Closed lazywinadmin closed 5 years ago
Posted on: 2014-05-16T20:36:33Z
Is there a way to modify this to pull the servername info from a txt file, then process this txt file to see if NLA is enabled? Then pipe the results (whether its enabled or not) into another txt file? Thanks.
Posted on: 2014-05-16T21:04:21Z
Hi Joel,
It's pretty easy, something like this should do it:
Output to a txt file
Get-NetworkLevelAuthentication -ComputerName (Get-Content d:\serverlist.txt) | Out-File d:\result.txt
Output to a csv file
Get-NetworkLevelAuthentication -ComputerName (Get-Content d:\serverlist.txt) | Export-Csv d:\result.csv
In this example, all your servers need to be listed in the serverlist.txt
Hope this help
Posted on: 2014-05-16T22:02:43Z
I believe this should work. Thanks for the quick response.
Posted on: 2014-05-16T22:08:38Z
No pb, let me know if you have other question.
note: I updated the blog post to add the example
Posted on: 2014-05-16T22:55:46Z
Have you seen this error message before (via powershell v3.0):
PS C:\powershell> . .\Get-Set-NetworkLevelAuthentication.ps1
At C:\powershell\Get-Set-NetworkLevelAuthentication.ps1:56 char:32
+ [Parameter(ValueFromPipeline)=]
+ ~
Missing ] at end of attribute or type literal.
At C:\powershell\Get-Set-NetworkLevelAuthentication.ps1:56 char:32
+ [Parameter(ValueFromPipeline)=]
+ ~
Parameter declarations are a comma-separated list of variable names with optional initializer expressions.
At C:\powershell\Get-Set-NetworkLevelAuthentication.ps1:56 char:32
+ [Parameter(ValueFromPipeline)=]
+ ~
Missing ')' in function parameter list.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : EndSquareBracketExpectedAtEndOfAttribute
Posted on: 2014-05-17T02:20:37Z
Hey Joel,
Interesting, never saw this message before.
Which version of PowerShell do you run ? ($psversiontable will tell you)
The functions requires at least version 3.
Give a try with the version available on github
Posted on: 2014-05-19T13:50:16Z
I've seemed to have success with just running the "Getting the NLA information" command. Any chance you can point me in the direction as to how to output the servername (or IP address) along with the result (whether it 0 = no, or 1 = yes (NLA enabled) )? Thanks.
$ComputerName = (Get-Content c:\powershell\serverlist.txt)
# Getting the NLA information
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired
Export-Csv c:\powershell\result.csv
Posted on: 2014-05-19T16:57:48Z
I guess you are running v2.
Anyway, you can do this way (I tested in v2)
Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName (Get-Content c:\powershell\serverlist.txt) -Filter "TerminalName='RDP-tcp'"| Select-Object __SERVER,@{name="NLAEnabled";Expression={$_.UserAuthenticationRequired -as [bool]}} | Export-Csv c:\powershell\result.csv
Posted on: 2014-07-28T12:57:07Z
Thanks for the article
what will be needed to "fix" the citrix side so you can't connect from it instead of disabling the NLA on the client side ?
Haim
Posted on: 2014-08-06T00:00:57Z
To pass credentials for non-domain member server:
$ComputerName = "servername"
$Credential = "servername\adminname"
# Getting the NLA information
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Credential $Credential -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired
However, now i get this message:
the connection cannot proceed because authentication is not enabled and the remote computer requires that authentication be enabled to connect
Posted on: 2014-08-06T22:05:17Z
Hey Haim, Sorry no idea... my citrix knowledge are $null :-)
Posted on: 2014-09-06T14:57:15Z
Hey RykeAbel,
Never tried that. Looks like this guys did some work with a WorkGroup box:
http://www.mcbsys.com/techb...
Hope this help
Posted on: 2014-09-25T16:03:50Z
See http://blogs.technet.com/b/... if you are getting Access Denied responses.
Posted on: 2015-01-12T10:32:43Z
how to use the remote option only me not other person allow in my system
Posted on: 2015-01-12T16:58:54Z
Hum... where is this setting ?
Posted on: 2015-06-04T16:09:45Z
Strange. Your answer to connecting to an NLA-enabled RDS is to disable NLA?
NLA is supposed to add security, so should remain on. However, it seems to have issues with allowing connections on reboot. It seems to be an issue when the "server" (e.g. Win 8.1 personal machine) is part of a domain, but is not connected to the domain when a client tries to login as a user in that domain. It fails the NLA authentication in that case.
However, if you first locally login to the "server" machine (which is not connected to a domain), then it authenticates against stored credentials and lets you locally login. After that initial local login, then remote clients can connect with that username. I guess it's slightly more secure if you have a local login before a remote login - but sort of defeats the purpose of RDC in the first place.
The problem with that workaround is that if the "server" machine then gets rebooted, the NLA errors occur again.
Posted on: 2015-10-09T20:47:56Z
In my case Clientless SSLVPN RDP Plug-in on our Cisco ASA 5510 running 8.4(3) did not support NLA so it had to be disabled. Attempting connect simply failed, no error was shown making this a difficult one to track down.
PowerShell - Get/Set the Network Level Authentication Remotely (RDP Setting)
https://lazywinadmin.com/2014/04/powershell-getset-network-level.html