Virtual Kim

@Kim_Bottu … Virtually Gung Ho

RDP to WINDOWS 2012 servers doesn’t work because of NLA setting on all 2012 servers

If you cannot RDP into a 2012 servers, it probably is caused by the NLA settings on the 2012 servers in your domain. You can manually logon on each server locally and set the NLA setting to disabled using commandline or the GUI… or you can be clever and use PowerShell to remotely disable NLA for a list of hosts.
Authentication PacketPrivacy -Impersonation Impersonate allows you to run PowerShell scripts as the user who is current running PowerShell

Get the NLA status from the hosts

#Get the NLA status from the hosts

$servers = Get-Content -Path C:\MYSERVERS\servers.txt
write-host

write-host Get the NLA status of the hosts found in C:\MYSERVERS\servers.txt

write-host

(Get-WmiObject -Authentication PacketPrivacy -Impersonation Impersonate -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -cn $servers -Filter “TerminalName=’RDP-tcp'”).UserAuthenticationRequired

write-host

write-host DONE!

Set the NLA status to disabled

#Set the NLA status to disabled

$servers = Get-Content -Path C:\MYSERVERS\servers.txt
write-host

write-host Setting the NLA status to disabled to the hosts found in C:\MYSERVERS\servers.txt

write-host

(Get-WmiObject -Authentication PacketPrivacy -Impersonation Impersonate -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -ComputerName $servers -Filter “TerminalName=’RDP-tcp'”).SetUserAuthenticationRequired(0)
write-host

write-host DONE!

Set the NLA status to enabled

#Set the NLA status to enabled

$servers = Get-Content -Path C:\MYSERVERS\servers.txt

write-host

write-host Setting the NLA status to enabled to the hosts found in C:\MYSERVERS\servers.txt

write-host

(Get-WmiObject -Authentication PacketPrivacy -Impersonation Impersonate -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -ComputerName $servers -Filter “TerminalName=’RDP-tcp'”).SetUserAuthenticationRequired(1)

write-host

write-host DONE!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on March 13, 2015 by in Network Level Authentication, Powershell, Server2012 and tagged , , .
Follow Virtual Kim on WordPress.com

Blog Stats

  • 26,240 hits
%d bloggers like this: