Overview

Network Level Authentication (NLA) is a security feature introduced in Windows Server 2003 and Windows XP that requires the user to authenticate before establishing a remote desktop connection. This means that the user must provide a valid username and password before the remote desktop session begins.

NLA adds an extra layer of security to the remote desktop connection by preventing unauthorized access to the remote computer. This is especially important in corporate environments where sensitive information may be stored on remote servers. By requiring authentication before the remote desktop session starts, NLA helps to prevent unauthorized access to the remote computer and its resources.

Network Level Authentication is an important security feature for remote desktop connections. By requiring authentication before the remote desktop session starts, it helps to prevent unauthorized access to the remote computer and its resources. The commands outlined in this article allow administrators to check the status of NLA, and enable or disable it through the command prompt.

Here are some commands to get the status of NLA, and enabling or disabling it through the command prompt:

To Get the Status of NLA:

Open the Command Prompt as an administrator.

Type the following command:

mstsc /v:<computer name or IP address> /admin

The status of NLA will be displayed in the Remote Desktop Connection dialog box.

You can also use “winrs” command to get the status of NLA. The “winrs” command is a Windows Remote Shell command that allows you to run remote commands on a Windows computer. The “-r” option is used to specify the remote computer, and “reg query” is used to query the Windows registry on the remote computer. The value of the “UserAuthentication” key is displayed as the result of the command.

This value determines whether Network Level Authentication (NLA) is enabled or disabled for Remote Desktop Protocol (RDP) connections on the remote computer. If the value is set to “1”, NLA is enabled, and if the value is set to “0”, NLA is disabled. By retrieving the value of this key, you can determine the NLA status for RDP connections on the remote computer.

Here is an example of the command.

winrs -r:ComputerName.domain.com reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP" /v UserAuthentication

It retrieves the value of the registry key “UserAuthentication” located in the “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP” registry key on the remote computer with the hostname or IP address “ComputerName.domain.com”.

To Enable NLA:

Open the Command Prompt as an administrator.

Type the following command:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "UserAuthentication" /t REG_DWORD /d 0x00000001 /f

Restart the remote computer for the changes to take effect.

To Disable NLA:

Open the Command Prompt as an administrator.

Type the following command:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "UserAuthentication" /t REG_DWORD /d 0x00000000 /f

Restart the remote computer for the changes to take effect.