RDP with empty password

[yeswanthkumar97]

Is it possible to connect RDP with only username and empty password on localhost machine? I allowed access to login with only username and empty password via below method and it is working with official Microsoft rdp client. https://harshasnmp.wordpress.com/2018/03/21/windows-allow-remote-desktop-access-with-blank-passwords/comment-page-1/

[cedrozor]

Yes, you need to disable the NLA requirement server side (https://kb.parallels.com/en/123661) and use RDP as security protocol instead of AUTO (NLA) into the Myrtille login screen, then you will be able to connect the server with empty username and password, which will be asked into the Windows logon screen.

[yeswanthkumar97]

Tried to connect after disabling NLA on server and used RDP as security protocol.

But i got below error (NOTE: I am trying to connect to localhost hence server field is empty)

[cedrozor]

Is the machine member of a domain? do you have a domain GPO overriding the local policy? if the machine isn't member of a domain, try to force apply the policy (gpupdate /force) and restart the machine. Then, try empty username and password with mstsc.exe, to see if the policy was applied.

[yeswanthkumar97]

I am on a local home Network. No domain is associated with the PC. tried "gpupdate /force"and restart but still same error "The remote connection failed due to missing or invalid credentials". shall i try below suggestion ? as i am using windows 10 https://github.com/cedrozor/myrtille/issues/116#issuecomment-399766935

[cedrozor]

Yes, you could try to apply RDPSetup.reg, it's probably a configuration issue of some kind.

[yeswanthkumar97]

I have RDPSetup.reg file with same content as https://github.com/cedrozor/myrtille/blob/43f1125124f6bbbf857d58632ab24b4bc57a6896/Myrtille.Services/RDPSetup.reg#L20 but it is not reflected in windows registry editor. As you said it is applicable for previous versions of myrtille hence I think it is not reflected.

After manually doing changes in windows registry editor as said in below comment it is working fine, Thanks https://github.com/cedrozor/myrtille/issues/116#issuecomment-399766935

Please consider below changes in Myrtille, if possible

1) An option to some how force apply below change in windows registry (In windows 10 it has value "2" even after NLA is disabled) Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer to 0

2) Support for login directly to windows with password empty and only username when NLA is enabled which is possible with windows RDP client.

[cedrozor]

Glad it works 👍

An option to some how force apply below change in windows registry
(In windows 10 it has value "2" even after NLA is disabled)
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer to 0

Editing the registry is not the recommended way to handle this, you have local and domain policies into Windows which are meant for that (see https://kb.parallels.com/en/123661). Even better, you can handle this at the RDS collection level:

If you set the server to Negotiate, you have to explicitly use RDP as security layer into the Myrtille login screen; otherwise, if you leave it to AUTO, the server will negotiate NLA and reject empty usernames and passwords.

Support for login directly to windows with password empty and only username when NLA is enabled which is possible with windows RDP client.

mstsc might support this, but FreeRDP doesn't the last time I checked.

[yeswanthkumar97]

Thanks for the info. In plain windows 10 even after NLA is disabled, security layer is still "2" and I dont know much about local and domain policies hence used regedit. later will try via local group policy editor. Regarding login with empty password, as you mentioned it might be still unsupported in FreeRDP. will check regarding this in FreeRDP github page. I think my issue can be closed now. Thanks for helping me to understand and resolve my issue.