Policy
Require user authentication for remote connections by using Network Level Authentication
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported. If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. Important: Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\UserAuthentication | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAlways prompt for password upon connectionAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerDisconnect remote session on lock for legacy authenticationWindows 11 22H2 SERVER
- ComputerDisconnect remote session on lock for Microsoft identity platform authenticationWindows 11 22H2 SERVER
- ComputerDo not allow local administrators to customize permissionsAt least Windows Server 2003
- ComputerEnable Microsoft Entra ID Authentication EnforcementAt least Windows 11 Version 24H2
- ComputerRequire secure RPC communicationAt least Windows Server 2003
- ComputerRequire use of specific security layer for remote (RDP) connectionsAt least Windows Vista
- ComputerServer authentication certificate templateAt least Windows Vista
- ComputerSet client connection encryption levelAt least Windows Server 2003 operating systems or Windows XP Professional