![]() It’s easy to disable NLA using the GUI, but the reason to do it programmatically is to understand how to automate the task when deploying VMs in the cloud using PowerShell. Remember that disabling NLA is not best practice, so you should always evaluate the risk in your own environment. But in a dev environment, especially one where VMs are shut down regularly to reduce costs, it can be handy to disable NLA so that you don’t have to worry about the order in which VMs are booted, and work with member servers without necessarily needing to boot a DC. In production, the issues I’ve listed above should never be a reason to disable NLA. Domain controllers must be booted before member servers are started, otherwise Remote Desktop access to member servers might be denied.It’s not possible to log in to a domain member server using Remote Desktop unless a domain controller (DC) is available for authentication.Initially NLA was only available for Windows Vista and Windows Server 2008, but later client support for Windows XP SP3 was added.Īlthough NLA is a welcome security enhancement that helps to make Remote Desktop safer, you might want to disable it in a dev environment for a couple of reasons: Network Level Authentication (NLA) was introduced to improve security in Remote Desktop Protocol (RDP) 6.0 by requiring that users be authenticated to the host server before an RDP session is created, helping to reduce the risk of denial-of-service attacks. Or from CMD, append powershell.exe in the beginning: powershell.In today’s Ask the Admin, I’ll show you how to disable Remote Desktop Network Level Authentication with the help of Windows Management Instrumentation (WMI) and PowerShell. ![]() ![]() ![]() To disable RDP Network Level Authentication (NLA), use the following PowerShell command Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "UserAuthentication" -value 0 ![]() Or from CMD, append powershell.exe in the beginning: powershell.exe Enable-NetFirewallRule -DisplayGroup 'Remote Desktop' To enable preset firewall rules of RemoteDesktop, use the following PowerShell command: Enable-NetFirewallRule -DisplayGroup 'Remote Desktop' By default, you might find RDP firewall rules disabled which prevent RDP connections to the server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |