Network Level Authentication

About Network Level Authentication

Network Level Authentication (NLA) is an authentication tool used in Remote Desktop Services (RDP Server) or Remote Desktop Connection (RDP Client), introduced in RDP 6.0 in Windows Vista and above. NLA is sometimes called front authentication as it requires the connecting user to authenticate themselves before a session can be established with the remote device.

Starting a remote session on a device (e.g. a server) requires many processes to run in the background which can use up CPU resources on the remote device. This can be prevented by requiring the connecting user to authenticate themselves first. Any failed attempt made by an unauthorized user will not allow to establish a connection and, consequently, will not use the device's CPU resources. Requiring user authentication before the remote session also offers a layer of defense against Denial of Service (DoS) attacks.

When a user tries to establish a connection to a device with NLA enabled, NLA will delegate the user's credentials from the client through a client side Security Support Provider to the server for authentication before creating a session. Only once the user authentication is successful will the connection be established.

How to...

 

Need to troubleshoot this? Open the Datto Knowledge Base.
Want to talk about it? Head on over to our Community Forum!
Forward this topic to others.
Provide feedback for the Documentation team.