Welcome to MSDN Blogs Sign in | Join | Help

Rexiology@MSDN

Nothing but Microsoft Technologies...
Remote Desktop 6.0, Network Level Authentication not work on OS prior Vista...

 

Just a small tip for people using Remote Desktop very often, like me.

Microsoft released new version of Remote Desktop, on version 6.0 , which has more support on the ease of use of Terminal Service. one of the features I like very much is the support for connecting local device to remote site, like, a local smartcard reader to remote site and to login some places in remote place using smartcard beside you.

But to use Remote Desktop service in Vista isn't as intuitive as before now. as the network security is strengthen, you gotta do some settings to let your Vista machine be able to be terminal serviced from any "safe" place or safe connection source. this includes the settings of Vista's enhanced firewall. things will get more complicated if your Vista machine is under a Domain and Domain Admin put some restrictions on your firewall rule. I'll post the settings for Vista firewall to enable RDP connection when I have time later.

for now, one should be aware that after RDP6.0, there is a function called Network Level Authentication (NLA), which seems to be only available after Vista. so if you set your Vista RDP to only accept NLA connection, you'll fail your connection when you termical service to your Vista from WinXP or Windows 2003 Server, like this dialogue box:

rdpvista1.jpg

So, where to turn on or turn off NLA in Vista? it's at Control Panel -> System -> Remote Settings:

rdpvista2.jpg

if you want to be able to terminal service from WinXP or Windows 2003 servers, using the second setting. if you only RDP using Vista machines, you can set the third setting to turn on NLA, which should be more safe on handling your connections...

FYI

Technorati Tags: microsoft , windowsvistaremote desktopRDPNLA

 

Posted: Wednesday, March 28, 2007 1:29 AM by rextangtw

Comments

Movies » Rexiology@MSDN : Remote Desktop 6.0 Network Level Authentication not … said:

PingBack from http://movies.247blogging.info/?p=3726

# January 1, 2008 3:32 PM

SecurityEnthusiast said:

Just to prevent misunderstanding, since people tend to follow advice given on MSDN blogs -- you should NOT turn off NLA on Vista anymore.

Instead, upgrade your Remote Desktop client on XP, 2K3, or Mac OS X.  The new versions, released in the past year, all support NLA.

# June 18, 2008 11:45 AM

rextangtw said:

SecurityEnthusiast:

Yes, you are right. when this post was composed there were still lots of XP client running old version of Remote Desktop Client, also , the new version was not been as an optional windows update patch yet.

for now, when running windows update on XP or 2003 clients, there are optional patch contains new version of Remote Desktop which supports NLA without no problems, install that to strength your security.

# June 18, 2008 11:59 AM

EPMerc said:

Actually, its the other way around, my Xp desktop can remotely access my vista laptop. However, when I attempt to remotely access my xp desktop using my vista laptop, I get the following  message during logon: "The local policy of this system does not permit you to logon interactively".

I will appreciate an instructional solution, please. thank you.

# August 3, 2009 12:58 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker