Telnet Technical Reference
All versions of Microsoft Windows Server 2003 operating systems include Telnet Client and Telnet Server components. Using Telnet Client and Server, you can create a remote command console session on a host. You can run command line programs, shell commands, and scripts in a remote command console session just as though you were locally logged on to the host and using a local command prompt window.
What Is Telnet?
Windows Server 2003 and Windows XP Professional include Telnet Client and Telnet Server, which allow users to make remote connections based on the Telnet protocol. Using Telnet Client and Server, you can create a remote command console session on a host. Using a local command prompt window, you can run command line programs, shell commands, and scripts in a remote command console session just as though you were locally logged on to the host. Thus, having Telnet client and server software solves two networking problems. It allows for interoperability between disparate operating systems, and it facilitates administration of remote systems, saving administrative time and network resources.
Telnet Client and Server are well suited for troubleshooting and configuring remote computers, especially in mixed environments that require interoperability between different operating systems. For example, you can use Windows Server 2003 Telnet Client to connect to a Telnet server that is running on another operating system such as UNIX. Likewise, you can use a Telnet client that is running on UNIX to connect to a computer running Windows Server 2003 Telnet Server. Telnet Client and Server are also ideal in situations where memory and processor resources are minimal on a client or host or where network bandwidth is limited. This is because computers running Telnet clients and servers use less memory and processor time than other remote management tools, and Telnet clients and servers transmit only plaintext (unencrypted characters) across the network. Remote Administration
Remote administration is a method of managing one or more remote computers from a single location. In a large organization, you can use remote administration to centrally manage hundreds or even thousands of computers located in other buildings or even in other cities. In a small organization, you can use remote administration to manage a single server located in an adjacent office.
By its nature, remote administration lowers the Total Cost of Ownership (TCO) by making system management easier and more efficient. Using remote administration, server operators and technicians can manage and troubleshoot servers without having to locally log on to the server, thereby lowering the cost of on-site support. Remote administration also assists help desk technicians in solving problems more quickly by letting them take control of a user’s computer. Telnet and Other Technologies
Telnet is closely related to two other technologies that provide an alternative for remote command console sessions, depending on your needs for distributed computing, security, configuration requirements, and so on.
Telnet and Terminal Services are similar in that they are both used for remote sessions. However, Terminal Services extends the model of distributed computing by allowing client computers to operate in a server-based computing environment. Whereas Telnet only allows terminal emulation between a Telnet server and client, Terminal Services running on Windows Server 2003-based computers allows clients to run applications, while data processing, and data storage occur on the server. Applications and user sessions are transmitted over the network and displayed via terminal emulation software. Similarly, print streams, keyboard input, and mouse clicks are also transmitted over the network between the server and the terminal emulation software. Each user logs on and sees only their individual session, which is managed transparently by the server operating system and is independent of any other client session. You might want to consider using Windows Server 2003 Terminal Services if you require more extensive distributed computing.
Windows Services for UNIX 3.5 includes a Telnet character-mode client that provides functionality not included in Windows Server 2003. The Windows Services for UNIX character-mode client supports both stream mode and console mode. It also provides for logging and additional configuration settings.
Windows Services for UNIX 3.5 includes two Telnet servers:
- The default, Windows-based Telnet server, which is functionally similar to the one included with all versions of Microsoft Windows since Windows 2000
- The Interix telnetd
Only one of these Telnet servers can be enabled at a time. By default, neither Telnet server is enabled for security reasons.
The Windows Services for UNIX 3.5 Telnet server accepts logons from a variety of clients, including the Telnet clients shipped with Windows 2000, Windows NT, Windows 95, and Windows 98, as well as a variety of character-mode terminal clients from virtually any operating system. Additionally, it can be configured to meet specific site requirements to improve security, simplify logons, support stream or console mode, and so forth.
