Microsoft KB Archive/306561

= HOW TO: Secure Communication Between a Client and Server with Terminal Services =

Article ID: 306561

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q306561



IN THIS TASK

 * SUMMARY
 * To Secure Communications
 * REFERENCES



SUMMARY
This step-by-step article describes how to secure communications between a client computer and a server by using Windows 2000 Terminal Services.

Windows 2000 Terminal Services supports three levels of encryption: Low, Medium, and High. The default encryption level is Medium, which is likely to be appropriate for most networks. The encryption levels include:
 * Low: This level secures the user logon information and data that is sent to the server, but not the data that is sent from the server to the client. Microsoft recommends that you use this encryption level if the network is secure (for example, an intranet).
 * Medium: This level encrypts the data transmission in both directions. Microsoft recommends that you use this encryption level if the network is not secure and is located outside North America (because of 128-bit export restrictions). Note that if you connect to a Windows 2000-based server that runs Terminal Services set to Low or Medium encryption and you use version 4.0 of the Terminal Services client, your data is encrypted by using a 40-bit key. If you are using version 5.0 of the Terminal Services client, your data is encrypted by using a 56 bit-key.
 * High: This level encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America.

back to the top

To Secure Communications
To modify the encryption setting:
 * 1) Click Start, point to Programs, point to Administrative Tools, point to Terminal Services Items, and then click Terminal Services Configuration.
 * 2) Start the Terminal Services Configuration snap-in in Microsoft Management Console (MMC).
 * 3) Click the Connections branch, and then double-click the connection whose encryption level you want to change.
 * 4) Click the General tab.
 * 5) In the Encryption level box, click the appropriate encryption level.
 * 6) Click OK.

NOTE: The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.

back to the top

