Microsoft KB Archive/232514

= Securing Terminal Server Communications Between Client and Server =

Article ID: 232514

Article Last Modified on 2/23/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q232514



SUMMARY
This article describes how to enable secure communications between a Terminal Server client and a Windows 2000 server running Terminal Services.



MORE INFORMATION
Terminal Services supports three levels of encryption: low, medium, and high.
 * Low Encryption

This level secures the user logon information and data sent to the server, but not the data sent from the server to the client. This encryption level is recommended for use when the network is secure.
 * Medium Encryption (Default Level)

This level encrypts the data transmission in both directions. This encryption level is recommended for use when the network is not secure, and outside North America.

NOTE: If you connect to a Windows 2000 server running Terminal Services set for Low or Medium encryption levels and use version 4.0 of the Terminal Server client, your data is encrypted using a 40-bit key. If you are using version 5 of the Terminal Server client, your data is encrypted with a 56 bit-key.
 * High Encryption

This level encrypts the data transmission in both directions using a 128-bit key. This encryption level is recommended for use when the network is not secure, and within North America.

Changing the Encryption-Level Setting

 * 1) From the toolbar click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.
 * 2) Click Connections, and then double-click the connection for which you want to change the encryption level.
 * 3) On the General tab, click the appropriate encryption level in the Encryption level box.
 * 4) Click OK. The new level is used the next time a user logs on.

Note that you can have multiple levels of encryption running on one server, but to do so you must install multiple network adapters and configure each one separately.

NOTE: In NLB and WLBS each host in the cluster uses the same MAC address. This is not allowed in a Token Ring environment.

Keywords: kbenv kbhowto kbnetwork KB232514

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.