Configure Network Level Authentication for Remote Desktop Services Connections
Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created.
Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software. The advantages of Network Level Authentication are:
It requires fewer remote computer resources initially. The remote computer uses a limited number of resources before authenticating the user, rather than starting a full remote desktop connection as in previous versions.
It can help provide better security by reducing the risk of denial-of-service attacks.
To use Network Level Authentication, you must meet the following requirements:
The client computer must be using at least Remote Desktop Connection 6.0.
The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.
The RD Session Host server must be running Windows Server 2008 R2 or Windows Server 2008.
Use the following procedure to configure Network Level Authentication for a connection.