• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 980
  • Last Modified:

Windows 2003 DC want to set GPO to enable Network Level Authentication for Windows XP

Hello EE,

I have a Windows 2003 Domain Controller and have several XP users getting an error going into RDP that Network Level Authentication is not enabled.  I'd like to set GPO to enable Network Level Authentication for Windows XP users only if possible.
0
bergquistcompany
Asked:
bergquistcompany
  • 2
1 Solution
 
Seaton007Commented:
Here are all the GPO settings for RDP:
http://technet.microsoft.com/en-us/library/ee791756%28v=ws.10%29.aspx

Another way would be to deploy a default.rdp file with that option set to all the Windows XP machines.
0
 
bergquistcompanyAuthor Commented:
I don't have policies this is 2003 DC
0
 
d_nedelchevCommented:
You can try this article: Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3.

It looks like in order to use Network Level Authentication you must enable CredSSP which is disabled by default on Windows XP.

Microsoft did a very nice job with this article, at least in my opinion. You can use the directions to modify the registry yourself, or you can make use of the .MSI Package and deploy the fix through Group Policy to automate the process and save yourself some time.

According to Microsoft a reboot is required!

Make sure that the client computer(s) is using at least Remote Desktop Connection 6.0.

Or better yet, you can upgrade to Remote Desktop Connection 7.0 client if you have not done so already.

In order to check your RDClient version and the Network Level Authentication readiness see the "About" info of your remote desktop connection clients:


Remote Desktop Connection client.About Remote Desktop Connection client.
0
 
bergquistcompanyAuthor Commented:
Excellent thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now