Archive for the ‘network level authentication’ Tag

Disabling RDP Network Level Authentication (NLA) remotely via the registry

So I logged into a server that was setup by another administrator using RDP to configure some software.  For whatever reason it is requesting a reboot, so I let it reboot before I start my work.  After the server comes back up I attempt to connect and get a “The connection cannot continue because the identity of the remote computer cannot be verified” error.

From experience I knew this means that Network Level Authentication (NLA) is enabled.  NLA is a nice security feature if you have an internal Certificate Authority and time to configure auto-enrollment, but most smaller organization opt for the “less secure” option.  Since I have no console level access I’d have to wait for an onsite technician to change it to allow for “less secure” connectivity.

But I can remote into another server on the same local network and connect to the registry.  A quick google search failed to identify the key/value to change so I did some digging and testing and found it.

To disable NLA remotely:

  1.  Open regedit on another computer on the same network.
  2. Under the File menu click “Connect Network Registry…”
  3. Enter your computer name and click Ok.  If this fails to connect you may be out of luck.
  4. Scroll down in the left pane to find the newly added server. Navigate to this Key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  5. Find the value “SecurityLayer” and change the data to 0  (that is a zero).
  6. Voila, I was able to remote in without issue.