Network Level Authentication

From ThinManager Knowledge Base
(Redirected from NLA)
Jump to: navigation, search

Network Level Authentication (NLA) completes user authentication before establishing a remote desktop connection.

Without NLA a user connects to the Terminal Server/Remote Desktop Server and the Terminal Server / Remote Desktop Server launches the Windows Login screen. This uses some resources and has the potential of DOS attacks.

The NLA uses credentials on the client to authenticate before starting the session, saving resources.

Minimum Client Version For NLA Support

Client Version
Terminal Firmware Package 7.1.3
WinTMC 2.3.0.0
iTMC 8.0.3
AndroidTMC RC 0.3.8

Previous versions of these clients do not support NLA and require that the Allow connections only from computers running Remote Desktop with Network Level Authentication setting to be disabled.


Note: To use NLA the terminal requires at least 64MB of memory.


Using Network Level Authentication

If a terminal has a valid Windows account entered in its configuration for an automatic login then the client will pass that info through NLA to authenticate and the client will login and start a session without the operator noticing.

If a terminal does not have a valid Windows account entered in its configuration for a manual login then a NLA login screen will be displayed requiring a valid user account and password. This gets passed to the Terminal Server/RDS for the login.

A Windows Security/Login window is never displayed.

NLA Login02.jpg



To disable the requirement of Network Level Authentication:

2008 R2

  • Start the Remote Desktop Session Host Configuration utility from Administrative Tools / Remote Desktop Services
  • Unders Connections, right-click on RDP-Tcp and select Properties
  • Under the General tab, uncheck “Allow connections only from computers running Remote Desktop with Network Level Authentication” to turn off NLA.
  • Under the General tab, check “Allow connections only from computers running Remote Desktop with Network Level Authentication” to use NLA.

2012 / 2012 R2

  • Open the Remote Desktop Services snap-in in the Server Manager
  • Select the applicable collection under Collections
  • In the Properties section select the Tasks drop-down and click Edit Properties
  • Under the Security section, uncheck “Allow connections only from computers running Remote Desktop with Network Level Authentication” to turn off NLA.
  • Under the Security section, check “Allow connections only from computers running Remote Desktop with Network Level Authentication” to use NLA.