Disabling RDP Network Level Authentication (NLA) remotely via the registry
So I logged into a server that was setup by another administrator using RDP to configure some software. For whatever reason it is requesting a reboot, so I let it reboot before I start my work. After the server comes back up I attempt to connect and get a “The connection cannot continue because the identity of the remote computer cannot be verified” error.
From experience I knew this means that Network Level Authentication (NLA) is enabled. NLA is a nice security feature if you have an internal Certificate Authority and time to configure auto-enrollment, but most smaller organization opt for the “less secure” option. Since I have no console level access I’d have to wait for an onsite technician to change it to allow for “less secure” connectivity.
But I can remote into another server on the same local network and connect to the registry. A quick google search failed to identify the key/value to change so I did some digging and testing and found it.
To disable NLA remotely:
- Open regedit on another computer on the same network.
- Under the File menu click “Connect Network Registry…”
- Enter your computer name and click Ok. If this fails to connect you may be out of luck.
- Scroll down in the left pane to find the newly added server. Navigate to this Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp - Find the value “SecurityLayer” and change the data to 0 (that is a zero).
- Voila, I was able to remote in without issue.
I tried this but was getting the error could not connect because NLA is enabled, searched a bit more and found if you change UserAuthentication = 0 in the same key that fixes this error.