Control Which Environment Variables Can Be Viewed by a Telnet Server

Updated: March 24, 2010

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista

A Telnet server, as part of its normal operation, can query the Telnet clients that connect to it. For example, the Telnet server can ask a client the contents of an environment variable. This behavior is required for proper Telnet server and Telnet client operation.

However, for security purposes, the list of variables that the client can return to the server must be limited to those actually required by the Telnet service. RFC 1572 defines the following list of "well-known" variables that are transmitted by the Microsoft Telnet Client: SYSTEMTYPE, ACCT, JOB, PRINTER, DISPLAY, and USER. The Telnet Client service can also transmit the variables SFUTLNTVER and SFUTLNTMODE.

By default, if the Telnet server requests any environment variable other than those included in that list, the Telnet client responds with the value undefined, even if they do exist on the client computer. This is a security feature to prevent a malicious Telnet server from learning more about the client than is absolutely necessary to allow Telnet to run.

Some applications might require the definition of, and allow the transmission of, other defined environment variables. To allow Telnet to transmit an environment variable that is not on the default list, you must modify a Registry setting by using the procedure described here.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

CautionCaution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

  1. Open Registry Editor. Click Start, and then type regedit in the Start Search box.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. In the navigation pane, open HKEY_LOCAL_MACHINE\Software\Microsoft.

  4. If the key TelnetClient does not exist, then create it. To do so, right-click Microsoft, then click New, and then click Key.

  5. Type TelnetClient as the name of the new key.

  6. Right-click TelnetClient, click New, and then click Multi-String Value.

  7. Type AllowedEnvVariables as the name of the new entry.

  8. In the details pane, double-click the new AllowedEnvVariables name.

  9. In the Edit Multi-String dialog box, type the names of the environment variables that the Telnet server must be able to query on this client. Type each variable name on a new line.

  10. Click OK to save your completed list.

  • This registry entry only works when created in the HKEY_LOCAL_MACHINE branch of the registry. Creating it in the HKEY_CURRENT_USER branch has no effect.

See Also

Community Additions

ADD
Show: