Total Pageviews

Sunday, February 12, 2012

Enable Network Level Authentication on Windows XP

By default, remote desktop server (Terminal server) on Windows Vista or Windows 7 requires the client to have network level authentication enabled. However, Windows XP does not have network level authentication enabled by default.

You can allow non-NLA client to connect on the server side. I do not recommend to do that because it downgrades the security.

To enable network level authentication on Windows XP, first, you have to make sure you have upgraded to Windows XP Service Pack 3. The NLA is not enabled in Windows XP SP3 by default, you also need to do the following to enable it:
  1. Click Start, click Run, type regedit, and then press Enter.
  2. In the navigation pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    In the details pane, right-click Security Packages, and then click Modify.
    In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
  3. In the navigation pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
    In the details pane, right-click SecurityProviders, and then click Modify.
    In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
  4. Exit regedit and restart the computer

No comments:

Post a Comment