1

Windows Server 2008 offers two options for Remote Desktop sessions:

  • Allow connections from users running any version of Remote Desktop
  • Allow connections only from users running Remote Desktop with Network Level authentication

The second option is recommended in the dialog, but even the help does not really explain the risk in choosing the first one.

Why is the second option recommended? Is there a known security hole that would allow attackers to get access to my server if the first option is chosen?

jscott
  • 24,204
  • 8
  • 77
  • 99
Adrian Grigore
  • 1,074
  • 3
  • 21
  • 33
  • possible duplicate of [Security risk in disabling Network Level Authentication on Terminal Server](http://serverfault.com/questions/272647/security-risk-in-disabling-network-level-authentication-on-terminal-server) – Shane Madden May 27 '11 at 15:05

1 Answers1

1

As long as you are all up to date and using RDP 6.1, you will probably not notice a difference, and should use the more secure option. It is more of a factor if you are using RDP from the outside since there are theoretical man-in-the-middle attack possible. The risk is not high, but it technically there.

http://support.microsoft.com/kb/952155

KCotreau
  • 3,361
  • 3
  • 19
  • 24