Policy
Configure server authentication for client
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: WindowsVista
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. If you enable this policy setting, you must specify one of the following settings: Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Authentication setting: ID TS_SERVER_AUTH_LEVEL | enum | HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AuthenticationLevel Type REG_DWORD | Options: Always connect, even if authentication fails (0), Warn me if authentication fails (2), Do not connect if authentication fails (1) |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow .rdp files from unknown publishersAt least Windows Vista with Service Pack 1
- UserAllow .rdp files from unknown publishersAt least Windows Vista with Service Pack 1
- ComputerAllow .rdp files from valid publishers and user's default .rdp settingsAt least Windows Vista with Service Pack 1
- UserAllow .rdp files from valid publishers and user's default .rdp settingsAt least Windows Vista with Service Pack 1
- ComputerDisable Cloud Clipboard integration for server-to-client data transferAt least Windows 11 Version 22H2
- ComputerDo not allow hardware accelerated decodingAt least Windows Server 2016, Windows 10
- UserDo not allow passwords to be savedAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerDo not allow passwords to be savedAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerPrompt for credentials on the client computerAt least Windows Vista with Service Pack 1
- ComputerSpecify SHA1 thumbprints of certificates representing trusted .rdp publishersAt least Windows Vista with Service Pack 1
- UserSpecify SHA1 thumbprints of certificates representing trusted .rdp publishersAt least Windows Vista with Service Pack 1
- ComputerTurn Off UDP On ClientAt least Windows 8 or Windows RT