Secure Terminal Server RPC traffic

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To secure Terminal Server RPC traffic

  1. Open Group Policy.

  2. In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, Encryption, RPC Security Policy, double-click the Secure Server (Require Security) setting.

  3. Click Enabled, and then click OK.

    Important

    • You should thoroughly test any changes you make to Group Policy settings before applying them to users or computers. For more information on testing policy settings, see Resultant Set of Policy.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • The remote procedure call (RPC) interface is used for administering and configuring Terminal Services.

  • If the status of this setting is Enabled, the terminal server accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.

  • If the status of this setting is Disabled, the terminal server always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.

  • If the status of this setting is Not Configured, unsecured communication is allowed. This is the default.

  • Use the above procedure to configure the local Group Policy object. To change a policy for a domain or an organizational unit, you must log on to the primary domain controller as an Administrator. Then, you must invoke Group Policy through the Active Directory Users and Computers snap-in.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Configuring Terminal Services with Group Policy
Group Policy (pre-GPMC)
IPv6 protocol features
Default settings for services