The Windows Services for UNIX 3.5 Telnet server should be familiar to users of Windows 2000, Windows XP, and Windows Server 2003. It is essentially the same as the server included in Windows XP Professional and Windows Server 2003, and it is very similar to the one included in Windows 2000 editions. It uses the Windows command shell (Cmd.exe) as the default shell. You can start and stop this server from either the Services MMC (Services.msc) or from the Windows Services for UNIX Administration MMC (Sfumgmt.msc). If you are using Windows and UNIX in a mixed networking environment, you might want to consider installing Windows Services for UNIX 3.5 to extend the capabilities of Telnet.
Windows Server 2003 Telnet Client and Server are well suited for troubleshooting and configuring remote computers, especially in mixed environments that require interoperability between different operating systems. For example, you can use Telnet Client to connect to a Telnet server that is running on another operating system such as UNIX. Likewise, you can use a Telnet client that is running on UNIX to connect to a computer running Telnet Server. Windows Server 2003 Telnet Client and Server are also ideal in situations where memory and processor resources are minimal on a client or host or where network bandwidth is limited. This is because computers running Telnet clients and servers use less memory and processor time than other remote management tools, and Telnet clients and servers transmit only plaintext (unencrypted characters) across the network.
Understanding Telnet
Before using the Windows Server 2003 Telnet tools, you should consider the following:
- Windows Server 2003 Telnet Client and Server are based on the Telnet protocol, which specifies a method for transmitting and receiving unencrypted ASCII characters (plaintext) across a network. Understanding how the protocol works, and how Telnet clients and servers use the Telnet protocol, helps you manage Telnet connections.
- The Windows Server 2003 Telnet tools have several inherent limitations that affect the types of remote management tasks you can perform and the level of security that is in effect when you perform those tasks. Understanding these limitations helps you determine when and when not to use the Telnet tools.
- You can configure Telnet Server settings by using the Windows Server 2003 Telnet administration tool (Tlntadmn.exe) and the registry editor (Regedit.exe). Although the default Telnet Server settings are sufficient for most Telnet client connections, you might need to change the default settings to better suit your organization. Examples of Telnet Server settings include: authentication type, default port assignment for Telnet connections, maximum number of client connections, and maximum number of failed logon attempts.
- By default, members of the local administrators group can log on to a Telnet server. However, you might not want all Telnet users to have full administrative control of the host they log on to. In this case, you can use a Telnet clients group to grant users Telnet logon rights without granting them any administrative rights on the host. To configure these user rights from the graphical user interface, you must use the Active Directory Users and Groups snap-in or the Local Users and Groups snap-in. You can also use the Net User and Net Group commands to configure user rights from the command line.
- You can configure several optional settings when you use Telnet Client to establish a Telnet session on a host. Depending on the type of Telnet server you are logging on to, and how the Telnet server is configured, you might need to enable or change some of these optional settings. Examples of Windows Server 2003 Telnet Client settings include: client-side logging, terminal type, port assignment, and alternate user name for logon.
- You can manage active Telnet sessions on a host by using the Windows Server 2003 Telnet administration tool. Some of the administrative tasks you can perform include: terminating Telnet sessions, sending console messages to users with active Telnet sessions, and listing Telnet session information (for example, user name, logon time, idle time, and client IP address).
Note
- The information in this document refers to the Telnet Client and Telnet Server components that are installed by default with Windows Server 2003 and Windows XP Professional operating systems.
Telnet Architecture
Most network operating systems provide a Telnet client and a Telnet server. Telnet clients and servers are small executable programs that allow a local computer (a client) to access services and programs on a remote computer (a host). Telnet clients and servers, including Windows Server 2003 Telnet Client and Telnet Server, are based on the Telnet protocol, which is a subset of the TCP/IP suite and is described in RFC 854. The Telnet protocol specifies two general mechanisms: how Telnet clients and servers establish a connection across a network and how they transmit and receive information across a network.
You usually run a Telnet client program on a local computer: for example, a workstation that you are logged on to. You usually run a Telnet server program on a remote computer: for example, a host you want to administer. Telnet client programs initiate connections with Telnet servers. Telnet servers run in the background on a host, listening for Telnet clients to request a connection.
