$LabMice.net - The Windows 2000\XP\.NET Resource Index$
Home \| About Us \| Search	Last Updated December 10, 2003

Administration
Batch Files
Command Line
Env Variable
Logon & Auth
Logon Scripts
MMC
Password Mgmt
Run As
Scheduling Service
Services
Telnet
Time Synch

Telnet

Windows 2000 Telnet Client uses the Telnet Protocol, part of the TCP/IP suite of protocols, to connect to a remote computer over a network. The Telnet client software allows a computer to connect to a remote server. You can use the Telnet client provided with Windows 2000 to connect to a remote computer, log on to the remote computer, and interact with it as if you were sitting in front of it. Windows 2000 Telnet Client is now a command-line application rather than a Windows Application. To use a GUI-based Telnet client on a Windows 2000-based computer, obtain a copy of the Telnet.exe file from a Windows NT 4.0-based computer, rename it to Telnet32.exe, and then copy it to the Windows 2000-based computer. Telnet.exe is located in the C:\Winnt\System32 folder.

Where to Start...

Description of the Telnet Client in Windows 2000
Microsoft Knowledge Base Article: 253918 - This article describes the differences between the Windows 2000 Telnet client and the Microsoft Windows NT version 4.0 Telnet client.

Description of the Telnet Server Service Administration Tool
Microsoft Knowledge Base Article: 225233 - Certain versions of Windows 2000 include a Telnet Server service for remote administration. Telnet is a service that allows a Telnet client to connect across a network and access a command session. This is similar to the way UNIX allows incoming shell connections.

HOW TO: Enable Telnet Server in Windows 2000 Server
Microsoft Knowledge Base Article: 299942 - This step-by-step guide describes how to enable the Telnet service in Windows 2000.

Telnet Servers/Daemons for Windows NT
Microsoft Knowledge Base Article: 149255 - The following vendors have developed or are developing Telnet servers/daemons for Windows NT. This list is not exhaustive.

The TELNET Protocol
Microsoft Knowledge Base Article: 231866 - Telnet offers users the capability of running programs remotely and facilitates remote administration. Telnet is available for practically all operating systems and eases integration in heterogeneous networking environments.

The Telnet Protocol
Provides a technical overview of Telnet with specific information regarding remote login and Remote Virtual Terminal (RVT). Also includes a list of Telnet commands and several reference sites.

Windows 2000 Telnet Security Rollup
Microsoft Knowledge Base Article: 300855 - Microsoft has released a rollup package for the Windows 2000 Telnet service that corrects the problems that are described in the following Microsoft Knowledge Base articles:

Useful Articles...

Creating a Local Group Can Restrict Other Users from Gaining Access to a Windows 2000-Based Computer Through Telnet
Microsoft Knowledge Base Article: 250908 - This article explains how to restrict users from gaining access to a Microsoft Windows 2000-based computer through telnet.

Cross-Platform Remote NT Administration
The site administrators typically control or manage remote systems with Telnet sessions, applications that run on X terminals, mechanisms such as NIS/NIS+, or tools such as Network Shell. We describe how to use Telnet Server on NT and Net commands, the Remote Shell service from the Web Administrator for NT Server 4.0, and the third-party Network Shell tool. Source: Windows & .NET Magazine (Aug 1999)

Description of the Registry Entries for the Telnet Server Service
Microsoft Knowledge Base Article: 226107 - This article describes the registry entries associated with the Windows 2000 Telnet Server service.

How to Configure Windows 2000 Telnet Service to Not Require NTLM
Microsoft Knowledge Base Article: 233069 - By default, the Telnet service supplied with Windows 2000 requires NTLM authentication. However, if Windows 2000 is configured to use Kerberos as its default authentication method, then Telnet users are not able to obtain access to domain/A

How to Change the Telnet Server Banner and Run Programs for All Users
Microsoft Knowledge Base Article: 245095 - You can change your Telnet server to display a banner and run programs upon logon for all users by modifying the Login.cmd file. You can modify this file to run other programs (such as a different shell). The commands in the Login.cmd file

HOW TO: Restrict Users from Gaining Access to a Domain Controller by Using Telnet
Microsoft Knowledge Base Article: 292536 - This article explains how to restrict users from gaining access to a Windows 2000-based domain controller when they use the Telnet service.

