top of page

PowerShell Disable NLA in RDP Settings

Image by Adam Currie

Network Level Authentication (NLA) is a security feature in Windows that enhances the security of Remote Desktop Protocol (RDP) connections. Here are the key points about NLA and its role in Windows and RDP:

What is NLA

Network Level Authentication (NLA) is a security feature that requires the user to authenticate themselves before establishing a remote desktop session. This authentication happens at the network layer, which adds an extra layer of security before a full connection is established.

Key Features and Benefits

  1. Prevents Unauthorized Access:

    • NLA requires the user to authenticate using their credentials before the remote session is fully established, reducing the risk of unauthorized access.

  2. Reduces Resource Consumption:

    • By authenticating users before the remote desktop session is initiated, NLA helps reduce the server resources used by unauthenticated connection attempts, thus saving processing power and bandwidth.

  3. Protection Against Denial-of-Service Attacks:

    • Since NLA requires authentication before a session starts, it can protect against denial-of-service (DoS) attacks where attackers try to overwhelm the server with connection requests.

How NLA Works

  1. User Initiates Connection:

    • The user starts the RDP client and attempts to connect to a remote machine.

  2. NLA Prompts for Credentials:

    • Before the connection is established, NLA prompts the user to enter their credentials (username and password).

  3. Credentials Verified:

    • The credentials are sent to the remote machine where they are verified. If the credentials are correct, the RDP session is allowed to proceed.

  4. Establishes Secure Connection:

    • Once authenticated, the RDP session is established, allowing the user to access the remote desktop.

Enabling NLA

To enable NLA on a Windows machine, follow these steps:

  1. Access System Properties:

    • Right-click on "This PC" or "Computer" on the desktop or in File Explorer and select "Properties."

  2. Remote Settings:

    • Click on "Remote settings" in the System window to open the System Properties dialog box.

  3. Remote Desktop Section:

    • In the Remote tab, under "Remote Desktop," select "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)."

  4. Apply and OK:

    • Click "Apply" and then "OK" to save the changes.

Requirements for NLA

  • Supported Windows Versions:

    • NLA is available and recommended for use on Windows Vista and later versions.

  • Client and Server Compatibility:

    • Both the client and the server must support NLA. Ensure that the RDP client version is updated to support NLA.

Conclusion

Network Level Authentication is a vital security feature for RDP in Windows environments, offering enhanced protection against unauthorized access and resource misuse. By ensuring that only authenticated users can establish a remote desktop session, NLA helps maintain the integrity and security of remote connections.

Image by Seyed Mostafa Meshkati

PowerShell Script Disable NLA auth RDP on Remote Computer

NLA Windows Setting

 <# 

     .SYNOPSIS     
          Mccrosoft PowerShell Script Set RDP NLA Access Settings
     .DESCRIPTION 
          The remote settings using NLA authentication

          keeps users from accessing systems if not supported
     .EXAMPLE  
    Enter the server name when prompted 
     Notes:

          Requires WinRM to access the remote machine/s and rights on that machine
#>   

$Server=Read-Host "Enter ServerName"

invoke-command $Server -Scriptblock {(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $Env:Computername  -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) }

Windows Remote Desktop is a feature that allows users to remotely access and control a Windows computer from another device. This can be useful for various purposes, such as accessing files, applications, and network resources on a remote computer. Here’s a detailed overview of Windows Remote Desktop:

Key Features

  1. Remote Access:

    • Enables users to access their desktop, applications, files, and network resources from anywhere with an internet connection.

  2. Multiple Sessions:

    • Supports multiple simultaneous remote sessions on Windows Server editions, allowing different users to connect to different sessions on the same server.

  3. Seamless Experience:

    • Provides a smooth and seamless experience with features like clipboard sharing, file transfer, and printer redirection between the local and remote devices.

  4. Security:

    • Incorporates several security features such as Network Level Authentication (NLA), Secure Socket Layer (SSL) encryption, and support for multi-factor authentication (MFA).

How to Set Up Remote Desktop

On the Remote (Host) Computer:

  1. Enable Remote Desktop:

    • Open the "Settings" app.

    • Go to "System" > "Remote Desktop."

    • Toggle the switch to enable Remote Desktop.

  2. Configure Settings:

    • Optionally, click on "Advanced settings" to configure more options like network level authentication and allowing connections only from computers running Remote Desktop with NLA.

  3. Firewall Settings:

    • Ensure that the Windows Firewall or any third-party firewall allows Remote Desktop connections. This typically involves allowing traffic on port 3389.

  4. User Permissions:

    • By default, the current user will have access. To allow additional users, click on "Select users that can remotely access this PC" and add the desired user accounts.

On the Client (Accessing) Computer:

  1. Remote Desktop Client:

    • Open the Remote Desktop Connection app. This can be found by searching for "Remote Desktop Connection" in the Start menu.

    • Alternatively, you can use the Microsoft Remote Desktop app available from the Microsoft Store, macOS App Store, iOS App Store, or Google Play Store for non-Windows devices.

  2. Connect to the Remote PC:

    • Enter the name or IP address of the remote computer you wish to connect to.

    • Click "Connect" and enter the necessary credentials when prompted.

Best Practices for Secure Remote Desktop

  1. Use Strong Passwords:

    • Ensure that all accounts with remote access capabilities have strong, complex passwords.

  2. Enable NLA:

    • Network Level Authentication (NLA) adds an extra layer of security by requiring authentication before a session is fully established.

  3. Update Software:

    • Keep the operating system and all remote desktop clients updated to protect against vulnerabilities.

  4. Restrict Access:

    • Limit remote desktop access to specific IP addresses or networks using firewall rules or VPN.

  5. Use VPN:

    • For added security, use a Virtual Private Network (VPN) to establish a secure connection before using Remote Desktop.

  6. Monitor and Audit:

    • Regularly monitor remote access logs and audit remote sessions to detect any unauthorized access or unusual activity.

Troubleshooting Common Issues

  1. Connection Problems:

    • Ensure that the remote computer is turned on and connected to the network.

    • Verify that the remote desktop feature is enabled and properly configured.

    • Check for any firewall settings that might be blocking the connection.

  2. Authentication Errors:

    • Double-check the username and password.

    • Ensure that the account has the necessary permissions to access the remote desktop.

  3. Performance Issues:

    • Improve performance by adjusting the connection settings, such as reducing the display resolution and disabling resource-intensive features like visual effects.

Conclusion

Windows Remote Desktop is a powerful tool that facilitates remote access and control of a Windows computer. By properly configuring and securing Remote Desktop, users can take full advantage of its capabilities for both personal and professional use.

PowerShell Script Enable RDP on Remote Computer

<# 
.SYNOPSIS     
    Using MS PowerShell to Set RDP Access Settings on Remote Computer 
.DESCRIPTION 
    Sets a registry setting on a remote computer to allow RDP access
.EXAMPLE  
    Enter the server name when prompted 
Notes:
    Requires WinRM to access the remote machine/s and rights on that machine
#>   

$Server=Read-Host "Enter ServerName"

invoke-command $Server -Scriptblock {

     Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

}

bottom of page