HP ThinPro - Security Layers for RDP Connections

Configuring the server for NLA

1. On the server, edit Group Policy at the desired level.

Note:

This document shows examples at the Local level. Local group policy can be edited by launching the following

command: gpedit.msc

2. Navigate to the following location:

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services >

Remote Desktop Session Host > Security

3. For the policy Require use of specific security layer for remote (RDP) connections, select Enabled and SSL (TLS

1.0).

Note:

Because NLA is built upon SSL/TLS, we must choose SSL (TLS 1.0) here.

4. For the Policy Require user authentication for remote connections by using Network Level Authentication, select

Enabled.

Configuring the thin client (optional)

This step is redundant because the procedure described in Configuring the server for NLA enforces NLA on the server, but

this step helps ensure that the RDP security layer is not in use.

1. On the thin client running HP ThinPro, navigate to or create a new RDP connection.

2. On the Options page of the wizard, ensure that the option Enable deprecated RDP encryption

is not selected.