Network Level Authentication (NLA) and how to disable it | Parallels

Network Level Authentication (NLA)

This blog post is divided into two sections:  the first section relates to the machines Without RD Session Host Role, while the second part refers to the machines With RD Session Host Role.

These two sections are further divided into different Operating Systems to choose from.

This post shows how to disable network-level authentication to allow for RDP connections on a target device.

Quick Links

Without RD Session Host Role

With RD Session Host Role

Disabling Network Level Authentication without RD Session Host Role

Download Parallels RAS and enhance your RDS infrastructure today!

Windows 7 & Windows Server 2008/Windows Server 2008 R2

  1. Open the Control Panel. Ensure that the control panel is showing items by Category (i.e., not in Classic View). Click on System and Security and under System click on Allow remote access.Network Level Authentication
  2. Under the Remote Desktop group, select Allow connections from computers running any version of Remote Desktop (less secure).Network Level Authentication

Windows 8 and Windows Server 2012/Windows Server 2012 R2

  1. Open the Control Panel. Ensure that the control panel is showing items by Category. Click on System and Security and under System click on Allow remote access.System properties
  2. Under the Remote Desktop group deselect the option Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)Network Level Authentication

Windows 10 & Windows Server 2016

  1. Open the Control Panel. Ensure that the control panel is showing items by Category (i.e., not in Classic View). Click on System and Security and under System click on Allow remote access.
  2. Under the Remote group choose Allow remote connections to this computer.

Disabling Network Level Authentication with the RD Session Host Role

In Windows 2008 and Windows 2008 R2

  1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To do this, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
  2. Under Connections, right-click the name of the connection, and then click Properties.
  3. On the General tab, un-tick the Allow connections only from computers running Remote Desktop with Network Level Authentication check box. (For maximum compatibility ensure that Security Layer is set to Negotiate)Network Level Authentication

If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and applied to the RD Session Host server.

  1. Click OK.

Windows 2012/Windows Server 2012 R2 & Windows Server 2016/2019

  1. On the RD Session Host server, open the Server Manager.
  2. Click on Remote Desktop Services, then under Collections click on the name of the session collection name that you want to modify. Click on Tasks and select Edit properties.RDS Collection
  3. Under the Security tab un-tick the option Allow connections only from computers running Remote Desktop with Network Level Authentication. (For maximum compatibility ensure that Security Layer is set to Negotiate)
    Network Level AuthenticationIf the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and applied to the RD Session Host server.
  4.  Click OK.

Try a free 30-day trial of Parallels RAS today.


References

Microsoft | https://social.technet.microsoft.com/Forums/en-US/c07323c2-77fa-4eb4-91ed-7ba6fa23bd00/how-to-disable-nla?forum=winserversecurity

ITSystemLab | https://kb.itsystemlab.com/knowledge-base/how-to-disable-enable-network-level-authentication-nla-for-rdp/

thegeekpage | https://thegeekpage.com/solved-the-remote-computer-requires-network-level-authentication/

GitHub | https://gist.github.com/pingec/7b391a04412a7034bfb6

Parallels RAS Security Features | https://www.parallels.com/products/ras/capabilities/security-monitoring/