Network Level Authentication (NLA) and how to disable it | Parallels
Network Level Authentication (NLA)
This blog post is divided into two sections: the first section relates to the machines Without RD Session Host Role, while the second part refers to the machines With RD Session Host Role.
These two sections are further divided into different Operating Systems to choose from.
This post shows how to disable network-level authentication to allow for RDP connections on a target device.
Quick Links
- Windows 7 & Windows Server 2008/Windows Server 2008 R2
- Windows 8 & Windows Server 2012/Windows Server 2012 R2
- Windows 10 & Windows Server 2016
Disabling Network Level Authentication without RD Session Host Role
- Windows 7 & Windows Server 2008/Windows Server 2008 R2
- Windows 8 & Windows Server 2012/Windows Server 2012 R2
- Windows 10 & Windows Server 2016/2019
Download Parallels RAS and enhance your RDS infrastructure today!
Windows 7 & Windows Server 2008/Windows Server 2008 R2
- Open the Control Panel. Ensure that the control panel is showing items by Category (i.e., not in Classic View). Click on System and Security and under System click on Allow remote access.
- Under the Remote Desktop group, select Allow connections from computers running any version of Remote Desktop (less secure).
Windows 8 and Windows Server 2012/Windows Server 2012 R2
- Open the Control Panel. Ensure that the control panel is showing items by Category. Click on System and Security and under System click on Allow remote access.
- Under the Remote Desktop group deselect the option Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)
Windows 10 & Windows Server 2016
- Open the Control Panel. Ensure that the control panel is showing items by Category (i.e., not in Classic View). Click on System and Security and under System click on Allow remote access.
- Under the Remote group choose Allow remote connections to this computer.
Disabling Network Level Authentication with the RD Session Host Role
In Windows 2008 and Windows 2008 R2
- On the RD Session Host server, open Remote Desktop Session Host Configuration. To do this, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
- Under Connections, right-click the name of the connection, and then click Properties.
- On the General tab, un-tick the Allow connections only from computers running Remote Desktop with Network Level Authentication check box. (For maximum compatibility ensure that Security Layer is set to Negotiate)
If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and applied to the RD Session Host server.
- Click OK.
Windows 2012/Windows Server 2012 R2 & Windows Server 2016/2019
- On the RD Session Host server, open the Server Manager.
- Click on Remote Desktop Services, then under Collections click on the name of the session collection name that you want to modify. Click on Tasks and select Edit properties.
- Under the Security tab un-tick the option Allow connections only from computers running Remote Desktop with Network Level Authentication. (For maximum compatibility ensure that Security Layer is set to Negotiate)
If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and applied to the RD Session Host server. Click OK.
Try a free 30-day trial of Parallels RAS today.
References
ITSystemLab | https://kb.itsystemlab.com/knowledge-base/how-to-disable-enable-network-level-authentication-nla-for-rdp/
thegeekpage | https://thegeekpage.com/solved-the-remote-computer-requires-network-level-authentication/
GitHub | https://gist.github.com/pingec/7b391a04412a7034bfb6
Parallels RAS Security Features | https://www.parallels.com/products/ras/capabilities/security-monitoring/