HOW TO: Secure Communication Between a Client and Server with Terminal Services (306561)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
This article was previously published under Q306561

IN THIS TASK

SUMMARY

This step-by-step article describes how to secure communications between a client computer and a server by using Windows 2000 Terminal Services.

Windows 2000 Terminal Services supports three levels of encryption: Low, Medium, and High. The default encryption level is Medium, which is likely to be appropriate for most networks. The encryption levels include:
  • Low: This level secures the user logon information and data that is sent to the server, but not the data that is sent from the server to the client. Microsoft recommends that you use this encryption level if the network is secure (for example, an intranet).
  • Medium: This level encrypts the data transmission in both directions. Microsoft recommends that you use this encryption level if the network is not secure and is located outside North America (because of 128-bit export restrictions). Note that if you connect to a Windows 2000-based server that runs Terminal Services set to Low or Medium encryption and you use version 4.0 of the Terminal Services client, your data is encrypted by using a 40-bit key. If you are using version 5.0 of the Terminal Services client, your data is encrypted by using a 56 bit-key.
  • High: This level encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America.
back to the top

To Secure Communications

To modify the encryption setting:
  1. Click Start, point to Programs, point to Administrative Tools, point to Terminal Services Items, and then click Terminal Services Configuration.
  2. Start the Terminal Services Configuration snap-in in Microsoft Management Console (MMC).
  3. Click the Connections branch, and then double-click the connection whose encryption level you want to change.
  4. Click the General tab.
  5. In the Encryption level box, click the appropriate encryption level.
  6. Click OK.
NOTE: The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.

back to the top

REFERENCES

For additional information about how to activate a License server, click the following article numbers to view the articles in the Microsoft Knowledge Base:

306622 HOW TO: Activate a License Server by Using Terminal Services Licensing in Windows 2000

306578 HOW TO: Deactivate or Reactivate a License Server Using Terminal Services Licensing

For additional information about how to connect a client computer to Terminal Services, click the following article numbers to view the articles in the Microsoft Knowledge Base:

306566 HOW TO: Connect Clients to Terminal Services By Using a Terminal Services Client in Windows 2000

306573 How to Connect Clients to Terminal Services by Using Client Connection Manager

back to the top
Modification Type:MajorLast Reviewed:9/22/2003
Keywords:kbHOWTOmaster KB306561 kbAudITPro
©2003 Microsoft Corporation. All rights reserved.