Part A: 


In RDP protocol there are 3 basic security modes: 1=RDP only, 2=SSL, 3=SSL+NLA.

To activate RDP NLA (3=SSL+NLA) authentication do following


1. Open "System Properties".


2. Check checkbox with "Network Level Authentication" (NLA) as on picture below in red box.


PS: if you run HTML5 client after enforcing that setting then first logon will fail despite of correct logon, so the HTML5 server gets enforced to change to NLA mode, but following logon tries should be accepted if logon and password were correctly. Alternatively you may restart HTML5 server to accept first logon try too.


Remember, that setting will enforce NLA authentication and exclude such RDP clients that do not support it. The NLA mode automatically enforces SSL mode since NLA can not work together with RDP security mode, so that is the highest security mode 3=SSL+NLA.


Part B:

The much better alternative opposite enforcing NLA mode is to enforce client compatibility mode, where the client decides which mode is the most preferable for connection. So this will allow most securest mode while being at same time most compatible with any client. To prefer client compatiblity mode instead NLA do following.


0. undo any changes regarding enforced NLA mode, also uncheck this option else following steps will have no effect.


1. execute as Administrator gpedit.msc


2. go to: Administrative Templates Windows > Components > Remote Desktop Services > Remote Desktop Session Host > Security > Require use of specific security layer for remote (RDP) connections > Enabled > Security Layer


3. Choose "Negotiate" and press "Apply"