NLA with User Login, Solution with RD webaccess console

The thought behind NLA (Network level authentication) is don’t let users that are not authenticated to the logon screen. Those unauthenticated users could conduct a DOS attack just by consuming resources this way. When you check the box “User must change password at next logon” you are basically saying that the users have to change their password before they can login, you already know that upon doing so locally a dialog pops up prompting you to change your password and you cannot login until you do so. Because NLA Requires you to be completely authenticated before even attempting to actually open remote desktop, this would have to be where the problem is. That is the reason it is not allowing user’s that has to change the password while first login or the users having password expired to get even login screen.

However, there is something for password expired users, who can change it through RD webaccess console, but unfortunately nothing for Users with change password at first login.

Solution for users that has password expired through RD web access:
http://social.technet.microsoft.com/wiki/contents/articles/10755.enabling-the-rd-webaccess-expired-password-reset-option-in-windows-server-2012.aspx
http://microsoftplatform.blogspot.com/2012/11/password-change-option-also-available.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s