Network Level Authentication can be used to enhance RD Session Host server security by requiring that the user be authenticated to an RD Session Host server before a session is created.

Network Level Authentication is an authentication method that completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software. The advantages of Network Level Authentication are:

To use Network Level Authentication, you must meet the following requirements:

You can configure an RD Session Host server to only support connections from clients running Network Level Authentication. The Network Level Authentication setting for an RD Session Host server can be set in the following ways:

To determine whether a computer is running a version of Remote Desktop Connection that supports Network Level Authentication, start Remote Desktop Connection, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.

For more information about Network Level Authentication and Remote Desktop Services, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkID=138055).

For more information about Group Policy settings for Remote Desktop Services, see the Remote Desktop Services Technical Reference (http://go.microsoft.com/fwlink/?LinkId=138134).