Remote Assist/RDP AAD Joined Windows Machines

disable NLA on taget machine

In Windows 10 Microsoft changed RDP’s defaults. We modified the default for “SecurityLayer” from 0 to 2. Even if you go into the user interface and disable: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” Still doesn’t change that value to a 2.

Simple fix:

  1. Open RegEdit
  2. Navigate to this Key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  3. Change “SecurityLayer” to a zero
  4. Reboot

after above you should be able to login with RDP using AzureAD\ login and password

Leave a Reply


  • No products to compare
Clear all Compare