All the information that is passed from the client to the server in a Remote Desktop or Terminal Services session is not encrypted.
By default, Windows XP Remote Desktop and Windows Server 2003 Remote Desktop and Terminal Services use high (128-bit) encryption to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction. When you install the 128-bit High Encryption pack and use high encryption on a Windows 2000 Terminal Services computer, high (128-bit) encryption is used to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction.
The following types of data transmissions might not be encrypted:
- Virtual Channels
By default, information that is passed through a virtual channel is not encrypted, but the program that is using the virtual channel can request that information be encrypted.
After you install Windows 2000 Service Pack 2 (SP2) or later, data on Virtual Channels is encrypted.
- Initial Connection
The RDP protocol sends initial packets to establish the connection to the server and negotiate the level of encryption. These packets are not encrypted, but they do not contain any sensitive information.
- Server Certificate
The public certificate that contains the server name and some other non-sensitive information is not encrypted.
- Licensing Packets
One of the licensing information packets is not encrypted and contains the following information:
After you install Windows 2000 Service Pack 2 (SP2) or later, licensing information is encrypted.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
- Client computer name
- Client user name
- Client license information
Terminal Server Client Licensing Information Is Not Encrypted in the Network Packets
- Clipboard and Redirected Printing
Clipboard and Redirected Printing use virtual channels and are always encrypted in both the client-to-server direction and the server-to-client direction in Windows 2000 SP2 and later.
Important When you connect to a Terminal Services session by using a virtual private network (VPN) connection, the data stream is encrypted. Also, any connection that you make by using Internet Security Protocol (IPSec) encrypts all the RDP traffic.
Article ID: 275727 - Last Review: January 29, 2007 - Revision: 4.3
- Microsoft Windows Server 2003, 64-Bit Datacenter Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP 64-Bit Edition Version 2002
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows NT Server 4.0, Terminal Server Edition
|kbinfo kbtunneling kbenv kbnetwork KB275727|