Introduction#
In April 2026, Microsoft shipped a security update that significantly changed how Windows treats Remote Desktop .rdp files. The aim was to reduce phishing attacks that abuse RDP files to trick users into silently sharing local drives, clipboards and devices with attackers. Microsoft adds protections for malicious RDP files
After installing the April 2026 cumulative updates, opening any .rdp file now triggers a new security flow: an educational prompt the first time, followed by a detailed security dialogue for every subsequent launch. This dialogue highlights whether the file is signed by a verified publisher and disables all local resource redirections by default. Understanding security warnings when opening Remote Desktop connections
What Changed in April 2026?#
Microsoft’s 14 April 2026 Patch Tuesday updates (for example KB5082142 for Windows Server, and related KBs for Windows 10 and 11) introduced new protections around .rdp files, partly in response to an actively exploited Remote Desktop spoofing vulnerability. Microsoft adds Windows protections for malicious Remote Desktop files
Key behavioural changes:
- The first time a user opens any
.rdpfile after the update, Windows shows a one‑off education dialogue explaining what RDP files are and why they can be dangerous. New RDP alert after April 2026 security update - Every time an
.rdpfile is opened, a new security dialogue appears before any connection is made, showing the remote address, whether the file is signed by a verified publisher and which local resources the file is attempting to redirect. Microsoft’s April 2026 RDP security warning - All resource redirections (drives, clipboard, printers, smart cards, WebAuthn/Hello and so on) are now off by default and must be explicitly enabled by the user. New RDP alert after April 2026 security update
- Unsigned files or files from untrusted publishers now display an orange warning that clearly labels the connection and publisher as unknown, emphasising that the source cannot be verified. Your RDP files just became “untrusted” after the April 2026 Windows update
Why Code Signing RDP Files Matters Now#
Because the new dialogue explicitly calls out whether the file is signed and by whom, code signing .rdp files has effectively become a hygiene requirement rather than a nice‑to‑have. Microsoft makes Remote Desktop phishing warnings noticeable
Benefits of signing your .rdp files:
- Users see your organisation’s name as the publisher instead of “Unknown”, making it easier to distinguish legitimate files from phishing attempts. Microsoft RDP security warning (2026 update)
- If you deploy your signing certificate as a trusted publisher, Windows can treat your
.rdpfiles as coming from a verified source, reducing confusion and support tickets. Digitally sign RDP files – a complete how‑to - Security teams gain a more consistent story around “only open
.rdpfiles from verified publishers” when training users. Your RDP (Remote Desktop) files are now untrusted after the April 2026 Windows patch
Step‑by‑Step: Signing an .rdp File#
1. Create or Collect Your .rdp Files#
Use the Remote Desktop Connection client (mstsc.exe) to configure your connection, then select “Save As” to export a .rdp file. You can edit the file in a text editor to fine‑tune settings like full address:s:server.domain.local or gateway options. Supported RDP properties
2. Obtain a Code‑Signing Certificate#
You need a certificate with a private key and appropriate code‑signing usage, issued either by your internal PKI or a public certification authority. Use certificates in Remote Desktop Services Install it with its private key into the Personal store (user or computer), so Windows can sign on behalf of that identity. Deploy code signing certificate with Intune
3. Get the Certificate Thumbprint#
Open the certificate in the MMC Certificates snap‑in, go to the Details tab and copy the Thumbprint value. Strip spaces and any hidden characters so you have a clean SHA1 thumbprint string ready for use with rdpsign. Support topic – How can I sign my .rdp files?
4. Sign the File with rdpsign#
Use the built‑in rdpsign.exe tool: rdpsign command reference
rdpsign /sha1 <thumbprint> /v C:\RdpFiles\MyFile.rdp
/sha1selects the signing certificate by thumbprint./venables verbose output so you see whatrdpsignis doing.- Optionally add
/lto run in lint mode and verify the file can be signed without modifying it.
After a successful run, the .rdp file will contain signature metadata, and the new April 2026 dialogue will show your publisher name rather than “Unknown”. How to sign RDP files and fix the security warning
Making Your Certificate a “Verified Publisher”#
Signing is only half the story; clients also need to trust the signer.
1. Deploy the Certificate Chain and Trusted Publishers Entry#
On your clients (via Group Policy, Intune or another management tool), deploy:
- The issuing CA to Trusted Root Certification Authorities so the chain is valid. Use certificates in Remote Desktop Services
- Your signing certificate’s public key to Trusted Publishers, so Windows treats it as an approved publisher. How to add a certificate to the Trusted Publisher store using Intune
With this in place, the RDP dialogue shows your organisation as a trusted publisher when your .rdp files are opened. Digitally sign RDP files – a complete how‑to
2. Configure RDP Trusted Publishers Policy (Optional)#
Microsoft added a policy that lets you explicitly list SHA1 thumbprints of trusted .rdp publishers. Allow .rdp files from valid publishers and user’s default .rdp settings
In a domain environment, you can use Group Policy to set “Specify SHA1 thumbprints of certificates representing trusted .rdp publishers” for your clients, pasting the same signer thumbprint you used with rdpsign.
In Intune‑managed environments, you can achieve the same effect with custom OMA‑URI or settings catalogue profiles that deploy the certificate into Trusted Publishers and set the corresponding registry keys, aligning behaviour with the traditional GPO model. Adding a certificate to Trusted Publishers using Microsoft Intune
User Experience: Before and After#
Before signing and trusting:
- Users see a prominent warning banner labelling the connection as unknown.
- The publisher field is blank or shows “Unknown publisher”, and all local resource redirections are disabled by default. Security warnings when opening RDP files in Windows 11
After signing and trusting:
- The dialogue shows your organisation’s name as the publisher.
Sources and Further Reading#
- Microsoft: Understanding security warnings when opening Remote Desktop connections
- Microsoft support: April 2026 cumulative updates (for example KB5082142)
- News and analysis of the new RDP warning dialogues and phishing‑mitigation intent:
- Community write‑ups on
.rdpfiles becoming untrusted after the April 2026 changes and how to fix them by signing and trusting your publisher certificate: