In Windows 2000, Telnet provides user support for the Telnet protocol, a part of the TCP/IP suite. Telnet is a remote access protocol that you can use to log on to a remote computer, network device, or private TCP/IP network. Telnet Server and Telnet Client work together to allow users to communicate with a remote computer. In Windows 2000, Telnet Server is installed as a service, simply named Telnet. The Telnet Server allows users of a Telnet client to log on to the computer running the Telnet Server and run character-mode applications on that computer. The Telnet Server acts as a gateway through which computers running the Telnet client can communicate with each other. The Telnet client allows users to connect to a remote computer and interact with that computer through a terminal window.
After this lesson, you will be able to
Estimated lesson time: 25 minutes
Windows 2000 Telnet Server allows users of a Telnet client to connect to the computer running the Telnet Server and use command-line commands on the computer as if they were sitting in front of it. Telnet clients can connect to a server, log on to that server, and run character-mode applications. The Telnet Server also acts as a gateway for Telnet clients to communicate with each other. A computer running the Telnet Server can support a maximum of 63 Telnet client computers at any given time.
Telnet Server Connection Licensing
Two Telnet Server connection licenses are provided with each installation of Windows 2000 Server. This limits Telnet service to two connecting Telnet clients at a time. If you need additional licenses, use Telnet Server from the Windows Services for UNIX add-on pack.
Telnet Authentication
You can use your local Windows 2000 user name and password or domain account information to access the Telnet server. The security scheme is integrated into Windows 2000 security. If you do not use the NTLM authentication option, the user name and password are sent to the Telnet server as plaintext.
If you are using NTLM authentication, the client uses the Windows 2000 security context for authentication and the user is not prompted for a user name and password. The user name and password are encrypted.
NOTE
If the User Must Change Password At Next Logon option is set for a user, the user cannot log on to the Telnet service when NTLM authentication is used. The user must log on to the server directly and change the password, and then log on through the Telnet client.
In a Windows 2000 Server default installation, the Telnet service is set to manual startup. You can use the Services snap-in or the Computer Management snap-in to start, stop, or configure the Telnet service for automatic startup. Figure 23.18 shows the Telnet Properties dialog box for the Telnet service.
Figure 23.18 Telnet Properties page showing the Startup type options for this server service
In the Computer Management snap-in, Telnet is a service located under the Services and Applications node. Select Services from the console tree, and then select Telnet from the list of services in the details pane.
You can also start or stop the Telnet service from a command prompt. To start Telnet Server, type net start tlntsvr or net start telnet at the command prompt, and then press Enter. To stop Telnet Server, type net stop tlntsvr or net stop telnet at the command prompt, and then press Enter.
You can use the Telnet Server Admin utility to start, stop, or get information about Telnet Server. You can also use it to get a list of current users, terminate a user's session, or change Telnet Server registry settings.
CAUTION
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, it is strongly recommended that you back up any valuable data on the computer.
To open the Telnet Server Admin utility, click the Telnet Administration Tool in the Administrative Tools program group or click Start, click Run, type tlntadmn and then click OK. If you cannot open the Telnet Server Admin utility, you may need to install the Administration Tools pack (Adminpak.msi).
The Table 23.1 lists the Telnet Server Administration utility options.
Table 23.2 Options for the Telnet Server Administration Utility.
Option | Name | Description |
---|---|---|
0 | Quit this application | Ends the Telnet Server Admin utility session. |
1 | List the current users | Gives a list of the current users, including the user name, domain, remote computer address, session ID, and log time. |
2 | Terminate a user session | Terminates a selected user's session. |
3 | Display/change | Provides a list of registry settings registry settings that you can change. See Table 23.2. |
4 | Start the service | Starts the Telnet Server service. |
5 | Stop the service | Stops the Telnet Server service. |
Registry changes made using the Telnet Server Admin utility modify settings stored in the following registry key on the Telnet server computer: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0. This registration location is shown in Figure 23.19.
Figure 23.19 Telnet Server registry settings that can be modified by using the Telnet Server Admin utility
Table 23.2 lists the Telnet Server registry settings that you can change.
Table 23.3 Telnet Server Registry Settings.
Option | Name | Description | Default Value |
---|---|---|---|
0 | Exit this menu | Exits this menu and returns to the original Telnet Server Administration utility options. | N/A |
1 | AllowTrustedDomain | Changes the current value of the trusted domain. | 1 |
2 | AltKeyMapping | Changes the current value. | 1 |
3 | DefaultDomain | Sets the default domain name. | . (A period means the current domain of the Telnet server.) |
4 | DefaultShell | Displays the path location for the shell installation. | %systemroot%\System32\Cmd.exe /q /k. The /q switch disables echo and the /k switch carries out a command but does not close the command window. |
5 | LogonScript | Displays the path location and name for the Telnet service global client login script file. By default, this file maps the Telnet client to their home directory if one is specified in the user's profile. | %systemroot%\System32\login.cmd |
6 | MaxFailedLogins | Displays the maximum number of failed attempts to log on before a connection is terminated. | 3 |
7 | NTLM | Displays the current number of allowed NTLM authenticated logons. | 2 |
8 | TelnetPort | Displays the default Telnet Server port. | 23 |
NOTE
The Termcap registry setting specifies the location of the Termcap (Terminal Capabilities) file, which is used by a number of terminal client utilities to determine how to move the cursor during a terminal session.
