A. Windows 2000 Server Terminal Services supports three levels of encryption: low, medium, and high. The default encryption is medium, which should be fine for most networks. Nevertheless, let's review all the levels:
|Low||This level secures the user logon information and data sent to the server, but not the data sent from the server to the client. Microsoft recommends that you use this encryption level when the network is secure (e.g., an intranet).|
|Medium||This level encrypts the data transmission in both directions. Microsoft recommends that you use this encryption level when the network isn't secure and resides outside of North America (because of 128-bit export restrictions). NOTE: If you connect to a Win2K server running Terminal Services set for Low or Medium encryption levels and use version 4.0 of the Terminal Services client, your data is encrypted using a 40-bit key. If you are using version 5.0 of the Terminal Services client, your data is encrypted with a 56 bit-key.|
|High||This level encrypts the data transmission in both directions using a 128-bit key. Microsoft recommends that you use this encryption level when the network isn't secure and resides within North America.|
To modify the encryption setting, perform the following steps:
- Start the Terminal Services Configuration MMC snap-in (Start, Programs, Administrative Tools, Terminal Services Configuration).
- Select the Connections branch and double-click the connection whose encryption level you want to change.
- Select the General tab.
- Select the appropriate encryption level from the Encryption level drop-down list.
Click here to view image
- Click OK.
The new encryption level takes effect the next time a user logs on. If you need multiple levels of encryption running on one server, install multiple network adapters and configure each one separately.