Posted On July 9, 2019

PowerShell: Enabling and Disabling Network Level Authentication (NLA)

kimconnect 0 comments
blog.KimConnect.com >> Codes >> PowerShell: Enabling and Disabling Network Level Authentication (NLA)
July 9, 2019July 9, 2019 kimconnectkimconnect 0 Comments

NLA is Microsoft’s answer to mitigate some DDoS attacks via remote desktop (RDP). It uses CredSSP, which allows RDP to delegate the user’s credentials from the client to the target server for remote authentication. By default, it’s turned on. If you want to turn it off for fun, here you go. Just kidding – don’t do it.

$server = "SHERVER007"

# View the current NLA setting: 1 is on, 0 is off
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired

# Setting the NLA information to Disabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

# Setting the NLA information to Enabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)
Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Post Image

Read More

Linux: How To Install Visual Studio Code

Intro Bypassing any discussions about choosing Visual Studio Code (VS Code) over Atom or Sublime…
Post Image

Read More

PowerShell: Allow Log On To Remote Desktop Service

# editWindowsSecurity.ps1 # Version 0.0.1 # Notes: # - This has NOT been thoroughly tested.…
Post Image

Read More

PowerShell: Quick EMCopy

# Short Version $arr=@(); $arr+=[PSCustomObject]@{From='D:\Someshare';To='\\NEWSERVER\Someshare'} $arr+=[PSCustomObject]@{From='D:\Test';To='\\NEWSERVER\Test'} # Normal copying # $arr|%{emcopy $_.From $_.To /s /de…