About Network Level Authentication
Network Level Authentication (NLA) is an authentication tool used in Remote Desktop Services (RDP Server) or Remote Desktop Connection (RDP Client), introduced in RDP 6.0 in Windows Vista and above. NLA is sometimes called front authentication as it requires the connecting user to authenticate themselves before a session can be established with the remote device.
Starting a remote session on a device (e.g. a server) requires many processes to run in the background which can use up CPU resources on the remote device. This can be prevented by requiring the connecting user to authenticate themselves first. Any failed attempt made by an unauthorized user will not allow to establish a connection and, consequently, will not use the device's CPU resources. Requiring user authentication before the remote session also offers a layer of defense against Denial of Service (DoS) attacks.
When a user tries to establish a connection to a device with NLA enabled, NLA will delegate the user's credentials from the client through a client side Security Support Provider to the server for authentication before creating a session. Only once the user authentication is successful will the connection be established.
NLA can be enabled / disabled on the target device by accessing one of the paths below:
Start menu → Control Panel → System and Security → System → Remote Settings → Remote → Remote Desktop → select Allow connections only from computers running Remote Desktop with Network Level Authentication
Start menu → Control Panel → right-click on Computer → Properties → Remote Settings → Remote → Remote Desktop → select Allow connections only from computers running Remote Desktop with Network Level Authentication
- Log into the Agent Browser. Refer to Log into the Agent Browser.
- Connect to a server. Refer to Connect to a device.
- Click Tools → Windows RDP or click the Remote Desktop Protocol icon .
- You will now be prompted to authorize yourself in order to establish the connection. Enter your Username and Password.
- Select Use Network Level Authentication.
The option to use NLA will be grayed out on incompatible devices.
- Select Remember passwords for this device if you want your password to be remembered for future RDP sessions.
- Click Login to establish the connection.
- The connection will be established if the user authentication has been successful.
|Need to troubleshoot this? Open the Datto Knowledge Base.|
|Want to talk about it? Head on over to our Community Forum!|
|Forward this topic to others.|
|Provide feedback for the Documentation team.|