Rob's Blog

So it’s been a while since I had to use Windows XP and for security I’ve made sure that all my servers (Windows 2008 and R2, naturally) are "more secure" by only allowing computers that support Network Level Authentication to connect. Unfortunately I recently had to use a machine that was locked to Windows XP, which kind of scuppered me when I needed to do some remote administration in a hurry. Luckily, I remembered that Windows XP does support NLA – you just need to know how to configure it.

Fortunately, it’s really easy, although Microsoft haven’t exactly made it easy to find the solution. First up, you need to be running the Remote Desktop Connection client 6.1. This comes with Windows XP SP3, or as a separate download for Windows XP SP2. Great! Now, the fun part – registry hacks!

There are two you need to do. The first one is the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Navigate to here and find the string value for Security Packages. Right-click and modify and, at the end, add a new line called tspkg. Great! You’re halfway there.

Next up, find the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders. This time, find the string value SecurityProviders and modify it again to add the line credssp.dll. Perfect!

Reboot and try to connect to your Vista, Windows 7, Server 2008 or 2008 R2 desktop again and it should work without a hitch. Simple, but a royal pain to find any info about!