To disable Network Level Authentication (NLA) in Windows Server, you have several options depending on whether you can access the server locally, via RDP, or only through Safe Mode or offline registry. Below are the most common methods:
✅ Method 1: Disable NLA via System Properties (GUI)
- Log into the server locally or via RDP.
- Press
Win + R→ typeSystemPropertiesRemote.exe→ Enter. - Under Remote Desktop, uncheck: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”
- Click Apply → OK.
✅ Method 2: Disable NLA via Registry (regedit)
- Open
regedit.exe. - Navigate to: pgsql
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp- Find the value:
UserAuthentication→ Double-click and set to0.
- Reboot the server.
✅ Method 3: Disable NLA via PowerShell
Run this in an elevated PowerShell session:
powershellSet-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value 0
Optional (ensure RDP is enabled):
powershellSet-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
✅ Method 4: Disable NLA via Group Policy
- Run
gpedit.msc. - Navigate to:
- pgsql
Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security- Set “Require user authentication for remote connections by using Network Level Authentication” to Disabled.
- Run
gpupdate /force.
🛠️ Offline or Recovery Mode (if locked out)
If you’re locked out due to NLA and cannot RDP, you can:
- Boot into Safe Mode with Networking (F8 or Shift+Restart).
- Then disable NLA via registry or PowerShell as shown above.
- OR mount the drive offline on another machine and edit the registry manually.
