Hi Guys, Working on trying to get a GPO to work for NLA and Printer redirection. The GPO shows that it is applying in GPResult/RSOP but the UI is not reflecting the change. I've verified the GPO is showing as the winning GPO. If I open up the
session collection settings both the NLA and Allow printer redirection checkboxes are checked. I've rebooted the host and for safe measure added the server to the security filtering for the GPO but it is still showing the settings as checked. Maybe its a UI
bug, as I can RDP into the server without an issue even though NLA shows checked, but I've not tested to see if printer redirection is enabled or disabled in practice.
Its quite the simple GPO.
| | |
|---|
<span gpmc_settingdescription="This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring
that user authentication occur earlier in the remote connection process.
If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server.
To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote
Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server.
If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
Important: Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
" gpmc_settingname="Require user authentication for remote connections by using Network Level Authentication" gpmc_settingpath="Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session
Host/Security" gpmc_supported="At least Windows Vista" tabindex="0"> |