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!