Network Level Authentication

Paul Burns General, News, Real World ThinManager

Network Level Authentication (NLA) completes user authentication before establishing a remote desktop connection.

Without NLA a user connects to the Terminal Server/Remote Desktop Server and the Terminal Server / Remote Desktop Server launches the Windows Login screen. This uses some resources and has the potential of DOS attacks.

The NLA uses credentials on the client to authenticate before starting the session, saving resources.

ThinManager supports NLA starting with Firmware 7.1.113 inside of the TermPack 7.1.3 package released on 6/26/2015.

Previous versions of firmware did not support NLA and required that the Allow connections only from computers running Remote Desktop with Network Level Authentication setting to be turned off.

This setting can now be turned on to allow ThinManager thin clients to authenticate using the NLA.

Using Network Level Authentication

If a terminal has a valid Windows account entered in its configuration for an automatic login then the client will pass that info through NLA to authenticate and the client will login and start a session without the operator noticing.

If a terminal does not have a valid Windows account entered in its configuration for a manual login then a NLA login screen will be displayed requiring a valid user account and password. This gets passed to the Terminal Server/RDS for the login.

A Windows Security/Login window is never displayed.

NLA Login02.jpg

To configure Network Level Authentication:

2008 R2

  • Start the Remote Desktop Session Host Configuration utility from Administrative Tools / Remote Desktop Services
  • Unders Connections, right-click on RDP-Tcp and select Properties
  • Under the General tab, uncheck “Allow connections only from computers running Remote Desktop with Network Level Authentication” to turn off NLA.
  • Under the General tab, check “Allow connections only from computers running Remote Desktop with Network Level Authentication” to use NLA.

2012 / 2012 R2

  • Open the Remote Desktop Services snap-in in the Server Manager
  • Select the applicable collection under Collections
  • In the Properties section select the Tasks drop-down and click Edit Properties
  • Under the Security section, uncheck “Allow connections only from computers running Remote Desktop with Network Level Authentication” to turn off NLA.
  • Under the Security section, check “Allow connections only from computers running Remote Desktop with Network Level Authentication” to use NLA.

 

For more information on ThinManager, please visit www.thinmanager.com