Best Practices for Administering Telnet
Updated: March 24, 2010
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
The following best practices are proven to improve security, increase availability, ensure trouble-free operations, or ease administration when you use them to administer Telnet:
Use only NTLM Authentication if your clients all support it
Using NTLM Authentication ensures that your user names and passwords are not sent over the network in plaintext. If all of your Telnet clients can support NTLM authentication, then configure them to use NTLM, and disable plaintext authentication on the Telnet server.
Allow users to disconnect before stopping the service
Before you stop the Telnet Server service or uninstall it, send a message to Telnet client sessions that you are about to stop the service. You can then stop the service after the users have had the opportunity to close their sessions.
For more information, see Send a Message to a Telnet Session.
Make sure that the client code page matches the code page of the UNIX terminal
If users will be connecting to Telnet Server from computers running an internationalized version of UNIX (such as a version capable of supporting European languages), ensure that the code page used by the command shell can display extended characters properly. To set the code page for all users when they log on, edit %systemroot%\system\login.cmd to add the chcp command to set the appropriate code page. For example, to support English and Western European UNIX, add the command chcp 1252.
For more information, see Configure the User's Session with Login.cmd.
For additional information about the standards that define Telnet, see the following Request for Comment (RFC) documents available at the Internet Engineering Task Force Web site (http://go.microsoft.com/fwlink/?linkid=121):
RFC 854: Telnet Protocol Specification
RFC 2839: Internet Kermit Service
RFC 2877: 5250 Telnet Enhancements
RFC 2941: Telnet Authentication Option
RFC 4248: The Telnet URI Scheme
RFC 4559: SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows