Austlink Help Centre

Follow

Disabling Network Level Authentication on Windows Servers

There are good reasons why you should not disable Network level authentication on your terminal servers. 

 

Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software. The advantages of Network Level Authentication are:

  • It requires fewer remote computer resources initially. The remote computer uses a limited number of resources before authenticating the user, rather than starting a full remote desktop connection as in previous versions.
  • It can help provide better security by reducing the risk of denial-of-service attacks.

 

My recommendation is that especially in a hosted environment, this security feature should be turned on but I understand that if you have a number of older thin clients which do not support Network Level Authentication that you still want to use then you may need to reconfigure your terminal server to not require this heightened level of security.

So to disable Network Level Authentication on Windows 2008 or Windows 2012 please use the following instructions (Thanks to the guys at the http://www.2x.com team):

 

Windows Server 2008 or Windows Server 2008 R2 without RD Session Host Role

Note: These steps do not apply to Windows 2008 and Windows 2008 R2 with the RD Session host role

  • Open the Control Panel. Ensure that the control panel is showing items by Category (i.e. not inClassic View). Click on System and Security and under System click on Allow remote access.

 RemoveNLA-01.png

  • Under the Remote Desktop group choose Allow connections from computers running any version of Remote Desktop (less secure).

 

RemoveNLA-02.png

 

Windows 8 and Windows Server 2012 without RD Session Host Role

Note: These steps do not apply to Windows 2012 with the RD Session host role

  • Open the Control Panel. Ensure that the control panel is showing items by Category. Click on System and Security and under System click on Allow remote access.

RemoveNLA-03.png

 

Under the Remote Desktop group un-tick the checkbox Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)

RemoveNLA-04.png

 

Windows 2008 and Windows 2008 R2 with RD Session Host Role

  • On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
  • Under Connections, right-click the name of the connection, and then click Properties.
  • On the General tab, un-tick the Allow connections only from computers running Remote Desktop with Network Level Authentication check box. (For maximum compatibility ensure that Security Layer is set to Negotiate) 

 

RemoveNLA-05.png

 

If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.

  • Click OK.

 

Windows 2012 with RD Session Host role

  • On the RD Session Host server, open the Server Manager.
  • Click on Remote Desktop Services, then under Collections click on the name of the session collection name that you want to modify. Click on Tasks and select Edit properties.

 

RemoveNLA-06.png

  • Under the Security tab un-tick the option Allow connections only from computers running Remote Desktop with Network Level Authentication(For maximum compatibility ensure that Security Layer is set to Negotiate)

 

RemoveNLA-07.png

  • Click OK.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

This entire document, including design, text, videos,graphics, and photographs are Copyright © 2014 Austlink Plus Pty Ltd, All Rights Reserved.
No part of this document may be reproduced in any way or by any means for commercial or any other purposes, without prior written permission of Austlink Plus Pty Ltd. Use of any data for the purpose of creating promotional materials or producing a printed or electronic catalog of any kind is expressly forbidden without prior written permission of Austlink Plus Pty Ltd.

Powered by Zendesk