PowerShell: Enabling and Disabling Network Level Authentication (NLA)

NLA is Microsoft’s answer to mitigate some DDoS attacks via remote desktop (RDP). It uses CredSSP, which allows RDP to delegate the user’s credentials from the client to the target server for remote authentication. By default, it’s turned on. If you want to turn it off for fun, here you go. Just kidding – don’t do it.

$server = "SHERVER007"

# View the current NLA setting: 1 is on, 0 is off
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired

# Setting the NLA information to Disabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

# Setting the NLA information to Enabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)

Leave a Reply

Your email address will not be published. Required fields are marked *