Disable Network Level Authentication or NLA Remotely via PowerShell
-
If you have NLA enabled on a remote server and need to RDP into it, you may find yourself in a situation where you are locked out and cannot disable the security on the remote machine in order to make the connection. A situation many people found happening to themselves recently thanks to a patch from Microsoft.
If you still have PSRemoting working, you are in luck, it is trivially easy to disable this function from PowerShell.
Disabling NLA is as simple as this command:
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName "remoteServer" -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)You can enable NLA by changing that final (0) into a (1).
We can check on the NLA status, it returns 1 for on and 0 for off:
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName "remoteServer" -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired -
Example thread of people affected where this fix would often work:
https://mangolassi.it/topic/17184/credssp-and-rdp-in-windows-10
-
@scottalanmiller said in Disable Network Level Authentication or NLA Remotely via PowerShell:
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName "remoteServer" -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
This worked, but also as soon as the server is updated to the latest then the issue goes away.
-
@dbeato said in Disable Network Level Authentication or NLA Remotely via PowerShell:
@scottalanmiller said in Disable Network Level Authentication or NLA Remotely via PowerShell:
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName "remoteServer" -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
This worked, but also as soon as the server is updated to the latest then the issue goes away.
Yes, if you have that option.
