Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. High Encryption on a Remote Desktop or Terminal Services Session Does Not Encrypt All Information

High Encryption on a Remote Desktop or Terminal Services Session Does Not Encrypt All Information

View products that this article applies to.

Summary

All the information that is passed from the client to the server in a Remote Desktop or Terminal Services session is not encrypted.

↑ Back to the top

More information

By default, Windows XP Remote Desktop and Windows Server 2003 Remote Desktop and Terminal Services use high (128-bit) encryption to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction. When you install the 128-bit High Encryption pack and use high encryption on a Windows 2000 Terminal Services computer, high (128-bit) encryption is used to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction.

The following types of data transmissions might not be encrypted:
  • Virtual Channels

    By default, information that is passed through a virtual channel is not encrypted, but the program that is using the virtual channel can request that information be encrypted. After you install Windows 2000 Service Pack 2 (SP2) or later, data on Virtual Channels is encrypted.
  • Initial Connection

    The RDP protocol sends initial packets to establish the connection to the server and negotiate the level of encryption. These packets are not encrypted, but they do not contain any sensitive information.
  • Server Certificate

    The public certificate that contains the server name and some other non-sensitive information is not encrypted.
  • Licensing Packets

    One of the licensing information packets is not encrypted and contains the following information:
    • Client computer name
    • Client user name
    • Client license information
    After you install Windows 2000 Service Pack 2 (SP2) or later, licensing information is encrypted. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
    295080 Terminal Server Client Licensing Information Is Not Encrypted in the Network Packets
  • Clipboard and Redirected Printing

    Clipboard and Redirected Printing use virtual channels and are always encrypted in both the client-to-server direction and the server-to-client direction in Windows 2000 SP2 and later.

    Important When you connect to a Terminal Services session by using a virtual private network (VPN) connection, the data stream is encrypted. Also, any connection that you make by using Internet Security Protocol (IPSec) encrypts all the RDP traffic.

↑ Back to the top

Keywords: kbinfo, kbtunneling, kbenv, kbnetwork, KB275727

↑ Back to the top

Article Info
Article ID : 275727
Revision : 7
Created on : 1/29/2007
Published on : 1/29/2007
Exists online : False
Views : 633