RDP entry authentication properties

On this page

The following properties can be configured when creating or editing the RDP entry. Most of the general properties require you to close the RDP entry completely, then reopen it to take effect.

RDP entry authentication properties
RDP entry authentication properties

Authentication

SETTINGS DESCRIPTION
Connect and don't warn me Automatically connects without any security warnings.
Do not connect Prevent the connection if authentication issues are detected.
Warn me Provide a warning if there are any concerns with the authentication but allows the option to proceed.
Default (Connect and don't warn me) Use the default setting to connect without warning.
Enable Network level authentication (NLA) Enable NLA, which enhances security by requiring authentication before establishing a remote desktop session.
Enable Entra ID SSO Enable Single Sign-On (SSO) with Entra ID credentials for a seamless login experience.

Transport security

Advanced transport security options are only supported with FreeRDP. If you wish to enforce NLA from the client, disable both TLS and RDP transport security options, which will leave NLA as the only option to negotiate. NLA always uses TLS, but TLS does not imply NLA.

SETTINGS DESCRIPTION
Enable Transport Layer Security (TLS) TLS security without Network Level Authentication (NLA).
NLA always uses TLS, but TLS does not imply NLA. Disabling this option does not disable TLS, but it disables TLS without NLA.
Enable Remote Desktop Protocol Security (RDP) Obsolete RDP transport security that predates the creation of TLS.
It is never recommended, especially since TLS in RDP has been supported since Windows Server 2003.

SSPI

Advanced SSPI settings are only supported with FreeRDP and the Microsoft RDP client in external mode on Windows. If you wish to enforce Kerberos usage from the client, set Authentication package to Kerberos.

SETTINGSDESCRIPTION
RD Gateway is KDC proxyIndicate that the RD Gateway serves as a Key Distribution Center (KDC) proxy for Kerberos authentication.
SSPI moduleSpecify the Security Support Provider Interface (SSPI) module to be used for authentication.
Authentication PackageDefine the authentication package used for verifying user credentials.

  • Negotiate: NTLM or Kerberos

  • NTLM: NTLM only (no Kerberos)

  • Kerberos: Kerberos only (no NTLM)

KDC Detection MethodDetermine the method for detecting the Key Distribution Center in Kerberos authentication scenarios.

  • Automatic: try detecting KDC server automatically using DNS SRV records or system configuration settings

  • Explicit: use explicitly configured KDC server information without automatic detection

KDC Server URL

Specify the URL of the KDC server to be used for Kerberos authentication, if applicable.

Example values:

  • tcp://IT-HELP-DC.ad.it-help.ninja:88

  • https://IT-HELP-DC.ad.it-help.ninja:443

Devolutions Forum logo Give us Feedback