W2K8 Std server, Remote Desktop role added. There are three levels of connections, 1) Don't allow, 2) Allow Connections for computers running any version .. and 3) Allow connections with Network Level Authentication (more secure). My server defaults to the NLA. I don't want this level as it prohibits my primary users from remoting into their application server. The server defaults to NLA because of a local group policy. Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security. The last setting is: Require user authentication for remote connections by using Network Level Authentication. If I Disable or Not configure this setting, upon server reboot, it's enabled. This prohibits my users from accessing the desktop of the server. This server has 5 network GPO's applied to it, all of those GPO's has this setting as Not configured. I don't know where, upon server restart, this setting is enabled from. Putting a hack on a client PC is not a fix for us. We have 4 other servers in this OU all setup by the same person this is not an issue on any of the other 4 servers.
This particular Local Computer Policy will not hold the setting I choose.