How Telnet Works
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
In this section
All Windows versions include Telnet Client and Telnet Server components. Using Telnet Client and Server, you can create a remote command console session on a host. You can run command line programs, shell commands, and scripts in a remote command console session just as though you were locally logged on to the host and using a local command prompt window.
Windows Server 2003 Telnet Client and Server are well suited for troubleshooting and configuring remote computers, especially in mixed environments that require interoperability between different operating systems. For example, you can use Telnet Client to connect to a Telnet server that is running on another operating system such as UNIX. Likewise, you can use a Telnet client that is running on UNIX to connect to a computer running Telnet Server. Windows Server 2003 Telnet Client and Server are also ideal in situations where memory and processor resources are minimal on a client or host or where network bandwidth is limited. This is because computers running Telnet clients and servers use less memory and processor time than other remote management tools, and Telnet clients and servers transmit only plaintext (unencrypted characters) across the network.
Before using the Windows Server 2003 Telnet tools, you should consider the following:
Windows Server 2003 Telnet Client and Server are based on the Telnet protocol, which specifies a method for transmitting and receiving unencrypted ASCII characters (plaintext) across a network. Understanding how the protocol works, and how Telnet clients and servers use the Telnet protocol, helps you manage Telnet connections.
The Windows Server 2003 Telnet tools have several inherent limitations that affect the types of remote management tasks you can perform and the level of security that is in effect when you perform those tasks. Understanding these limitations helps you determine when and when not to use the Telnet tools.
You can configure Telnet Server settings by using the Windows Server 2003 Telnet administration tool (Tlntadmn.exe) and the registry editor (Regedit.exe). Although the default Telnet Server settings are sufficient for most Telnet client connections, you might need to change the default settings to better suit your organization. Examples of Telnet Server settings include: authentication type, default port assignment for Telnet connections, maximum number of client connections, and maximum number of failed logon attempts.
By default, members of the local administrators group can log on to a Telnet server. However, you might not want all Telnet users to have full administrative control of the host they log on to. In this case, you can use a Telnet clients group to grant users Telnet logon rights without granting them any administrative rights on the host. To configure these user rights from the graphical user interface, you must use the Active Directory Users and Groups snap-in or the Local Users and Groups snap-in. You can also use the Net User and Net Group commands to configure user rights from the command line.
You can configure several optional settings when you use Telnet Client to establish a Telnet session on a host. Depending on the type of Telnet server you are logging on to, and how the Telnet server is configured, you might need to enable or change some of these optional settings. Examples of Windows Server 2003 Telnet Client settings include: client-side logging, terminal type, port assignment, and alternate user name for logon.
You can manage active Telnet sessions on a host by using the Windows Server 2003 Telnet administration tool. Some of the administrative tasks you can perform include: terminating Telnet sessions, sending console messages to users with active Telnet sessions, and listing Telnet session information (for example, user name, logon time, idle time, and client IP address).
The information in this document refers to the Telnet Client and Telnet Server components that are installed by default with Windows Server 2003 and Windows XP Professional operating systems.
Most network operating systems provide a Telnet client and a Telnet server. Telnet clients and servers are small executable programs that allow a local computer (a client) to access services and programs on a remote computer (a host). Telnet clients and servers, including Windows Server 2003 Telnet Client and Telnet Server, are based on the Telnet protocol, which is a subset of the TCP/IP suite and is described in RFC 854. The Telnet protocol specifies two general mechanisms: how Telnet clients and servers establish a connection across a network and how they transmit and receive information across a network.
You usually run a Telnet client program on a local computer: for example, a workstation that you are logged on to. You usually run a Telnet server program on a remote computer: for example, a host you want to administer. Telnet client programs initiate connections with Telnet servers. Telnet servers run in the background on a host, listening for Telnet clients to request a connection.
