Wednesday, November 15, 2017

How to prevent an RDS (Terminal Services) Server from prompting you for credentials before logging in.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer value from 1 to 0 does indeed allow the user to change their expired password on Windows Server 2012 R2. I also found that, as an alternative, leaving the SecurityLayer value set to 1 but changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MinEncryptionLevel value from 3 or 2 to 1 also allows the user to change their expired password.