Enable Remote Desktop Support for NLA in Windows XP SP3

        Starting with Windows Vista and Windows Server 2008, the Remote Desktop Protocol (RDP) began to support Network Level Authentication (NLA). By enabling NLA, our RDP will be more robust. When the client performs RDP login, the login interface of the remote system will no longer be displayed first, and the correct login authentication must be obtained on the client before it can successfully log in to the system. desktop.
In this way, in addition to avoiding the leakage of some information, it also effectively prevents the malicious client from being exhausted. As shown in the following figure, we only need to enable "Only allow computer connections to remote desktops with network level authentication" in "Remote Settings"!
Once NLA is enabled on the server-side RDP service and the client is Windows Vista or above, we can log in directly via Remote Desktop, otherwise it will be as shown below, even if Windows is installed with the latest version of Remote Desktop. Remote Desktop Access on XP SP3 will still prompt an error. (PS: Don't panic and be busy notifying people to disable NLA locally.)
To verify that the current Remote Desktop Connection (RDC) supports NLA (network level authentication), we only need to open RDC and click on the top left corner. Click on the icon and we will be able to view the current RDC version and NLA information. Note: The current Remote Desktop Connection supports RDP 6.1.
In fact, enabling NLA support on Windows XP SP3 is not difficult. Just modify the registry, and then recommend that you back up the registry before performing the following steps.
Click "Start" - "Run", type regedit, navigate to "HKEY_LOCAL_MacHINESYSTEMCurrentControlSetControlLsa", double-click on the right form to open the "Security Packages" value, add "tspkg"
to "HKEY_LOCAL_MacHINESYSTEMCurrentControlSetControlSecurityProviders", in Double-click the form on the right to open the "SecurityProviders" value, add ", credssp.dll", pay special attention to a space after the British standard comma.
You need to restart your computer after modifying the registry. If you connect RDP before restarting your computer, the Remote Desktop "0x507" error will occur.
For security reasons, if you don't want others to know the operating system version of your current server, don't want others to see the patch installation progress before and after your startup, and the server is using the Windows Server 2008 operating system, it is highly recommended to enable NLA. Supported RDP.