When you change the default domain account, the setting takes effect only after the Telnet service is restarted. You must be logged on as a member of the Administrators group to use the Telnet Server Administration utility.
Table 23.3 provides information about a few common problems you might encounter when running Telnet Server.
Table 23.4 Common Telnet Server Problems.
Error message | Cause | Solution |
---|---|---|
Invalid input | The entered value was not acceptable. | Review the range of the optional values and re-type your choice. |
Failed to open the registry key | The Telnet server must be running to open a registry key. This error indicates that it is not currently running. | Start Telnet service. |
Failed to query the registry value | The Telnet server must be running to query a registry value. This error indicates that it is not currently running. | Start Telnet service. |
You can use Microsoft Telnet Client to connect to a remote computer running the Telnet service or other Telnet server software. Once you have made this connection, you can communicate with the Telnet server. The type of session you conduct depends on how the Telnet software is configured. Communication, games, system administration, and local logon simulations are some typical uses of Telnet.
The Telnet client uses the Telnet protocol, part of the TCP/IP suite of protocols, to connect to a remote computer over a network. The Telnet client software allows a computer to connect to a remote server. You can use the Telnet client provided with Windows 2000 to connect to a remote computer, log on to the remote computer, and interact with it as if you were sitting in front of it.
Users of previous versions of Microsoft Telnet Client may notice a few changes in the version included with Windows 2000. The most obvious change is that Telnet Client is now a command-line application rather than a Windows application. As a command-line application, Telnet Client will seem very familiar to users of UNIX-based Telnet clients.
An important new feature found in Telnet Client is NTLM authentication support. Using this feature, a computer using Telnet Client can log on to a Windows 2000 computer running the Telnet service by using NTLM authentication.
NOTE
Telnet session logging is not supported in Microsoft Telnet Client.
To open Telnet, click Start, click Run, and then type telnet. You can also type telnet at the command prompt. To use Telnet, you must have the TCP/IP protocol installed and configured on your computer and you must have a user account established on a remote host.
To display help for Telnet, type help at the Microsoft Telnet command prompt. To connect to a site, type connect <computer_name> where <computer_name> is the IP address or host name of the computer running the Telnet service.
In this practice you configure the Telnet service to start on Server01. You then connect to the Telnet service from Server01 and verify the connection. Complete this practice from Server01.
NOTE
If you are running Server02, you may complete Exercise 2 from Server02.
In this exercise, you configure the Telnet service for automatic startup and then start the Telnet service.
The Services console appears.
The Telnet Properties (Local Computer) dialog box appears.
A Service Control status box appears briefly as the Telnet service starts.
In this exercise you connect to the Telnet service from the Microsoft Telnet Client. You may complete this procedure on either Server01 or Server02. Completing the procedure from Server02 provides remote access to Server01. However, for the purpose of training, running these commands from Server01 is adequate. If you complete this procedure from Server02, log on as Administrator before starting.
The Run dialog box appears.
The Microsoft Telnet command prompt appears.
A list of supported commands appears.
A Welcome to Microsoft Telnet Server message appears.
NOTE
You can use abbreviations for the commands you type. For example, o server01 is equivalent to open server01.
In this exercise you monitor the Telnet service for Telnet client connections and then disconnect the connected Telnet client using the Telnet Server Administrator.
The Run dialog box appears.
The Telnet Server Admin utility command window appears.
Statistics on the administrator user appear.
A message appears instructing you to type a user's session ID to terminate.
A list of command options reappear.
Notice that the connection with the host was lost.
You are returned to the Microsoft Telnet Client command window.
In this lesson you learned that the Telnet service and a Telnet client work together to allow users to communicate with a remote computer. The Windows 2000 Telnet service allows users of the Microsoft Telnet Client to connect remotely to the computer and use command-line applications on the computer as if they were sitting in front of it. You can use the Services snap-in, the Computer Management snap-in, or the command prompt to start or stop the Telnet service. In addition, you can use the Telnet Server Admin utility to start, stop, or get information about the Telnet service. You can also use it to get a list of current users, terminate a user's session, or change Telnet service registry settings. Telnet Client allows you to connect to a remote computer running Telnet server software. NTLM authentication is supported when a Telnet Client connects to the Telnet service. Telnet provides user support for the Telnet protocol, a remote access protocol you can use to log on to a remote computer, network device, or private network.