Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 thoughts on “Changing the Remote Desktop Security Layer

  • Digin Dominic

    A simple and effective solution for the warning “You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support.”

    I made a VBscript which solved the problem which is executed after user Log on. To know how to make a Scheduled Task go here -> https://superuser.com/questions/15596/automatically-run-a-script-when-i-log-on-to-windows

    [This script is executed once the user has changed the password and to remove the warning in his next login]

    Things to do.

    1. You are on the Windows server 2016/2012 and logged in.
    2. Tick “User must change password at next login”.
    3. Open Regedit and set the following value to ‘0’,
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer
    4. Open a notepad and create a script.vbs file(The icon of the file will change from text file to vbs script) and paste the following code.


    //copy from next line
    Set objShell = WScript.CreateObject("WScript.Shell")
    If WScript.Arguments.Length = 0 Then
    Set ObjShell = CreateObject("Shell.Application")
    ObjShell.ShellExecute "wscript.exe" _
    , """" & WScript.ScriptFullName & """ RunAsAdministrator", , "runas", 1
    WScript.Quit
    End if
    Set WshShell = CreateObject("WScript.Shell")
    myKey = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer"
    WshShell.RegWrite myKey,2,"REG_DWORD"
    //copy till above line end

    5. Create a Windows after Log on Task which should be executed after the user has changed the password and logged in for the first time to the server.

    6. Set the script path to the After Log on task and don’t forget to set Name, Trigger & Action in the Scheduled task settings.

    7.Reboot PC.

    8. Connect the server with IP and a window screen will pop up ‘without’ the warning “You must change your password before logging on the first time.Please update your password or contact your system administrator or technical support.”

    9. Enter default login credentials and set up new password and login to the server within that window.

    10.Now the script will automatically execute and set the Security Layer value to 2 in the registry.

    11. Reboot the server.

    12. Connect to the server with IP and you will be asked to enter your username and password without the window session.

    13. You should be logged on to your server now after successful authentication.