Telnet Tools and Settings
In this section
Telnet Server tools and settings determine how Telnet Server handles auditing, authentication, idle session time-out, and other remote command console session options. Usually, you do not need to configure Telnet Server options to connect a Telnet client to Windows Server
Audit logon and logoff information.
Disable NTLM or password authentication, or change the default domain for authenticating unqualified user names (by default, the domain in which the machine account resides is used to authenticate unqualified user names).
Prohibit authentication of user accounts in trusted domains, which restricts Telnet access to users whose user accounts are stored only in the local Security Accounts Manager (SAM) database (by default, Telnet Server authenticates user accounts in trusted domains and the local SAM database).
Change the default shell, or command interpreter, that is used for Telnet sessions (Cmd.exe is the default shell).
Specify an IP address on which you want the Telnet Server program to listen for connection requests.
Change the mode of operation from console mode to stream mode.
Ensure that all programs started in a Telnet session terminate when you disconnect a Telnet session.
Change the TCP port on which Telnet Server listens for a connection (by default, Telnet servers listen on TCP port 23).
Change the maximum number of Telnet sessions that Telnet Server will accept (the default is 2).
Change the maximum number of logon attempts before a user is disconnected (the default is 3).
Disable idle session time-out, or change the idle session time-out value (the default is 1 hour).
Disable Alt key mapping (by default, pressing Ctrl-A simulates the Alt key).
The following tools are associated with Telnet Server.
Telnet.exe: Telnet Command Prompt
The Telnet command prompt tool is included with the Windows Server
Use this command on computers running Windows Server
Once all of the settings and options are configured, you can use Telnet.exe to initiate and conduct a Telnet session. You can create a Telnet connection, configure Telnet.exe options, and use all Telnet.exe features by using the Telnet command prompt. The Telnet command prompt is useful if you are performing quick maintenance tasks on several different hosts or you need to use advanced Telnet options and features.
You can access the Telnet command prompt by running the Telnet command without any command-line parameters. You can also access the Telnet command prompt by typing the Telnet escape character during an active Telnet session. The default escape character is Ctrl+].
After you start the Telnet command prompt, the following message appears:
Welcome to Microsoft Telnet Client Escape Character is 'Ctrl+]' Microsoft Telnet >
You can close the Telnet command prompt by using the Quit command.
Telnet.exe with command-line parameters
You can create a Telnet connection and configure some Telnet.exe options by using the Telnet command in conjunction with various command-line parameters. Using the Telnet command with command-line parameters is helpful if you are creating Telnet connections within a script or batch file or you do not need to use advanced Telnet client options and features. When you use Telnet with command-line parameters, you can use a single command to create a connection with a host. The command-line syntax for Telnet.exe is:
telnet [-a][-eescape_char][-flog_file][-luser_name][-tterm]host [port]
The command-line parameters are described in the following table.
Telnet.exe Command-Line Parameters
Instructs Telnet.exe to log on to the host using the credentials of the user who is currently logged on to the client.
Specifies an escape character, which displays the Telnet command prompt. The default escape character is Ctrl+].
Creates a client-side log file and turns on client-side logging for the current session. The log_file parameter must consist of a path and file name.
Instructs Telnet.exe to log on to the host using the user account that is specified in user_name. The user account specified in user_name must have Telnet logon rights on the host.
Specifies the terminal type. The default terminal type is ANSI. Other valid terminal types include VT52, VT100, and VTNT.
Specifies the host with which you want to create a Telnet connection. The host parameter can be a NetBIOS name, a fully qualified domain name, or an IP address.
Specifies the TCP port on which you want to create a Telnet connection. The default Telnet port is 23.
For example, the following command uses the credentials of the user who is currently logged on to the client to create a Telnet connection on port 23 with a host named server01:
Likewise, the following example creates the same Telnet connection and enables client-side logging to a log file named c:\telnet_logfile:
telnet -f c:\telnet_logfile server01
The connection with the host remains active until you exit the Telnet session (by using the Exit command), or you use the Telnet Server administration tool to terminate the Telnet session on the host.
Tlntadmn.exe: Telnet Administration
The Telnet administration command-line tool is included with the Windows Server
Run this command on computers running Windows Server
Tlntadmn.exe is a command-line tool, and is installed by default when you install Windows Server
For more information about Tlntadmn.exe, see “Telnet commands” in the Command Line References in the Tools and Settings Collection.
Telnet Registry Entries
The following registry entries are associated with Telnet.
You can configure most Windows Server
You must be a member of one of the following groups to use Regedit.exe: Administrators, Server Operators, and Power Users. You can use Regedit.exe to change registry settings on a local or a remote computer. However, only members of the Administrators group can use Regedit.exe to configure registry settings on a remote computer.
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.
The following registry entries are located under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\.
The AllowTrustedDomain entry is included in Windows Server
You can prevent the Telnet Server program from authenticating users on trusted domains by configuring this registry entry.
By default, the Telnet Server program authenticates user accounts in trusted domains and in the local SAM database. Preventing the Telnet Server program from authenticating user accounts in trusted domains restricts Telnet access to only those users whose user accounts are in the local SAM database. By default, the AllowTrustedDomain registry entry has a value of 1. To prevent Telnet Server from authenticating user accounts in trusted domains, you must set this registry entry to 0.
The DefaultShell entry is included in Windows Server
You can change the default shell, or command interpreter, that the Telnet Server program uses for a Telnet session by configuring this registry entry.
By default, Telnet Server runs all commands in the Windows Server
The ListenToSpecificIpAddr entry is included in Windows Server
You can configure the Telnet Server program so it listens for connection requests that are sent to a specific IP address. This is useful if a host has several network adapters, and you want to limit Telnet connections to only one of the network adapters. It is also useful if you have a firewall, and you want to filter Telnet traffic through the firewall to only a few IP addresses.
By default, this registry entry has the value INADDR_ANY, which instructs Telnet Server to listen for Telnet connection requests that are sent to all IP addresses assigned to the host. You can change the value of this registry entry to any IP address that is assigned to the host.