Common Telnet Features
Because Telnet clients and servers are based on the same standard protocol, all Telnet clients and servers have several features in common. These common features are what make Telnet clients and servers well suited for performing remote administration tasks in environments that require interoperability among disparate operating systems. In short, the Telnet protocol makes it possible for you to connect a computer running Windows Server 2003 Telnet Client to a UNIX Telnet server. The key features that make this interoperability possible include the following:
Common communication protocols
All Telnet clients and servers use TCP/IP as the underlying communication protocol. This makes Telnet clients and servers particularly useful for remotely administering computers across the Internet or within wide area networks (WANs) that are connected to the Internet. If your network does not support TCP/IP, you will not be able to use a Telnet client or server.
Common communication ports
TCP port 23 is reserved for Telnet client and server communication. By default, most Telnet clients initiate communication on port 23, and most Telnet servers listen on port 23 for connection requests. You can change the default port assignments with some Telnet client and server software, such as Windows Server 2003 Telnet Client and Server, but port 23 is the universally accepted port for Telnet communication.
Common character set for communication
All Telnet clients and servers are capable of transmitting and receiving a predefined character set consisting of standard ASCII character codes and ASCII control codes. All Telnet clients and servers transmit the ASCII codes across a network in unencrypted form (plaintext).
Common implementation of the Network Virtual Terminal
All Telnet clients and servers implement a network virtual terminal (NVT). The NVT is responsible for translating operating system-specific instructions (keyboard codes or display codes) into a consistent set of codes that all Telnet clients and servers can transmit and receive. The NVT is what makes Telnet clients and servers capable of communicating with each other regardless of which operating system they are using.
Creating a Telnet Connection
To create a Telnet connection between a Telnet client and a Telnet server, you must do the following:
- Start the Telnet Server program on the host. On Windows Server 2003, Telnet Server (Tlntsvr.exe) runs as a service. You can start the service manually every time you want to connect to a host, or you can configure the service so that it starts every time your computer starts. Telnet clients cannot connect to a host unless a Telnet server program (or service) is running and listening for connection requests.
- Run the Telnet Client program on the local computer. When you run Windows Server 2003 Telnet Client (Telnet.exe), you must specify the host to which you want to connect. You can also configure several optional connection settings and features.
When you run a Telnet client, it makes a connection request to the host. If a Telnet server responds to the request, the Telnet client and server negotiate the details of the connection, such as flow control settings, window size, and terminal type. After the connection details are successfully negotiated, and logon credentials are validated, the Telnet server program creates a Telnet command console session.
On Windows Server 2003, each Telnet command console session consists of two processes: Tlntsess.exe and Cmd.exe. Tlntsess.exe is responsible for managing the Telnet session. Cmd.exe is the command interpreter, or shell program, that runs commands, programs, or scripts on the host.
Note
- Cmd.exe is the default command interpreter for a Windows Server 2003 Telnet command console session. However, you can configure the Windows Server 2003 Telnet Server program to use as a default any command interpreter or shell program that is installed on the host.
Running Programs Remotely Using a Telnet Connection
After you establish a Telnet connection with Telnet Server, the following message appears in the command prompt window on the client:
*= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Welcome to Microsoft Telnet Server.
*= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
This message indicates that your credentials are valid and that you have an active Telnet session with Telnet Server. Assuming you have the appropriate administrative user rights, you can use this session to remotely run command-line programs, shell commands, and scripts on a host. Telnet client and server processes rely on the Telnet network virtual terminal (NVT) to translate operating system-specific keyboard and display codes to Telnet character codes that all Telnet clients and servers can understand.
Telnet Limitations
Telnet connections have several limitations. You can address many of these limitations by changing Windows Server 2003 security and Group Policy settings, but the following limitation cannot be eliminated or modified.
