Configure Telnet Server Authentication

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista

Authentication is the means by which a user is identified and authorized. The Telnet Server service supports two methods of authentication: NTLM and plaintext.

Two types of computers must use plaintext authentication:

  • A Windows-based Telnet client that is not configured to use NTLM by choice

  • A UNIX Telnet client that does not have support for NTLM authentication

In the plaintext method, the user name and password are sent as plaintext for authentication by the server.

Important

Microsoft recommends that you choose NTLM authentication and disable plaintext authentication when all of your clients can be configured to use NTLM. Using plaintext authentication is a security risk, because it exposes your passwords to the network. Enable plaintext authentication only if you must allow connections by clients that cannot use NTLM.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To configure the types of authentication allowed by Telnet Server

  1. Start a command prompt as an administrator. Right-click a command prompt shortcut, and then click Run as administrator.

  2. At the command prompt, type the following command:

    tlntadmn config sec [{+|-}ntlm] [{+|-}passwd]

    • ntlm is the parameter used to turn on or off support for NTLM authentication

    • passwd is the parameter used to turn on or off support for password, or plaintext authentication

    In front of each authentication type, include + if you want that type of authentication allowed, or include - if you want that type of authentication blocked. If you only include one authentication type with its + or - in the command, then the status of other authentication type is not changed.

Formatting Legend

Format Meaning

Bold

Elements that the user must type exactly as shown

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Additional considerations

  • If you connect to a computer running Telnet Server by using NTLM authentication, you cannot automatically access additional network resources because of a limitation of NTLM authentication. In order to access network resources during a Telnet session, you need to access network drives by providing your domain user name and password again.

  • If the user account you use to log on to the Telnet server is a member of the local Administrators group, you might not be able to use your administrator privileges. For more information, see Configure Telnet Server to Allow Administrator Access by using Password Authentication.

See Also

Concepts

Enable the Telnet Server Service
Grant Access to a Telnet Server
Configure Telnet Server to Allow Administrator Access by using Password Authentication
Configure the Command Interpreter Used by the Telnet Server
Configure the TCP Port Number Used by Telnet Server
Configure Idle Session Timeouts for Telnet Sessions
Configure the Number of Simultaneous Sessions Supported
Configure the Domain Used for User Name Authentication