Configure authentication on the client by using Remote Desktop Connection

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure authentication on the client by using Remote Desktop Connection

Open Remote Desktop Connection.
Click Options.
On the Security tab, in the Authentication list, click the authentication option that you want. You can select from the following options:

No authentication. If you select this option, the server is not authenticated.
Attempt authentication. If you select this option, Transport Level Security (TLS) 1.0 is used to authenticate the terminal server, if TLS 1.0 is supported and correctly configured.
Require authentication. If you select this option, TLS is required to authenticate the server. If TLS is not supported or correctly configured, the connection fails. This option is only available for clients that are connecting to terminal servers running Windows Server 2003 Service Pack 1 (SP1).

Important

If you plan to use TLS authentication, you must configure clients and servers correctly to support this option. Clients must:
- Run Windows 2000 or Windows XP.
- Use the RDP 5.2 (Windows Server 2003) client. You can install this client from Windows Server 2003 terminal servers. For more information, see Remote Desktop Connection for Windows Server 2003 [5.2.3790] (https://go.microsoft.com/fwlink?/LinkID=41068).
- Trust the root of the server’s certificate.
For more information about client and server requirements and tasks for configuring Terminal Server to support TLS authentication, see Configuring authentication and encryption.

Note

Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
To open Remote Desktop Connection, click Start, point to Programs or All Programs, point to Accessories, point to Communications, and then click Remote Desktop Connection.
If you select Attempt authentication and the server certificate has expired or is not issued by a trusted root CA, or if the name of the certificate does not match the name of the client computer, you can choose to continue the connection without TLS server authentication. Other errors, however, will cause the connection to fail.
Support for TLS 1.0 authentication can also be enabled on client computers through configuration and distribution of an .rdp file. For more information, see Related Topics.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.