HOW TO: Secure Communication Between a Client and Server with Terminal Services

Article translations Article translations
Article ID: 306561 - View products that this article applies to.
This article was previously published under Q306561
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SUMMARY

This step-by-step article describes how to secure communications between a client computer and a server by using Windows 2000 Terminal Services.

Windows 2000 Terminal Services supports three levels of encryption: Low, Medium, and High. The default encryption level is Medium, which is likely to be appropriate for most networks. The encryption levels include:
  • Low: This level secures the user logon information and data that is sent to the server, but not the data that is sent from the server to the client. Microsoft recommends that you use this encryption level if the network is secure (for example, an intranet).
  • Medium: This level encrypts the data transmission in both directions. Microsoft recommends that you use this encryption level if the network is not secure and is located outside North America (because of 128-bit export restrictions). Note that if you connect to a Windows 2000-based server that runs Terminal Services set to Low or Medium encryption and you use version 4.0 of the Terminal Services client, your data is encrypted by using a 40-bit key. If you are using version 5.0 of the Terminal Services client, your data is encrypted by using a 56 bit-key.
  • High: This level encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America.

To Secure Communications

To modify the encryption setting:
  1. Click Start, point to Programs, point to Administrative Tools, point to Terminal Services Items, and then click Terminal Services Configuration.
  2. Start the Terminal Services Configuration snap-in in Microsoft Management Console (MMC).
  3. Click the Connections branch, and then double-click the connection whose encryption level you want to change.
  4. Click the General tab.
  5. In the Encryption level box, click the appropriate encryption level.
  6. Click OK.
NOTE: The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.

REFERENCES

For additional information about how to activate a License server, click the following article numbers to view the articles in the Microsoft Knowledge Base:
306622 HOW TO: Activate a License Server by Using Terminal Services Licensing in Windows 2000
306578 HOW TO: Deactivate or Reactivate a License Server Using Terminal Services Licensing
For additional information about how to connect a client computer to Terminal Services, click the following article numbers to view the articles in the Microsoft Knowledge Base:
306566 HOW TO: Connect Clients to Terminal Services By Using a Terminal Services Client in Windows 2000
306573 How to Connect Clients to Terminal Services by Using Client Connection Manager

Properties

Article ID: 306561 - Last Review: October 24, 2013 - Revision: 3.1
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
Keywords: 
kbnosurvey kbarchive kbhowtomaster KB306561

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com