289-Set client connection encryption level

Filled under:


Computer/User Node :
   MACHINE

Policy Path :
   Administrative Templates\Windows Components\Terminal Services\Encryption and Security

Supported on :
   At least Microsoft Windows XP Terminal Services

Help/Explain Text :
   Specifies whether to enforce an encryption level for all data sent between the client and the remote computer during a Terminal Services session. Important: If FIPS compliance has already been enabled by the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy, you cannot change the encryption level by using this Group Policy or by using Terminal Services Configuration. If the status is set to Enabled, encryption for all connections to the server is set to the level you specify. By default, encryption is set to High. The following encryption levels are available: FIPS Compliant: encrypts data sent from client to server and from server to client to meet the Federal Information Processing Standard 140-1 (FIPS 140-1), a security implementation designed for certifying cryptographic software. Use this level when Terminal Services connections require the highest degree of encryption. FIPS 140-1 validated software is required by the US Government and requested by other prominent institutions. High: encrypts data sent from client to server and from server to client by using strong 128-bit encryption. Use this level when the remote computer is running in an environment containing 128-bit clients only (such as Remote Desktop Connection clients). Clients that do not support this level of encryption cannot connect. Client Compatible: encrypts data sent from client to server and from server to client at the maximum key strength supported by the client. Use this level when the remote computer is running in an environment containing mixed or legacy clients. Low: encrypts data sent from the client to the server using 56-bit encryption. Note that data sent from the server to the client is not encrypted when Low is specified. If the status is set to Disabled or Not Configured, the encryption level is not enforced through Group Policy. However, administrators can set the encryption level on the server using the Terminal Services Configuration tool.

Registry Settings :
  HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MinEncryptionLevel

0 التعليقات:

Post a Comment

Subscribe to: Post Comments (Atom)