How do I enable authentication at network level

Network Level Authentication (NLA) and how to disable it

Network Level Authentication (NLA)

This blog post is divided into two sections: the first section relates to the machines without an RD Session Host role, while the second part relates to the machines with an RD Session Host role.

These two sections are further broken down into different operating systems that you can choose from.

This post shows how network level authentication can be disabled to enable RDP connections on a target device.

Quick access to useful links:

Without RD chairperson role

With RD session host role

Disable network level authentication without an RD Session Host role

Download Parallels RAS and upgrade your RDS infrastructure today!

Windows 7 & Windows Server 2008 / Windows Server 2008 R2

  1. Open the menu Control panel. Make sure that the control panel is looking for items category is arranged (i.e. not in Classic view). click on system and safety and under system click on Allow remote access.
  2. Under the group Remote choose Allow computers to connect to any version of the remote desktop (less secure).

Windows 8 and Windows Server 2012 / Windows Server 2012 R2

  1. Open the menu Control panel. Make sure that the control panel has items through category indicates. click on system and safety and under system click on Allow remote access.
  2. Uncheck under the group Remote the option Allow connections only from computers running Remote Desktop with network level authentication (recommended)

Windows 10 & Windows Server 2016

  1. Open the menu Control panel. Make sure that the control panel is looking for items category is arranged (i.e. not in Classic view). click on system and safety and under system click on Allow remote access.
  2. Under the Remote group, select Select Allow remote connections to this computer.

Disable network level authentication with the RD Session Host role

Windows 2008 and Windows 2008 R2

  1. On the RD Session Host server, open Remote Control of the Desktop Session Host Configuration. To do this, click on begin, point to administrative tools, point to Remote desktop session host and then click Remote desktop session host configuration.
  2. Under links, right-click the connection name, and then click Properties.
  3. Put on the tab Generally check the box Allow connections only from computers running Remote Desktop with network level authentication. (For maximum compatibility, make sure that Security Layer on Negotiate is set)

If the check box Allow connections only from computers running remote desktop with network level authentication is running and is not checked, the setting has been made User authentication for remote connections using network level authentication Group policy enabled and applied to the RD Session Host server.

  1. click OK.

Windows 2012 / Windows Server 2012 R2 & Windows Server 2016/2019

  1. Open the Server Manager on the RD Session Host server.
  2. click on Remote desktop services, then under Collections click on the Name of the session collection nameyou want to change. click on Tasks and choose Edit properties.
  3. Under the tab Security disable the option Allow connections only from computers running Remote Desktop with Network Level Authentication is running (for maximum compatibility, make sure Security Layer is set to Negotiate).
    If the check box Allow connections only from computers running Remote Desktop with network level authentication is running, is enabled and not enabled, the setting has been User authentication required for remote connections using network level authentication Group policy enabled and applied to the RD Session Host server.
  4. click OK.

Try a free 30-day trial of Parallels RAS today.

References:

Microsoft | https://social.technet.microsoft.com/Forums/en-US/c07323c2-77fa-4eb4-91ed-7ba6fa23bd00/how-to-disable-nla?forum=winserversecurity
ITSystemLab | https://kb.itsystemlab.com/knowledge-base/how-to-disable-enable-network-level-authentication-nla-for-rdp/
thegeekpage | https://thegeekpage.com/solved-the-remote-computer-requires-network-level-authentication/
GitHub | https://gist.github.com/pingec/7b391a04412a7034bfb6
Parallels RAS Security Features | https://www.parallels.com/products/ras/capabilities/security-monitoring/
ORIGINAL - English version of the blog post: https://www.parallels.com/blogs/ras/disabling-network-level-authentication/