PowerShell: Enabling and Disabling Network Level Authentication (NLA)

NLA is Microsoft’s answer to mitigate some DDoS attacks via remote desktop (RDP). It uses CredSSP, which allows RDP to delegate the user’s credentials from the client to the target server for remote authentication. By default, it’s turned on. If you want to turn it off for fun, here you go. Just kidding – don’t do it.

$server = "SHERVER007"

# View the current NLA setting: 1 is on, 0 is off
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired

# Setting the NLA information to Disabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

# Setting the NLA information to Enabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)

Categories:

Codes

PowerShell: Enabling and Disabling Network Level Authentication (NLA)

Leave a Reply Cancel reply

Search

Archives

Meta

PowerShell: Enabling and Disabling Network Level Authentication (NLA)

Leave a Reply Cancel reply

Search

Archives

Meta

Tag Cloud