Generate summary with AI

Network Level Authentication (NLA) is a robust security feature designed to verify users before establishing a remote desktop session. This technology is integral to Remote Desktop services, such as Windows Remote Desktop Protocol (RDP) and Remote Desktop Connection (RDP Client). Often referred to as “front authentication,” NLA plays a crucial role in ensuring that only authenticated users can access the remote system. By requiring user authentication before a remote session begins, NLA helps prevent unauthorized access and mitigates potential security threats. Additionally, this pre-authentication process reduces the strain on network resources, as it filters out connection attempts from unauthorized or malicious sources. This article will delve into the functionality of NLA, its benefits, and provide step-by-step instructions on how to enable or disable this feature based on your specific environment.

What is Network Level Authentication (NLA) used for?

Network Level Authentication (NLA) plays a vital role in securing remote desktop sessions by requiring users to authenticate themselves before a session begins. This process ensures that only legitimate users gain access to the remote system, protecting sensitive data and maintaining system integrity.

By validating user credentials before the session starts, NLA helps prevent unauthorized access and reduces the risk of malicious connections that could strain system resources. Without NLA, unauthorized connection attempts could consume valuable CPU and network bandwidth, potentially degrading the performance of both the client and server machines. By enforcing authentication at the network level, NLA minimizes this risk and ensures that only authenticated sessions proceed.

In addition to safeguarding against unauthorized access, NLA provides enhanced protection against cyberattacks such as Denial of Service (DoS) attacks. In a DoS attack, an attacker overwhelms the network with excessive requests, causing service disruptions. NLA mitigates this threat by validating user credentials before fully establishing a remote session, effectively filtering out malicious traffic and reducing the impact of such attacks.

Overall, Network Level Authentication strengthens remote desktop security by ensuring that only authenticated users can connect, preserving system resources, and providing an additional layer of defense against various types of cyber threats.

How to enable Network Level Authentication?

Enabling Network Level Authentication is not automatic; you need to manually configure it to leverage its security benefits. Follow these steps to enable or verify NLA settings:

Remote Desktop Settings

  1. Open Settings from the Start menu.
  2. Navigate to Remote Desktop and turn on Enable Remote Desktop.
  3. Click on Advanced Settings and select the option that requires computers to use Network Level Authentication to connect.
enable RDP

System and Security Settings

  1. Access System and Security in the Control Panel.
  2. Click on Allow Remote Access.
  3. Under Remote Desktop, choose Allow remote connections to this computer.
  4. Select Allow connections only from computers running Remote Desktop with Network Level Authentication.

Can I use Scripts to disable Network Level Authentication?

At Atera, we understand the value of automation and scripting for efficient IT management. For those who prefer automating tasks, there are scripts available to manage NLA settings across different operating systems. On Windows, you can use PowerShell to enable or disable NLA, while macOS and Linux users can use Terminal commands to achieve the same.

Windows

To disable NLA using PowerShell, follow these steps:

  1. Launch PowerShell as an administrator using the Windows Key + S search bar.
  2. Execute the following command:powershellCopy code$TargetMachine = “Target-Machine-Name” (Get-WmiObject -Class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalServices -ComputerName $TargetMachine -Filter “TerminalName = 'RDP-tcp'”).SetUserAuthenticationRequired(0)

Alternatively, you can disable NLA via the GUI:

  1. Press Windows Key + R, type sysdm.cpl, and press Enter.
  2. Go to the Remote tab and uncheck “Allow connections only from computers running Remote Desktop with Network Level Authentication.”
  3. Click Apply to save the changes.

macOS

On macOS, there isn’t a direct equivalent to NLA in the same sense as Windows, but if you’re dealing with similar remote access issues, you can manage access permissions through the Terminal:

  1. Open Terminal.
  2. Use the following command to manage remote access settings:bashCopy codesudo systemsetup -setremotelogin off This command disables remote login, which can be adjusted based on your specific needs. To re-enable it, use on instead of off.

Linux

On Linux, NLA is not used in the same way as it is on Windows. However, you can configure remote access permissions by adjusting SSH settings or using similar tools. To disable password authentication for SSH (which can be somewhat analogous to disabling NLA), use:

  1. Open Terminal.
  2. Edit the SSH configuration file:bashCopy codesudo nano /etc/ssh/sshd_config
  3. Locate and change the following lines:bashCopy codePasswordAuthentication no Set this to yes if you wish to re-enable password authentication.
  4. Save the changes and restart the SSH service:bashCopy codesudo systemctl restart sshd

By using these scripts and commands, you can automate the process of managing Network Level Authentication across different operating systems, ensuring consistent security and configuration settings.

Can anyone use Network Level Authentication?

While Network Level Authentication (NLA) significantly enhances security for remote desktop sessions, it has specific requirements that must be met for it to function effectively.

  1. Client Machine Requirements: The client machine attempting to establish a remote connection must be using at least Remote Desktop Connection 6.0. This version supports NLA and ensures that the necessary protocols are in place for secure authentication.
  2. Operating System Compatibility: The operating system on the client machine needs to support the Credential Security Support Provider (CredSSP) protocol. This includes Windows versions such as Windows 7, Windows Vista, and Windows XP with Service Pack 3. CredSSP is integral to NLA, as it provides the authentication mechanism used to verify user credentials.
  3. Remote Session Host: The server or remote session host must be running a compatible version of Windows Server. Specifically, NLA requires Windows Server 2008 R2 or Windows Server 2008. These versions include the necessary components and settings to support NLA, allowing for secure remote connections.

It’s important to ensure that both the client and server systems meet these requirements to fully leverage the security benefits of NLA. If any component does not meet these specifications, NLA may not function as intended, potentially leaving your remote sessions less secure.

How do I know if my Computer supports Network Level Authentication?

To check if your system supports NLA:

  1. Open Remote Desktop Connection.
  2. Look for the About option in the top left corner of the dialog box.
  3. In the About Remote Desktop Connection dialog box, confirm whether “Network Level Authentication supported” is mentioned.

What will Network Level Authentication look like for my user in practice?

When Network Level Authentication (NLA) is in use, users will encounter an authentication prompt before a remote desktop session is established. This prompt ensures that only users with valid credentials can initiate a remote connection. The process involves a quick verification of the user’s credentials. If the credentials are accurate and valid, the connection proceeds smoothly; if not, the connection is denied, thereby enhancing security and preventing unauthorized access.

To effectively manage and monitor remote sessions, Atera’s Remote Monitoring and Management (RMM) platform can be a valuable tool. Atera provides comprehensive features for overseeing remote desktop connections, ensuring that security measures like NLA are adhered to while streamlining your IT operations. Interested in exploring how Atera can improve your remote management processes? Try our platform for 30 days free and discover how it can enhance your IT management capabilities.

Was this helpful?

Related Articles

Maximize SLA Compliance with Business Hours and Holidays

Read now

The 9 best MSP billing software for streamlined invoicing in 2024

Read now

How to delete or reduce pagefile.sys?

Read now

Comprehensive Guide to Using AnyDesk for IT Professionals

Read now

Endless IT possibilities

Boost your productivity with Atera’s intuitive, centralized all-in-one platform