Securing Terminal Server Communications Between Client and Server (232514)

MORE INFORMATION

Terminal Services supports three levels of encryption: low, medium, and high.

• Low Encryption
  
  This level secures the user logon information and data sent to the server, but not the data sent from the server to the client. This encryption level is recommended for use when the network is secure.
• Medium Encryption (Default Level)
  
  This level encrypts the data transmission in both directions. This encryption level is recommended for use when the network is not secure, and outside North America.
  
  NOTE: If you connect to a Windows 2000 server running Terminal Services set for Low or Medium encryption levels and use version 4.0 of the Terminal Server client, your data is encrypted using a 40-bit key. If you are using version 5 of the Terminal Server client, your data is encrypted with a 56 bit-key.
• High Encryption
  
  This level encrypts the data transmission in both directions using a 128-bit key. This encryption level is recommended for use when the network is not secure, and within North America.

Changing the Encryption-Level Setting

1. From the toolbar click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.
2. Click Connections, and then double-click the connection for which you want to change the encryption level.
3. On the General tab, click the appropriate encryption level in the Encryption level box.
4. Click OK. The new level is used the next time a user logs on.

Note that you can have multiple levels of encryption running on one server, but to do so you must install multiple network adapters and configure each one separately.

NOTE: In NLB and WLBS each host in the cluster uses the same MAC address. This is not allowed in a Token Ring environment.