Unsolved
1 Rookie
•
91 Posts
0
328
NLA (Network Level Authentication)
Hi,
When a user has a some Log On To restrictions to limit the hosts he can log on to, the "client" computer must also be allowed. Because of NLA and because a pre-authentication is done on the client side.
So far, so good.
But there one exception : Thin-clients.
Our DELL-Wyse have NLA enabled. They are never listed in the "Log On To".
Yet, opening a Remote Desktop by a user who has hosts restriction is possible.
So, why connections form thin-clients are allowed ?
(On the hosts side, the GPO "Require user authentication for remote connections by using Network Level Authentication" is enabled. Logging from a Windows computer not part of the white list is not possible, as expected).