Terminal Services + IPsec using certificates?

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Mike,

Terminal Servers (Windows 2003) by default uses 128 bit encryption to
protect any data exchanged between client and server. On Windows 2000 you
have to manually set Encryption level to high. Do you think this wouldn't
work for you? Do you need more protection?

If you decide to use certificates for IPSec each computer would get it's own
certificate. These certificates are used for computer authentication process
(just like preshared key or Kerberos would be).

Mike

"Mike" <mike@nomail.se> wrote in message
news:NBh%c.102761$dP1.366438@newsc.telia.net...
> Hi,
> I need to access a few stand alone Win 2000 Servers for admin purposes
using
> Terminal Services. For security reasons I want to use IPsec to wrap a
layer
> of security around the servers. I want to do something similar to
> http://www.windowsitpro.com/Articl [...] 20288.html but instead
> of using preshared keys I want to use certificates as authentication
option.
>
> I have four servers (Win 2000 Server) I need to be able to connect to
using
> two different clients (WinXP at home and at work). Using preshared keys
this
> would be pretty straightforward, but Im not sure exactly how certificates
> work in this. Do I generate one certificate for each server and each
client,
> or how do I go about this?
>
> Since, in the example in the link above, the client sets a rule for all TS
> traffic I gather I can only have one certificate per client to be used for
> TS traffic? If so, how can I access different TS servers in this way? Is
it
> possible at all?
>
> I don´t know much about certificates as you see, maybe someone can point
me
> in the right direction? Any help/input/link is highly appreciated.
>
> /Mike
>
>