You cannot run GUI tools over a Telnet connection
Telnet is a character-based communication protocol. It is not designed to transmit cursor movements or graphical user interface information. Because of this, you can only run command line programs, shell commands, scripts, and batch files over a Telnet connection. Some editing programs, such as vi and Edit, can be run over a Telnet connection; however, these interactive programs are not true GUI programs because cursor movement is controlled by the keyboard, not the mouse.
Telnet Server tools and settings determine how Telnet Server handles auditing, authentication, idle session time-out, and other remote command console session options. Usually, you do not need to configure Telnet Server options to connect a Telnet client to Windows Server
2003-based Telnet Server: the default Telnet Server options are compatible with most Telnet clients. However, you must configure Telnet Server options if you want to do any of the following:
- Audit logon and logoff information.
- Disable NTLM or password authentication, or change the default domain for authenticating unqualified user names (by default, the domain in which the machine account resides is used to authenticate unqualified user names).
- Prohibit authentication of user accounts in trusted domains, which restricts Telnet access to users whose user accounts are stored only in the local Security Accounts Manager (SAM) database (by default, Telnet Server authenticates user accounts in trusted domains and the local SAM database).
- Change the default shell, or command interpreter, that is used for Telnet sessions (Cmd.exe is the default shell).
- Specify an IP address on which you want the Telnet Server program to listen for connection requests.
- Change the mode of operation from console mode to stream mode.
- Ensure that all programs started in a Telnet session terminate when you disconnect a Telnet session.
- Change the TCP port on which Telnet Server listens for a connection (by default, Telnet servers listen on TCP port 23).
- Change the maximum number of Telnet sessions that Telnet Server will accept (the default is 2).
- Change the maximum number of logon attempts before a user is disconnected (the default is 3).
- Disable idle session time-out, or change the idle session time-out value (the default is 1 hour).
- Disable Alt key mapping (by default, pressing Ctrl-A simulates the Alt key).
Telnet Tools
The following tools are associated with Telnet Server.
Telnet.exe: Telnet Command Prompt
Category
The Telnet command prompt tool is included with the Windows Server
2003 and Windows
XP operating systems.
Version compatibility
Use this command on computers running Windows Server
2003 or Windows
XP.
Once all of the settings and options are configured, you can use Telnet.exe to initiate and conduct a Telnet session. You can create a Telnet connection, configure Telnet.exe options, and use all Telnet.exe features by using the Telnet command prompt. The Telnet command prompt is useful if you are performing quick maintenance tasks on several different hosts or you need to use advanced Telnet options and features.
You can access the Telnet command prompt by running the Telnet command without any command-line parameters. You can also access the Telnet command prompt by typing the Telnet escape character during an active Telnet session. The default escape character is Ctrl+].
After you start the Telnet command prompt, the following message appears:
Welcome to Microsoft Telnet Client
Escape Character is 'Ctrl+]'
Microsoft Telnet >
You can close the Telnet command prompt by using the Quit command.
Telnet.exe with command-line parameters
You can create a Telnet connection and configure some Telnet.exe options by using the Telnet command in conjunction with various command-line parameters. Using the Telnet command with command-line parameters is helpful if you are creating Telnet connections within a script or batch file or you do not need to use advanced Telnet client options and features. When you use Telnet with command-line parameters, you can use a single command to create a connection with a host. The command-line syntax for Telnet.exe is:
telnet [-a][-eescape_char][-flog_file][-luser_name][-tterm]host [port]
The command-line parameters are described in the following table.
