Solved

Network Level authentication

Posted on 2011-03-23
14
1,258 Views
Last Modified: 2012-05-11
Hi there i have a windows 2008 r2 standard server running as a terminal server
i have set the network level authentication to allow any rdp connection
i have set this using local group policy on the terminal server and the remote tab
however every time the server restarts this reverts back to using network level authentication and no one can log in.
i am not aware of this being set at any other policy so i dont understand why this keeps reverting back.
How can i set this permantely
0
Comment
Question by:dougdog
  • 8
  • 6
14 Comments
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35197523
Have you tried setting it on the cosole (rather than Terminal Service).

Also try running gpresult /r from a command prompt (or RSoP) to make sure there is definitely no over-riding policy.
0
 

Author Comment

by:dougdog
ID: 35197579
do you mean in remote desktop session host configuration
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35197612
I mean log on to the console desktop itself and change the network level authentication, rather than making the change via Remote desktop.

While you're there, check for group policies (Command Prompt, gpresult /r) or Start -> Run -> MMC and add the Resultant Set of Policy snap-in which will tell you exactly what settings are being applied by which policy.

Hope this helps...
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:dougdog
ID: 35197803
it was set to not configured
also no other policies are being applied
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35198341
"it was set to not configured" - Have you now configured, or does the same thing keep happening?
0
 

Author Comment

by:dougdog
ID: 35198572
i changed it to disabled but every time the server restarts it sets it back to enabled.
i ran rsop and it is the local security policy
everytime i change it after a restart it sets it back to enabled
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35198625
Sorry to ask what may sound like a daft question. Where exactly are you making the change (i.e. secpol.msc, gpedit.msc)?
0
 

Author Comment

by:dougdog
ID: 35198871
gpedit.msc
also tried logging in locally and changing it
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35199058
Is your Default Domain policy set to 'Enforced'?

Also, from Egghead Cafe site, not sure if it will help:
There is an option RDP server config to Allow connections only from computers running Remote Destop with Network Level Authentication and it is enabled by default.
I disabled it and RDP is working for Win XP clients.
0
 

Author Comment

by:dougdog
ID: 35199137
when i run a rsop it is the local security policy that is changing not a domain policy
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35199337
Not sure if it'll help, but according to Microsoft:  If the Allow connections from computers running any version of Remote Desktop (less secure) is not selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.

Not sure if that's then causing the other policy to reset.
0
 

Author Comment

by:dougdog
ID: 35200165
still no luck
0
 

Accepted Solution

by:
dougdog earned 0 total points
ID: 35511386
turns out it was sccm client that was enabling this by default
0
 

Author Closing Comment

by:dougdog
ID: 35714668
this was the answer
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question