Remote Desktop security setting - NLA

A customer has about 100 servers all of which have Network Level Authentication turned on. Dont ask my why but I need to change it to - Allow connections from computers running any version of Remote Desktop (less secure).

It looked like I could change it via a GPO, and that settings was here => Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security/Require user authentication by using NLA. But this setting only changes it on the Remote Desktop Session Host (which is kinda obvious)

I need to change this on ALL servers. Anyone know how to do this? GPO/SCCM/PowerShell/Witchcraft/Black Magic etc??

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Essendon

Located the registry key for this setting:

Windows PowerShell® 2.0 Bible > CHAPTER 5: Managing Security > Enabling Remote Desktop - Pg. : Safari Books Online

Working with our scripting guy to create a script to enforce this change on all servers.

Essendon

FWIW, here's the script that I used to do this job. Just thought it might help someone else.

Import-module ActiveDirectory

$arrComputers = Get-ADComputer -SearchBase 'OU=xxx,DC=xxx,DC=local' -Filter {Name -like 'xxx*'} # Specify Base OU and Server Name here
 
    Foreach ($objComputer in $arrComputers)
    {
    $strComputer = $objComputer.dnshostname
    $objPing = new-object system.net.networkinformation.ping
    $strPingResult = $objPing.Send($strComputer)
 
        if ($strPingResult.status -eq 'Success')
        {
        $ObjBaseReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$strComputer)
        $ObjTargetReg = $objBaseReg.OpenSubKey('System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP')
   
        
            if ($ObjTargetReg.GetValue('UserAuthentication') -ne 0)
            {
            #$ObjTargetReg.SetValue('UserAuthentication',0)
            "$strComputer - Changing Value"
            }
        }
        Else
        {
        "$strComputer is Offline"
        }
    $strPingResult = $null
    }

higherho

I wouldn't turn that to less secure. I know when I go through security audits RDP is typically locked down. Especially with that RDP bug that was out not to long ago (I forget the name atm, but I had to patch my systems and make sure I had RDP locked down on the server and the firewall). If the company does not care about it then go for it.