Article ID: 816594 - Last Review: December 3, 2007 - Revision: 4.4

HOW TO: Secure Communication Between a Client and Server with Terminal Services

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
For a Microsoft Windows 2000 version of this article, see 306561  (http://support.microsoft.com/kb/306561/EN-US/ ) .

On This Page

Expand all | Collapse all
Back to the top

IN THIS TASK

Back to the top

SUMMARY

This step-by-step article describes how to secure communications between a client computer and a server by using Windows Server 2003 Terminal Services.

Windows Server 2003 Terminal Services supports four levels of encryption: Low, Client Compatible, FIPS Compliant, and High. The following list describes what the encryption levels do:
  • Low: This level encrypts data sent from the client to the server using 56-bit encryption, helps secure the user logon information and data that is sent to the server, but does not encrypt the data that is sent from the server to the client. Microsoft recommends that you use this encryption level in an intranet environment.
  • Client Compatible: This level encrypts data sent between the client and the server at the maximum key strength that the client supports. Use this level when the terminal server runs in an environment that contains mixed or earlier-version clients.
  • FIPS Compliant: This level encrypts and decrypts data sent from a client to the server and from the server to a client with the Federal Information Processing Standard (FIPS) encryption algorithms by using the Microsoft cryptographic modules.
  • High: By default, Windows Server 2003 uses this level of encryption. High encryption encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America. Use this level when the terminal server runs in an environment that contains 128-bit clients only (such as Remote Desktop Connection clients). Clients that do not support this level of encryption cannot connect.
Back to the top

To Secure Communications

To modify the encryption setting:
  1. Click Start, point to Administrative Tools, and then click Terminal Services Configuration.
  2. In the left pane, click Connections, and then double-click the connection whose encryption level you want to change.
  3. Click General.
  4. In the Encryption level box, click the appropriate encryption level, and then click OK.
Note The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.


Back to the top

REFERENCES

For additional information about Terminal Services in Windows 2003, click the following article number to view the article in the Microsoft Knowledge Base:
814585  (http://support.microsoft.com/kb/814585/EN-US/ ) HOW TO: Connect Clients to Terminal Services in Windows Server 2003


814593  (http://support.microsoft.com/kb/814593/EN-US/ ) HOW TO: Deactivate or Reactivate a License Server By Using Terminal Services Licensing
Back to the top
APPLIES TO
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
  • Microsoft Windows Small Business Server 2003 Premium Edition
Back to the top
Keywords: 
kbhowto KB816594
Back to the top