Skip to content

Instantly share code, notes, and snippets.

@pingec
Last active August 1, 2024 11:35
Show Gist options
  • Save pingec/7b391a04412a7034bfb6 to your computer and use it in GitHub Desktop.
Save pingec/7b391a04412a7034bfb6 to your computer and use it in GitHub Desktop.
Disable NLA on remote desktop (mstsc) client (fixing password expired problem)
Sometimes you try to open a remote desktop connection to a machine only to get an error message that "the password has expired".
If the remote machine does not enforce NLA (Network Level Authentication), it is still possible to start a remote desktop session by disabling NLA on the client (currenlty not possible from the menu on my remote desktop client v.6.3.96000 that came with windows 8.1).
Add the following setting to your .rdp file ("C:\Users\<User>\Documents\Default.rdp" if you aren't using a specific one).
enablecredsspsupport:i:0
Optionally you might need to specify
authentication level:i:0
@Hobart
Copy link

Hobart commented Jun 4, 2019

Worked for me, thank you!

@denmon99
Copy link

denmon99 commented Aug 4, 2021

This also seems to fix an RDP error with GCPW (Google Credential Provider for Windows). On on our GCPW-ized Win10 machines, trying to RDP into them often results in the error "The system administrator has restricted the types of logon (network or interactive) that you may use".

One solution reported for this error is to turn off NLA (network level authentication), but even if you do that on the destination system, RDP still fails until we add enablecredsspsupport:i:0 to the client RDP file. Thanks much!

@JoeBrunsTR
Copy link

JoeBrunsTR commented Mar 29, 2024

Windows Server 2019

Any ever run into a local (Non-AD) account that has "User must change password at next logon" selected (by design) and when you supply correct account and password we get prompt with:

"You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support." with an OK button.

and here is the kicker:

When you press OK button, it simply ends the RDP dialog and does not give an opportunity to change it.

If we turn off the "User must change password at next logon" check box, we can get logged on fine, so account password is ok when we try to logon. We need to set the "User must change password at next logon" so that the user is forced to change it on next logon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment