How to configure terminal services on windows 2000

Follow these steps to set up Terminal Services on a bastion host:. The Windows Components dialog box is shown in Figure 4. Terminal Services can run in either remote administration mode or application server mode. To set up a dedicated application server with Terminal Services, separate licenses are needed. The remote administration feature is included in the Windows Server license.

In this case, I chose to configure the Terminal Services for remote administration as shown in Figure 4. The account is not needed for remote administration, and therefore I recommend removing this account from the bastion host. The next major task is to configure Terminal Services. RDP uses the RC4 cipher using bit, bit, and bit encryption keys to protect against eavesdropping on Terminal Services connections.

RDP supports three different methods of encryption:. Encrypts only input sent from the client to the server like username and password information. Do not use this setting on a bastion host. Encrypts all data sent between the server and the client using either a bit key Windows TS clients or a bit key older TS clients. Encrypts all data sent between the server and the client, using a bit key. The Windows High Encryption Pack must be installed on both clients and servers to get bit encryption.

Terminal Services can be configured to disconnect idle connections and to terminate broken sessions. Since the remote administration mode only allows two concurrent sessions, you must make sure that hanging or idle connections are disconnected as soon as possible.

I recommend the settings shown in Table 4. Just follow the clear directions, and you'll have a complete Terminal Services installation. Want more Win2K tips and tricks? Automatically sign up for our free Windows Server newsletter, delivered each Tuesday! Insert the Windows Server CD in the drive. Scroll to the bottom of the list and enable the Terminal Services check box. You can leave Terminal Services Licensing off for 90 days while you make sure your installation is working perfectly.

Click OK. Miss a column? Editor's Picks. Three levels of encryption are available:. Low encryption is used when security is not a large issue. It encrypts all data from the client to the server, ensuring that logon passwords are encrypted.

Medium encryption is used when general network security is required. Medium security encrypts data to and from the client using either bit for pre-Windows Terminal Services clients or bit for Windows Terminal Services clients. High encryption is used when security is very important. High encryption is available in all countries except those that have state-sponsored terrorism.

If Use Standard Windows Authentication is selected, Windows authentication is used even if another security provider is installed on the Windows terminal server. The Logon Settings property sheet allows you to configure logon settings for users connecting to your server.

You can have users provide their own logon in which case, upon connection, users will be prompted to log on , or you can provide a single account that all users will connect to the server with see Figure 6.

In that case, you will not be able to provide a password to the logon account; the user connection will have to do that manually. The Sessions property sheet allows you to set Terminal Services timeout and reconnection settings see Figure 6. There are four user states with respect to a terminal server and a client:. An active session is one in which the client is working and keyboard or mouse information is being transferred to the server.

An idle session is one in which no keyboard or mouse information is being transferred to the server. A disconnected session is one in which a user has exited the client software but has not logged off. The user can return to this session later as long as it is not terminated. Disconnected sessions take up resources on the server and, if the number of sessions is limited, may prevent other users from connecting. Terminated sessions are not sessions at all but are the absence of a session and the release of system resources formerly dedicated to a session.

Configure the server to accept logon information from the client or to always use the same logon account. RDP-Tcp Properties. Settings for what to do with disconnected sessions, active sessions, and idle sessions can be set for individual users as they are in the properties of a user's account. Here, these user settings can be overridden with server settings. If you change the End a Disconnected Session setting from Never to another value, when a session is disconnected, it must be reactivated within the time you specify or it will be terminated.

You can either choose a time frame from 1 minute to 2 days or type in your own using a number and the letter m for minutes, h for hours, and d for days. If you type in your own value, it cannot be greater than 49 days, 17 hours. If you change the Active Session Limit setting from Never to another value, a session can only remain active for the length of time you specify.