RWW to a Windows 10 computer generates error

It is a SBS 2008 Server. They use RWW a bunch. I just put in a Windows 10 Workstation and when they try and RWW to it they get the error:

The remote computer requires that authentication be enabled to connect. The connection cannot proceed because authentication is not enabled.

The can still RWW in to the Windows 7 workstations. Just not the Windows 10 ones.
LVL 15
LockDown32OwnerAsked:
Who is Participating?
 
LockDown32Connect With a Mentor OwnerAuthor Commented:
Had nothing to do with the SBS 2008 Server. The workstation is on 1607 (sooner or later everyone will be). There was a fix:

On the local Windows 10 computer open RegEdit
Navigate to this Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Change “SecurityLayer” to a zero
Reboot and done!

Worked like a charm.....
0
 
Cliff GaliherCommented:
Last I checked there is nonfox for this if they are 1607. And likely won't be one. 1511 requires all of the documented changes you can find on the SBA team blog that 8.1 required. Which basically is running IE in compatibility mode. Reducing security versions. Etc.

TL;DR...time to replace SBS 2008 servers. They are nearing EOL anyways.
0
 
Cliff GaliherCommented:
That was the fix for 1511. When 1607 first shipped, it didn't work. And (as I said, "last I checked"), Microsoft's stance was that they didn't want to weaken the security of 1607 by allowing that setting. Basically they were intentionally ignoring it, by design, nit a bug.

If you really are on 1607 and that works, it is possible they relented and fixed it in a CU. But be aware that doing So is a *hheeuuugggeee* security risk. And that behavior certainly isn't guaranteed going forward.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
LockDown32OwnerAuthor Commented:
Winver yields version 1607. As far as being a huge security risk... it obviously hasn't bothered Microsoft for years in that Windows 7 still works without that setting. I can really go back to the customer and say gee you need to spend thousands on a new server because it is a little old.

Fix the problem and keep moving forward in the most cost effective manner possible..........
0
 
Cliff GaliherCommented:
"it obviously hasn't bothered Microsoft"

Flawed logic. Microsoft rarely backdoors security enhancements from newer OSes to older OSes and never does so once they hit extended support.... which windows 7 has been in for years. They patch active security *bugs* but that isn't at all the same.

The fact that LM hashes, for example, can be easily decrypted in seconds isn't a bug. It is just an old technology. There was never a patch to fix LM. If you wanted NTLM, then later NTLMv2, then later Kerberos, you bought a new OS.

But hey, windows 95 still works great. Fix the problem and move on since keeping '95 around is technically "the most cost effective" solution.

It's your network and clients getting screwed over, so really. take my advice or leave it. No skin off my back either way. I just wanted to convey the risk you take by changing the setting you did. I didn't create the setting. I didn't make the new default. Security experts in Microsoft did. If you choose to disbelieve that risk because somehow you know better than Microsoft, more power to ya. I've shared the knowledge I have the  best I can. The rest is on you.
0
 
LockDown32OwnerAuthor Commented:
Not flawed logic. The truth. If everyone always paid Microsoft to have the latest and greatest Small Business would be broke and Microsoft would be  mega rich. Wait... that's the way it is isn't it?

   You are obviously up in the enterprise world where $50,000 to $60,000 is nothing. Well I got news. To small businesses money is something and donations to Microsoft just aren't in the budget.

   Oh ya.... who created the setting in the first place? Uh..... Microsoft Security Experts?
0
 
Cliff GaliherCommented:
I've been a small business consultant decades and a Microsoft SBS MVP for years. But no, I know nothing about small business or Microsoft. Good luck with that.
0
 
LockDown32OwnerAuthor Commented:
Good for you Cliff. I'm happy for you.
0
 
Cliff GaliherCommented:
"You are obviously up in the enterprise world"

You claim your opinions as "fact." Sorry you are butt-hurt when someone calls you on it. My area of expertise wasn't a secret. You just made a foolish claim and are embarrassed. So go ahead, deflect some more.
0
 
LockDown32OwnerAuthor Commented:
Sorry Cliff but you are one of the most arrogant, opinionated people on the planet which is fine if you were right and that is not the case. The first time someone disagrees with you, you throw a temper tantrum like a two year old.  

   I found a solution which contradicted your "there is no solution" and it is off to the races. Grow up and deal with it.
0
 
LockDown32OwnerAuthor Commented:
Simple solution and it worked. No other solutions were given.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.