Chapter 8: Exam 70-298 Study Guide
Because an EMS and SAC console session does not require a logon name or pass-
word, administrators must make sure EMS is secured either physically or by
addressing security at the connecting terminal. The former sentence is a valid
Terminal Services allows one or more remote users to connect to a Windows
server running the Terminal Services service (in NT 4.0, you had to install a
special edition of NT called Terminal Service Edition) in order to run one or more
hosted applications. Even DOS users, using a DOS-based version of the Terminal
Services client, can connect to a Terminal Services GUI session. Terminal Services
uses RDP and supports encryption in Windows 2000 Server and later (if clients
are running the newer client versions as well).
There are frequent exam questions on Terminal Server security and settings (see
Terminal Services encryption can be set to three levels:
• High Level
• Low Level
• Client Compatible
High-Level encryption means that RDP communications will be protected by the
maximum encryption key size supported by the server. If clients cannot also
accept this key length, it will not be allowed to connect. Low-Level and Client-
Level encryption means that RDP communications will be protected by the
maximum key size supported by the client. In high-security scenarios, the admin-
istrator will want to ensure that the encryption level is set to High Level. Terminal
Services has dozens of other settings, some of which could impact security indi-
rectly. You should be familiar with all of the configuration choices available in
Group Policy for Terminal Services.
Older Terminal Services versions came with Terminal Services
Advanced Client Web Client, which could be activated through IIS.
Remote Desktop Web Client replaced it.
Figure 8-25. Terminal Service encryption and security settings