[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2003 DC want to set GPO to enable Network Level Authentication for Windows XP

Posted on 2013-06-11
4
Medium Priority
?
975 Views
Last Modified: 2013-06-13
Hello EE,

I have a Windows 2003 Domain Controller and have several XP users getting an error going into RDP that Network Level Authentication is not enabled.  I'd like to set GPO to enable Network Level Authentication for Windows XP users only if possible.
0
Comment
Question by:bergquistcompany
  • 2
4 Comments
 
LVL 12

Expert Comment

by:Seaton007
ID: 39239321
Here are all the GPO settings for RDP:
http://technet.microsoft.com/en-us/library/ee791756%28v=ws.10%29.aspx

Another way would be to deploy a default.rdp file with that option set to all the Windows XP machines.
0
 

Author Comment

by:bergquistcompany
ID: 39239334
I don't have policies this is 2003 DC
0
 
LVL 5

Accepted Solution

by:
d_nedelchev earned 2000 total points
ID: 39240985
You can try this article: Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3.

It looks like in order to use Network Level Authentication you must enable CredSSP which is disabled by default on Windows XP.

Microsoft did a very nice job with this article, at least in my opinion. You can use the directions to modify the registry yourself, or you can make use of the .MSI Package and deploy the fix through Group Policy to automate the process and save yourself some time.

According to Microsoft a reboot is required!

Make sure that the client computer(s) is using at least Remote Desktop Connection 6.0.

Or better yet, you can upgrade to Remote Desktop Connection 7.0 client if you have not done so already.

In order to check your RDClient version and the Network Level Authentication readiness see the "About" info of your remote desktop connection clients:


Remote Desktop Connection client.About Remote Desktop Connection client.
0
 

Author Closing Comment

by:bergquistcompany
ID: 39244823
Excellent thanks!
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question