locked
Disable credSSP and NLA server side RRS feed

  • Question

  • I need to be able to disable the credSSP and really any form of network level authentication (NLA) server side for particular servers, preferably via a registry entry but any solution would be very helpful at this stage.

    My problem is that I’m trying to secure a particular server with two factor authentication using a custom credential provider but the windows RDP client (RDC v6) doesn’t allow custom credential providers so I need the authentication to happen on the server rather than the client.

    I know this increases the risk of DOS and man in the middle attacks but none-the-less I would like to implement the feature.

    I’ve seen solutions that circumvent the credSSP client side using a hack whereby you change a line in the .rdp file, but this isn’t the solution I’m looking for.

    Any help would be appreciated.

     

     

    Wednesday, November 10, 2010 5:31 AM

Answers

  • Hi,

    You can disable credSSP by seting “Security Layer” on the server to “RDP Security Layer” in the Remote Desktop Session Host Configuration console (tsconfig.msc).

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Joson Zhou Thursday, November 18, 2010 7:13 AM
    Tuesday, November 16, 2010 6:01 AM