Securing Terminal Server Communications Between Client and Server

• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server

SUMMARY

This article describes how to enable secure communications between a Terminal Server client and a Windows 2000 server running Terminal Services.

MORE INFORMATION

Terminal Services supports three levels of encryption: low, medium, and high.

• Low Encryption (Default Level)
  
  This level secures the user logon information and data sent to the server, but not the data sent from the server to the client. This encryption level is recommended for use when the network is secure.



• Medium Encryption
  
  This level encrypts the data transmission in both directions. This encryption level is recommended for use when the network is not secure, and outside North America.
  
  NOTE: If you connect to a Windows 2000 server running Terminal Services set for Low or Medium encryption levels and use version 4.0 of the Terminal Server client, your data is encrypted using a 40-bit key. If you are using version 5 of the Terminal Server client, your data is encrypted with a 56 bit-key.



• High Encryption
  
  This level encrypts the data transmission in both directions using a 128-bit key. This encryption level is recommended for use when the network is not secure, and within North America.

Changing the Encryption-Level Setting

1. Click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.



2. Click Connections, and then double-click the connection for which you want to change the encryption level.



3. On the General tab, click the appropriate encryption level in the Encryption level box.



4. Click OK. The new level is used the next time a user logs on.

Additional query words:

Keywords : kbenv kbnetwork
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto