Going off memory, security will simply revert to WinXP-level. Like SSH without doing host key verification.
I believe NLA is just doing mutual TLS. Most Windows boxes will create a self-signed certificate if one doesn't exist. You may have to perform this step manually on *nix clients. If you install real certs everywhere it usually works wonderfully. If you are not worried about MITM it's not a huge deal. You shouldn't be exposing RDP to the internet. If you're tunneling it through SSH, verification won't work anyway since the hostnames won't match. Regards Lloyd [email protected] wrote: > I do not know how dangerous it is to proceed with no NLA, probably it > is better to have it active (??). So I want to ask if somebody knows what > can be wrong or what can be done to mitigate the issue.