Common Telnet Features
Because Telnet clients and servers are based on the same standard protocol, all Telnet clients and servers have several features in common. These common features are what make Telnet clients and servers well suited for performing remote administration tasks in environments that require interoperability among disparate operating systems. In short, the Telnet protocol makes it possible for you to connect a computer running Windows Server 2003 Telnet Client to a UNIX Telnet server. The key features that make this interoperability possible include the following:
Common communication protocols
All Telnet clients and servers use TCP/IP as the underlying communication protocol. This makes Telnet clients and servers particularly useful for remotely administering computers across the Internet or within wide area networks (WANs) that are connected to the Internet. If your network does not support TCP/IP, you will not be able to use a Telnet client or server.
Common communication ports
TCP port 23 is reserved for Telnet client and server communication. By default, most Telnet clients initiate communication on port 23, and most Telnet servers listen on port 23 for connection requests. You can change the default port assignments with some Telnet client and server software, such as Windows Server 2003 Telnet Client and Server, but port 23 is the universally accepted port for Telnet communication.
Common character set for communication
All Telnet clients and servers are capable of transmitting and receiving a predefined character set consisting of standard ASCII character codes and ASCII control codes. All Telnet clients and servers transmit the ASCII codes across a network in unencrypted form (plaintext).
Common implementation of the Network Virtual Terminal
All Telnet clients and servers implement a network virtual terminal (NVT). The NVT is responsible for translating operating system-specific instructions (keyboard codes or display codes) into a consistent set of codes that all Telnet clients and servers can transmit and receive. The NVT is what makes Telnet clients and servers capable of communicating with each other regardless of which operating system they are using.
Creating a Telnet Connection
To create a Telnet connection between a Telnet client and a Telnet server, you must do the following:
Start the Telnet Server program on the host. On Windows Server 2003, Telnet Server (Tlntsvr.exe) runs as a service. You can start the service manually every time you want to connect to a host, or you can configure the service so that it starts every time your computer starts. Telnet clients cannot connect to a host unless a Telnet server program (or service) is running and listening for connection requests.
Run the Telnet Client program on the local computer. When you run Windows Server 2003 Telnet Client (Telnet.exe), you must specify the host to which you want to connect. You can also configure several optional connection settings and features.
When you run a Telnet client, it makes a connection request to the host. If a Telnet server responds to the request, the Telnet client and server negotiate the details of the connection, such as flow control settings, window size, and terminal type. After the connection details are successfully negotiated, and logon credentials are validated, the Telnet server program creates a Telnet command console session.
On Windows Server 2003, each Telnet command console session consists of two processes: Tlntsess.exe and Cmd.exe. Tlntsess.exe is responsible for managing the Telnet session. Cmd.exe is the command interpreter, or shell program, that runs commands, programs, or scripts on the host.
Cmd.exe is the default command interpreter for a Windows Server 2003 Telnet command console session. However, you can configure the Windows Server 2003 Telnet Server program to use as a default any command interpreter or shell program that is installed on the host.
Running Programs Remotely Using a Telnet Connection
After you establish a Telnet connection with Telnet Server, the following message appears in the command prompt window on the client:
*= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Welcome to Microsoft Telnet Server. *= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
This message indicates that your credentials are valid and that you have an active Telnet session with Telnet Server. Assuming you have the appropriate administrative user rights, you can use this session to remotely run command-line programs, shell commands, and scripts on a host. Telnet client and server processes rely on the Telnet network virtual terminal (NVT) to translate operating system-specific keyboard and display codes to Telnet character codes that all Telnet clients and servers can understand.
Telnet connections have several limitations. You can address many of these limitations by changing Windows Server 2003 security and Group Policy settings, but the following limitation cannot be eliminated or modified.
You cannot run GUI tools over a Telnet connection
Telnet is a character-based communication protocol. It is not designed to transmit cursor movements or graphical user interface information. Because of this, you can only run command line programs, shell commands, scripts, and batch files over a Telnet connection. Some editing programs, such as vi and Edit, can be run over a Telnet connection; however, these interactive programs are not true GUI programs because cursor movement is controlled by the keyboard, not the mouse.
To find more information about the Telnet administration tool (Tlntadmn.exe) and Telnet commands, see “Command Line References” in the Tools and Settings Collection.