Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.
COURSE of the MONTH
12 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows 2003 DC want to set GPO to enable Network Level Authentication for Windows XP
Posted on 2013-06-11
Hello EE,
I have a Windows 2003 Domain Controller and have several XP users getting an error going into RDP that Network Level Authentication is not enabled. I'd like to set GPO to enable Network Level Authentication for Windows XP users only if possible.
I have a Windows 2003 Domain Controller and have several XP users getting an error going into RDP that Network Level Authentication is not enabled. I'd like to set GPO to enable Network Level Authentication for Windows XP users only if possible.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
4 Comments
Here are all the GPO settings for RDP:
http://technet.microsoft.com/en-us/library/ee791756%28v=ws.10%29.aspx
Another way would be to deploy a default.rdp file with that option set to all the Windows XP machines.
http://technet.microsoft.com/en-us/library/ee791756%28v=ws.10%29.aspx
Another way would be to deploy a default.rdp file with that option set to all the Windows XP machines.
You can try this article: Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3.
It looks like in order to use Network Level Authentication you must enable CredSSP which is disabled by default on Windows XP.
Microsoft did a very nice job with this article, at least in my opinion. You can use the directions to modify the registry yourself, or you can make use of the .MSI Package and deploy the fix through Group Policy to automate the process and save yourself some time.
According to Microsoft a reboot is required!
Make sure that the client computer(s) is using at least Remote Desktop Connection 6.0.
Or better yet, you can upgrade to Remote Desktop Connection 7.0 client if you have not done so already.
In order to check your RDClient version and the Network Level Authentication readiness see the "About" info of your remote desktop connection clients:
It looks like in order to use Network Level Authentication you must enable CredSSP which is disabled by default on Windows XP.
Microsoft did a very nice job with this article, at least in my opinion. You can use the directions to modify the registry yourself, or you can make use of the .MSI Package and deploy the fix through Group Policy to automate the process and save yourself some time.
According to Microsoft a reboot is required!
Make sure that the client computer(s) is using at least Remote Desktop Connection 6.0.
Or better yet, you can upgrade to Remote Desktop Connection 7.0 client if you have not done so already.
In order to check your RDClient version and the Network Level Authentication readiness see the "About" info of your remote desktop connection clients:
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month12 days, 2 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.