Network Level Authentication
NLA — Network Level Authentication.
RDP server without NLA when connected draws this login interface:
If on RDP server NLA is turned on, then server won't show any interface before password check.
Then client should draw interface. WTware login interface:
By default since Windows 2012 Server NLA is turned on. Advantages of NLA:
- + NLA is safer. Without NLA server communicates about graphics compression, allows to open COM-ports, connect smartcards
to any connected by TCP/IP client. The more communication between client and server, the higher hacking probability. With NLA server
doesn't communicate with client before password check.
Disadvantages of NLA:
- - There's no way to change expired password. You are to change password in some other interface, not by RDP connection.
- - There's no on-screen keyboard in login interface.
- - No error diagnostics. Without NLA Windows will explain what is the problem with login or password. With NLA server just disconnects without explanations.
To turn off NLA run on server Local Group Policy Editor
(for domain server you may use domain policies):
Change only one setting: