IN THIS TASK
Windows Server 2003 Terminal Services supports four levels of encryption: Low, Client Compatible, FIPS Compliant, and High. The following list describes what the encryption levels do:
- Low: This level encrypts data sent from the client to the server using 56-bit encryption, helps secure the user logon information and data that is sent to the server, but does not encrypt the data that is sent from the server to the client. Microsoft recommends that you use this encryption level in an intranet environment.
- Client Compatible: This level encrypts data sent between the client and the server at the maximum key strength that the client supports. Use this level when the terminal server runs in an environment that contains mixed or earlier-version clients.
- FIPS Compliant: This level encrypts and decrypts data sent from a client to the server and from the server to a client with the Federal Information Processing Standard (FIPS) encryption algorithms by using the Microsoft cryptographic modules.
- High: By default, Windows Server 2003 uses this level of encryption. High encryption encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America. Use this level when the terminal server runs in an environment that contains 128-bit clients only (such as Remote Desktop Connection clients). Clients that do not support this level of encryption cannot connect.
- Click Start, point to
Administrative Tools, and then click Terminal Services Configuration.
- In the left pane, click Connections, and then double-click the connection whose encryption level you want to change.
- Click General.
- In the Encryption level box, click the appropriate encryption level, and then click OK.
back to the top