Lab 8.5.3: Configuring Telnet on Windows 2000 IP IP Linux Server Workstation or another server Estimated Time: 40 Minutes Objective In this lab, the student will learn how to configure
Trang 1Lab 8.5.3: Configuring Telnet on Windows 2000
IP
IP Linux Server
Workstation (or another server)
Estimated Time: 40 Minutes
Objective
In this lab, the student will learn how to configure Telnet services on Windows 2000
Equipment
The following equipment is required for this exercise:
• A system running Windows 2000 Professional
• Network connection from the workstation to hub or switch
• PC with a Telnet client program connected to the same hub or switch
Scenario
The ABC Company has just installed a server running Windows 2000 The company has asked that Telnet services be configured so that the workstation can be remotely
administered using Telnet
Procedures
Before beginning this lab, make sure that both the Windows 2000 workstation and the
Trang 2for both hosts Record that information in the tables provided:
Connected Host IP Address Configuration
IP address:
Subnet mask:
Default gateway:
Local Host IP Address Configuration
IP address:
Subnet mask:
Default gateway:
Record the IP address of the server and workstation in the boxes provided in the network diagram
Step 1: Log in to Windows 2000
Once the Windows server boots, the “Welcome to Windows” dialog box appears Log in
as the administrator
Step 2: Setting the IP address
Configure the Windows 2000 workstation IP address, subnet mask, and default gateway
to match the information entered in the table If this information has already been
configured in a previous lab, get the other workstation’s information Configure the
workstation IP stack accordingly Use ping to verify that the server can communicate
Step 3: Open Administrative Tools
On the workstation, start the Computer Management console Go to Start > Programs >
Administrative Tools
Step 4: Services and Applications
Once the Computer Management window displays on screen, click the plus (+) symbol to the left of “Services and Applications” and select Services from the expanded tree
Trang 3The Services section contains controls for starting and stopping the various services that are run in Windows 2000
Step 5: Configuring the Telnet Service
In order to allow Telnet clients to connect to the workstation, the Telnet service must be started Scroll the right-hand pane until the “Telnet” service is visible
Notice that the “Status” column is blank for the Telnet service indicating that the service is not currently running To start the Telnet service, right-click on the service and select
Start from the menu
Trang 4A Status indicator displays as Windows attempts to start the service Check the Status
column and verify that the service has started
Step 6: Locating the Telnet Service
The Telnet service for Windows 2000 defaults to using NT LAN Manager NTLM
authentication, which is not supported on all systems In order to make sure that the
Telnet service will work with any Telnet client, the service needs to be configured to
accept clear text usernames and passwords, if NTLM authentication fails To do this, start Telnet Server Administration, which is located in the Administrative tools menu next to
Computer Management
Trang 5Step 7: Telnet Administration
The Telnet Server Administration program is a menu driven program, to allow plain text
as well as NTLM Press 3 to enter the “Display / Change the registry settings” section of
the program At the next menu, choose 7 for NTLM The default value for NTLM is 2,
which does not allow clear text authentication in any circumstances Changing the NTLM
value to 1 will allow clear text authentication if NTLM fails The following dialog with the
menu will change NTLM to 1:
Current value of NTLM = 2
Do you want to change this value? [Y/n] y
NTLM [current value = 2; acceptable values 0, 1 or 2]: 1
Are you sure you want to set NTLM to: 1? [Y/n] y
Activate the changes that were just made by Stopping and Restarting the Telnet service
Note: Although it is convenient to allow clear text authentication so that clients can have
unrestricted access to the Telnet service (provided a valid user name and password are
present during the Telnet login), it is not recommended that clear text authentication be
enabled on a production server
Step 8: Starting the Telnet Session
To restart the Telnet service, enter a 0 to return to the main menu, and press the
Trang 6The Telnet service could be initially started from here as well as the Computer
Management console Now that the Telnet service has been started and configured on
the Windows 2000 workstation that will be used to Telnet into, the other workstation
should be able to test the connection to it using a Telnet client
Add netstat –a command to verify connections
Step 9: Run Command Window
Go to another workstation and test this connection On the workstation, the easiest way
to start a Telnet session to the Windows 2000 server is to go to Start > Run and enter
telnet ip_address_or_hostname
Once the Telnet client window comes up, it may warn that the user is about to send
password information through the Internet zone and it will prompt for permission Click
Yes and the window will display as shown below
A Telnet session is comparable to having a command prompt open on the Windows 2000
server From here, the system can be manipulated remotely
Trang 7Step 10: Remote System Statistics
In some environments, the statistics of the computer being logged into may not always be known There are some commands and programs that can give useful information about the server being logged in to Among these is the ver command, which displays the
version of windows that the system is running Type ver into the Telnet window and
press Enter Output should appear similar to the output displayed below
C:\>ver
Microsoft Windows 2000 [Version 5.00.2195]
C:\>
The netstat -a command is also very useful in tracking connections to the server
While logged in to the server, a user can run programs and issue commands, provided those commands do not require the GUI
When finished with the Telnet session, type exit at the command prompt Exit will end the Telnet session
Trang 8Troubleshooting
This lab requires that the two workstations have TCP/IP connectivity with each other If the user cannot telnet to the server from the workstation, verify each system’s IP
configuration and physical connections to the network
If the Telnet session is opened, but the user cannot log in, verify that the username and password being used have been configured on the server
Also, verify that NTLM authentication has been disabled, as described in Step 6 of this lab
Reflection
1 Telnet allows administrator remote access to the server What kind of administrative tasks can be performed using the Windows CLI through Telnet?
2 Telnet service is not enabled by default on a Windows 2000 server What are the dangers of enabling Telnet services?