Why does the RDP Connector not use NLA?

Network Level Authentication (NLA) is a client side security technology that requires the user to authenticate themselves before a session can be established to the server. The purpose of this technology is to reduce resource load on servers and helps to mitigate against denial of service attacks by not establishing a desktop session until preauthorized  through the CredSSP (the dialog that pops up when you attempt a connection). 

When using the RDP Connector, we have to establish the connection to the desktop to do the automated credential injection. As such, it is not possible to do credential injection and NLA at the same time without writing our own CredSSP, which is not a supported practice by Microsoft, nor is it practical as it means you have to push a client-side extension to mstsc (RDP) for it to work.

NLA has value. However disabling it does not by itself cause a major security risk. This could also be further mitigated by using firewall policy rules to limit access via RDP to the host.



If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section