New in W2K: Telnet services as remote administration tool.

Wednesday Feb 7th 2001 by ServerWatch Staff
Share:

While studying the W2K books I ran into a new kind of service (and correct me if I'm wrong, this wasn't available default in NT4.0) called the telnet service. This is a UNIX like service, which gives you a text based tool for remote administration of your W2K system. This can be very when you have to troubleshoot a system while using a slow connection (i.e. 33k6 modem). But I also think that a warning should be in place, although the service is default configured as Manual in the control panel, switching this to automatically shouldn't be done without consideration of the security issue's.

Bart Teunis

Introduction:

While studying the W2K books I ran into a new kind of service (and correct me if I'm wrong, this wasn't available default in NT4.0) called the telnet service. This is a UNIX like service, which gives you a text based tool for remote administration of your W2K system. This can be very when you have to troubleshoot a system while using a slow connection (i.e. 33k6 modem). But I also think that a warning should be in place, although the service is default configured as Manual in the control panel, switching this to automatically shouldn't be done without consideration of the security issue's.

How does it works:

Like said before the default value for this service is manual. So you have to switch it on. This is done through the menu start/programs/administrative tools/services . After the service is started you are able to make a telnet connection to the W2K server just by starting up from the command prompt telnet xxx.xxx.xxx.xxx. After the login and password, the system redirects you to the c:\> from this command prompt you are able to start up the telnet server service administration tool by running the tlntadmn.exe program. The telnet server service administration tool: The telnet server service administration tool includes the following options:

Option Name Description
0 Quit this application Ends the Telnet Server Administration tool
1 List the current Users Lists the current users, including the user name, domain, remote computer, Session ID, and log time
2 Terminate a user session Terminates a selected user's session
3 Display/Change registry settings Provides a list of registry settings that you can change. For more information see page 2
4 Start the service Starts the W2K telnet service
5 Stops the service Stops the W2K telnet service

The telnet service is very similar to the version which was include with service for UNIX, with the major difference that the W2K service only accepts two inbound connections.

What about security:

The MS telnet service offers a method of secure logon using NTLM security. If W2K is configured to use Kerberos as its default authentication method, the default must changed in the registry by using option 3 in the administrator tool setting the value to 0. But most services allow for only a "clear text" logon, which means that your passwords across the network. You have problems when the pizzaboy from my last article (W2K Recovery Console ) placed a tap into your network.

Logons are considered to be local logons, so the user who logs on with a telnet connection must be able to log on locally. The file permissions are based on NTFS file system security. If you have partitions using the FAT or FAT32 file system on your server, any user who has access to Telnet can gain access to all resources on these values.

In conclusion:

This new tool is also like the recovery console a very powerful tool to make the life of the administrator less stressful, but there are a lot of security issue's involved so before using this tool you must consider the total security of your system and network.

Bart Teunis

Description of the registry entries of the telnet server service

The telnet server service values can be found in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\TelnetServer\1.0





Name Data type Default Value Means
AllowTrustedDomain REG_DWORD 0x01 Allow users from logging in using an account from a trusted domain
    0x00 Prevents logging on
DefaultDomain REG_EXPAND_SZ   Uses default Windows domain for login authentication
DefaultShell REG_EXPAND_SZ   Defines the full path of the shell of command interpreter that runs when a user logs on. Default is Cmd.exe and can be set to a UNIX shell.
LoginScript REG_EXPAND_SZ   Sets the full path of the script that will run when a user logs on
MaxConnections REG_DWORD 2 Hard coded
MaxFailedLogins REG_DWORD 3 Determines the number of unsuccessful logons before a user is disconnected
NTLM REG_DWORD 0x02 Uses NTLM authentication
TelnetPort REG_DWORD 23 Sets the telnet port
       

The settings above only represents a few reg. settings for more settings see:

Q226107 of the MS KnowlegdeBase

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved