XP security

[IB....@web.de]

The windows 2000 terminal server client coud be configured with a 128-bit
encryption of the rdp protocol data stream.

I can't find any settings inside the XP Professional remote desktop
settings. Is it real, that XP doesn't have any rdp data stream encryption?

I have not found anything about this in the web. Who knows something about
this?

Thanks a lot for all answers

Norbert Jung

[Dave Hart]

In the Local GPO, there is a setting called:

SET CLIENT CONNECTION ENCRYPTION LEVEL

From reading this description, the default is to have the
encryption set to high. So an XP client is 128 Bit by
default.

Directs Terminal Services to enforce the specified
encryption level for all data sent between the client and
the server during Terminal Services connections.

If you enable this setting, encryption is set to the level
you specify (Client Compatible or High) for all
connections to the server. By default, Encryption is set
at the Client Compatible level.

The Client Compatible level encrypts data sent between the
client and the server at the maximum key strength
supported by the client. Use this level when the terminal
server is running in an environment containing mixed or
legacy clients.

The High level encrypts data sent from client to server
and from server to client by using strong 128-bit
encryption. Use this level when the terminal server is
running in an environment containing 128-bit clients only
(such as Windows XP clients). Clients that do not support
this level of encryption cannot connect.

If you disable this setting or do not configure it, the
encryption level is not enforced. However, administrators
can set the encryption level at the server using the
Terminal Services Configuration tool.