This step-by-step article describes how to secure communications between a client computer and a server by using Windows 2000 Terminal Services.
Windows 2000 Terminal Services supports three levels of encryption: Low, Medium, and High. The default encryption level is Medium, which is likely to be appropriate for most networks. The encryption levels include:
| • | Low: This level secures the user logon information and data that is sent to the server, but not the data that is sent from the server to the client. Microsoft recommends that you use this encryption level if the network is secure (for example, an intranet). |
| • | Medium: This level encrypts the data transmission in both directions. Microsoft recommends that you use this encryption level if the network is not secure and is located outside North America (because of 128-bit export restrictions). Note that if you connect to a Windows 2000-based server that runs Terminal Services set to Low or Medium encryption and you use version 4.0 of the Terminal Services client, your data is encrypted by using a 40-bit key. If you are using version 5.0 of the Terminal Services client, your data is encrypted by using a 56 bit-key. |
| • | High: This level encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America. |
Back to the top
To Secure Communications
To modify the encryption setting:
| 1. | Click Start, point to Programs, point to Administrative Tools, point to Terminal Services Items, and then click Terminal Services Configuration. |
| 2. | Start the Terminal Services Configuration snap-in in Microsoft Management Console (MMC). |
| 3. | Click the Connections branch, and then double-click the connection whose encryption level you want to change. |
| 4. | Click the General tab. |
| 5. | In the Encryption level box, click the appropriate encryption level. |
| 6. | Click OK. |
NOTE: The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.
Back to the top
For additional information about how to activate a License server, click the following article numbers to view the articles in the Microsoft Knowledge Base:
306622 (http://support.microsoft.com/kb/306622/EN-US/)
HOW TO: Activate a License Server by Using Terminal Services Licensing in Windows 2000
306578 (http://support.microsoft.com/kb/306578/EN-US/) HOW TO: Deactivate or Reactivate a License Server Using Terminal Services Licensing
For additional information about how to connect a client computer to Terminal Services, click the following article numbers to view the articles in the Microsoft Knowledge Base:
306566 (http://support.microsoft.com/kb/306566/EN-US/)
HOW TO: Connect Clients to Terminal Services By Using a Terminal Services Client in Windows 2000
306573 (http://support.microsoft.com/kb/306573/EN-US/) How to Connect Clients to Terminal Services by Using Client Connection Manager
Back to the top
Help and Support