Stupid Telnet Tricks
A little more than a year ago, while I was researching Windows NT-UNIX interoperability, I stumbled across an NT product that lets you Telnet into an NT system and establish a character-mode, command-line session. Of course, solving these problems often means using NT in ways it was never designed for in the first place--such as using an NT Telnet server product to let non-PC devices run character-mode DOS applications and access network-based resources. Source: Windows & .NET Magazine (Feb 1997)

Taking the Telnet Way
Telnet server speeds up remote administration. Source: Windows & .NET Magazine (Summer 1999)

Troubleshooting: Known Bugs and Issues..

Handle Leak in Telnet Service Causes a Denial-of-Service Vulnerability
Microsoft Knowledge Base Article: 300905 - A denial-of-service vulnerability exists in the Windows 2000 Telnet service because of a handle leak when a Telnet session is terminated in a certain way. By repeatedly starting sessions and then terminating them, an attacker could deplete the supply of handles on the server to the point where it could no longer perform useful work.

Interactive Performance of Telnet Server is Slow
Microsoft Knowledge Base Article: 244681 - When you use the Telnet client program to connect to a Telnet server running Microsoft Windows 2000 Server in VTNT terminal emulation mode, you may experience slow server performance.

Logon Command That Contains a Particular Malformation Causes an Access Violation in the Telnet Service
Microsoft Knowledge Base Article: 299553 - A denial-of-service vulnerability exists in the Windows 2000 Telnet service that is caused by the manner in which Telnet handles a logon command that contains a particular deformity. If an attacker entered such a command, it would cause the Telnet service to stop working. The administrator could restore normal service by restarting the Telnet session.

Predictable Named Pipes Could Enable Privilege Elevation with Telnet
Microsoft Knowledge Base Article: 287912 - Two privilege-elevation vulnerabilities exist in the Windows 2000 Telnet service that could enable an attacker to gain full control over an affected server, and enable the attacker to take any action on the server.

Program Running with Normal Privileges Can Terminate a Telnet Session
Microsoft Knowledge Base Article: 300908 - A denial-of-service vulnerability exists in the Windows 2000 Telnet service because even though the management console for the Telnet service requires administrative privileges, some of the underlying system calls do not. In particular, a program that is running with normal privileges could make system calls to terminate a Telnet session. If an attacker had the ability to load and run a program on a Telnet server, the attacker could terminate any Telnet session.

Removing Services for UNIX Version (SFU) 1.0 Also Removes Telnet Server Service
Microsoft Knowledge Base Article: 250879 - When you remove Services for UNIX Version 1.0, the Telnet Server service is also removed.

Telnet Service Allows Logging On to Domain Guest Account
Microsoft Knowledge Base Article: 300901 - An information-disclosure vulnerability exists in the Windows 2000 Telnet service that can make it easier for an attacker to exploit an incorrectly configured network. It would not give an attacker a way to do anything that the attacker could not already do. In the worst case, the vulnerability could assist an attacker in gaining access to a domain account.

Telnet Server Is Vulnerable to a Denial of Service Attack
Microsoft Knowledge Base Article: 307298 - When an AYT scanner sends a large number of 0xFFF6 (IAC followed by AYT - requests to a Windows 2000-based Telnet server, the server is vulnerable to a denial of service attack and a potential buffer overflow.

Telnet Session Hangs When You Open a GUI Program
Microsoft Knowledge Base Article: 232293 - If you open a program in a Telnet session that is connected to a server running Microsoft Windows 2000 Telnet Server, the session may stop responding (hang).

Windows 2000 Telnet Server Stops Responding After Binary Input
Microsoft Knowledge Base Article: 267843 - When a Windows 2000-based computer that is running the Telnet Server service receives a malformed stream of binary zeros as input from a Telnet client, the Telnet Server service may stop responding (hang).

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.