IN THIS TASK
This step-by-step article describes how to secure communications
between a client computer and a server by using Windows Server 2003 Terminal
Windows Server 2003 Terminal Services supports four levels
of encryption: Low, Client Compatible, FIPS Compliant, and High. The following
list describes what the encryption levels do:
- Low: This level encrypts data sent from the client to the server
using 56-bit encryption, helps secure the user logon information and data that
is sent to the server, but does not encrypt the data that is sent from the
server to the client. Microsoft recommends that you use this encryption level
in an intranet environment.
- Client Compatible: This level encrypts data sent between the client and the server
at the maximum key strength that the client supports. Use this level when the
terminal server runs in an environment that contains mixed or earlier-version
- FIPS Compliant: This level encrypts and decrypts data sent from a client to the
server and from the server to a client with the Federal Information Processing
Standard (FIPS) encryption algorithms by using the Microsoft cryptographic
- High: By default, Windows Server 2003 uses this level of encryption.
High encryption encrypts the data transmission in both directions by using a
128-bit key. Microsoft recommends that you use this encryption level if the
network is not secure and is located in North America. Use this level when the
terminal server runs in an environment that contains 128-bit clients only (such
as Remote Desktop Connection clients). Clients that do not support this level
of encryption cannot connect.
To Secure Communications
To modify the encryption setting:
- Click Start, point to
Administrative Tools, and then click Terminal Services
- In the left pane, click Connections, and
then double-click the connection whose encryption level you want to
- Click General.
- In the Encryption level box, click the
appropriate encryption level, and then click OK.
The new encryption level takes effect the next time a user logs
on. If you require multiple levels of encryption on one server, install
multiple network adapters and configure each adapter
For additional information about Terminal Services in Windows 2003, click the
following article number to view the article in the Microsoft Knowledge Base:
HOW TO: Connect Clients to Terminal Services in Windows Server 2003
HOW TO: Deactivate or Reactivate a License Server By Using Terminal Services Licensing