Telnet.exe Command-Line Parameters
Parameter | Description |
---|---|
-a | Instructs Telnet.exe to log on to the host using the credentials of the user who is currently logged on to the client. |
-e escape_char | Specifies an escape character, which displays the Telnet command prompt. The default escape character is Ctrl+]. |
-f log_file | Creates a client-side log file and turns on client-side logging for the current session. The log_file parameter must consist of a path and file name. |
-l user_name | Instructs Telnet.exe to log on to the host using the user account that is specified in user_name. The user account specified in user_name must have Telnet logon rights on the host. |
-t term | Specifies the terminal type. The default terminal type is ANSI. Other valid terminal types include VT52, VT100, and VTNT. |
host | Specifies the host with which you want to create a Telnet connection. The host parameter can be a NetBIOS name, a fully qualified domain name, or an IP address. |
port | Specifies the TCP port on which you want to create a Telnet connection. The default Telnet port is 23. |
For example, the following command uses the credentials of the user who is currently logged on to the client to create a Telnet connection on port 23 with a host named server01:
Telnet Server01
Likewise, the following example creates the same Telnet connection and enables client-side logging to a log file named c:\telnet_logfile:
telnet -f c:\telnet_logfile server01
The connection with the host remains active until you exit the Telnet session (by using the Exit command), or you use the Telnet Server administration tool to terminate the Telnet session on the host.
Tlntadmn.exe: Telnet Administration
Category
The Telnet administration command-line tool is included with the Windows Server
2003 and Windows
XP operating systems.
Version compatibility
Run this command on computers running Windows Server
2003 or Windows
XP.
Tlntadmn.exe is a command-line tool, and is installed by default when you install Windows Server
2003. Unlike the Telnet Server administration tool in Windows
2000, Tlntadmn.exe is a noninteractive tool that must be run with various command-line parameters. Because Tlntadmn.exe is noninteractive, and uses command-line parameters to configure Telnet Server options, you can use Tlntadmn.exe in scripts or batch files to automate Telnet Server configuration tasks. You must be a member of the Administrators local group to use the Telnet Server administration tool.
For more information about Tlntadmn.exe, see “Telnet commands” in the Command Line References in the Tools and Settings Collection.
Telnet Registry Entries
The following registry entries are associated with Telnet.
You can configure most Windows Server
2003 Telnet Server options by using the Telnet Server administration tool (Tlntadmn.exe). However, you can only configure some options by using the registry editor (Regedit.exe). You should use the registry editor to configure only the Telnet Server options that cannot be configured with the Telnet Server administration tool.
You must be a member of one of the following groups to use Regedit.exe: Administrators, Server Operators, and Power Users. You can use Regedit.exe to change registry settings on a local or a remote computer. However, only members of the Administrators group can use Regedit.exe to configure registry settings on a remote computer.
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
The following registry entries are located under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\.
AllowTrustedDomain
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\
Version
The AllowTrustedDomain entry is included in Windows Server
2003 and Windows
XP.
You can prevent the Telnet Server program from authenticating users on trusted domains by configuring this registry entry.
By default, the Telnet Server program authenticates user accounts in trusted domains and in the local SAM database. Preventing the Telnet Server program from authenticating user accounts in trusted domains restricts Telnet access to only those users whose user accounts are in the local SAM database. By default, the AllowTrustedDomain registry entry has a value of 1. To prevent Telnet Server from authenticating user accounts in trusted domains, you must set this registry entry to 0.
DefaultShell
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\
Version
The DefaultShell entry is included in Windows Server
2003 and Windows
XP.
You can change the default shell, or command interpreter, that the Telnet Server program uses for a Telnet session by configuring this registry entry.
By default, Telnet Server runs all commands in the Windows Server
2003-based command interpreter (Cmd.exe). You can change this to any command interpreter that is installed on the host. You must provide a path and file name for the command interpreter.
ListenToSpecificIpAddr
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\
Version
The ListenToSpecificIpAddr entry is included in Windows Server
2003 and Windows
XP.
You can configure the Telnet Server program so it listens for connection requests that are sent to a specific IP address. This is useful if a host has several network adapters, and you want to limit Telnet connections to only one of the network adapters. It is also useful if you have a firewall, and you want to filter Telnet traffic through the firewall to only a few IP addresses.
By default, this registry entry has the value INADDR_ANY, which instructs Telnet Server to listen for Telnet connection requests that are sent to all IP addresses assigned to the host. You can change the value of this registry entry to any IP address that is assigned to the host.