Network Level Authentication

About Network Level Authentication

Network Level Authentication (NLA) is an authentication tool used in Remote Desktop Services (RDP Server) or Remote Desktop Connection (RDP Client), introduced in RDP 6.0 in Windows Vista. NLA is sometimes called front authentication as it requires the connecting user to authenticate themselves before a session can be established with the remote device.

Starting a remote session on a device (for example, a server) requires many processes to run in the background, which can use up CPU resources on the remote device. This can be prevented by requiring the connecting user to authenticate themselves first. Any failed attempt made by an unauthorized user will prevent a connection from being established and, consequently, will not use the device's CPU resources. Requiring user authentication before the remote session also offers a layer of defense against Denial of Service (DoS) attacks.

When a user attempts to establish a connection to a device with NLA enabled, NLA will delegate the user's credentials from the client through a client-side Security Support Provider to the server for authentication before creating a session. Only once the user authentication is successful will the connection be established.

How to...