Telnet Registry Entries
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
The following registry entries are associated with Telnet.
You can configure most Windows Telnet Server options by using the Telnet Server administration tool (TlntAdmn.exe). However, you can only configure some options by using the registry editor (Regedit.exe). Use the registry editor to configure only the Telnet Server options that cannot be configured by using the Telnet Server administration tool.
Regedit.exe can be used to change registry settings on a local or a remote computer. However, only members of the Administrators group can use Regedit.exe to configure registry settings on a remote computer.
Warning
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the computer. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.
Important
Other registry settings might exist that are not documented here. Do not modify these other registry settings. Doing so could result in unexpected problems and is not supported.
Registry Entries
The registry entries for Telnet are as follows:
AllowTrustedDomain
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000001 (1)
Description
The AllowTrustedDomain entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can prevent the Telnet Server program from authenticating users on trusted domains by configuring this registry entry.
By default, the Telnet Server program authenticates user accounts in trusted domains and in the local SAM database. Preventing the Telnet Server program from authenticating user accounts in trusted domains restricts Telnet access to only those users whose user accounts are in the local Security Accounts Manager (SAM) database. By default, the AllowTrustedDomain registry entry has a value of 1. To prevent Telnet Server from authenticating user accounts in trusted domains, you must set this registry entry to 0.
AltKeyMapping
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000001 (1)
Description
The AltKeyMapping entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
Specifies whether you want Telnet Server to interpret CTRL+A as ALT. The default value of 1 causes received CTRL+A keystrokes to be interpreted by the command processor on the Telnet Server as the ALT key. Setting the value to 0 prevents the mapping, and causes the keystroke to be interpreted by the Telnet Server as CTRL+A.
DefaultDomain
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_EXPAND_SZ
Default Value
. (a single period character)
Description
The DefaultDomain entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can change the default domain against which user names and passwords are checked when authenticating them for log on to the Telnet server.
When the Telnet user specifies a simple logon name with no reference to a domain, this registry value specifies the domain to which the request is sent. If the user specifies a domain as part of the user name (for example, Domain1\MyName) then that domain is sent as part of the authentication request. However, the AllowTrustedDomain registry entry might block authentication.
DefaultShell
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_EXPAND_SZ
Default Value
%Systemroot%\system32\cmd.exe
Description
The DefaultShell entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can change the default shell, or command interpreter, that the Telnet server uses for a Telnet session by configuring this registry entry.
Commands typed by the user are executed by this command processor. The default value is the standard Windows command prompt. Any currently installed command processor can be used by specifying the full path and file name of the executable file.
DisconnectKillAllApps
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000001 (1)
Description
The DisconnectKillAllApps entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure Telnet to terminate all currently running applications in a Telnet session if the session is disconnected.
Setting the value to the default value of 1 causes Telnet to terminate all processes started from the Telnet session whenever it is disconnected. Setting the value to 0 allows the processes to continue running after the session is disconnected. Allowing processes to continue running might allow resources on the server to be consumed, thereby causing a performance drop if they cannot later be reclaimed.
EventLoggingEnabled
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000001 (1)
Description
The EventLoggingEnabled entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure Telnet to log events in the Windows Event Log.
If you set the value to the default of 1, then Telnet logs significant events in the Windows Event Log under the Source of Telnet Server. If you set the value to 0, then Windows does not log events in the Windows Event Log.
IdleSessionTimeOut
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000e10 (3600) - in seconds, represents 60 minutes.
Description
The IdleSessionTimeOut entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure how long Telnet Server allows a session to remain idle before it disconnects the session. The value is measured in seconds, and the default value is 3600, or 60 minutes. If you set the value to its maximum, hexadecimal 0xffffffff, then Telnet Server does not disconnect idle sessions.
For additional information about setting timeout values, see Configure Idle Session Timeouts for Telnet Sessions (https://go.microsoft.com/fwlink/?LinkId=108377) in the Telnet Operations Guide.
IdleSessionTimeOutBkup
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000e10 (3600) - in seconds, represents 60 minutes.
Description
The IdleSessionTimeOutBkup entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure how long Telnet Server allows a session to remain idle before it disconnects the session. The value is measured in seconds, and the default value is 3600, or 60 minutes. If you set the value to its maximum, hexadecimal 0xffffffff, then Telnet Server does not disconnect idle sessions.
For additional information about setting timeout values, see Configure Idle Session Timeouts for Telnet Sessions (https://go.microsoft.com/fwlink/?LinkId=108377) in the Telnet Operations Guide.
ListenToSpecificIpAddr
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
INADDR_ANY
Description
The ListenToSpecificIpAddr entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure the Telnet Server program so it listens for connection requests that are sent to a specific IP address. This is useful if a host has several network adapters, and you want to limit Telnet connections to only one of the network adapters. It is also useful if you have a firewall, and you want to filter Telnet traffic through the firewall to only a few IP addresses.
By default, this registry entry has the value INADDR_ANY, which instructs Telnet Server to listen for Telnet connection requests that are sent to all IP addresses assigned to the host. You can change the value of this registry entry to any IP address that is assigned to the host. Only one IP address or singe node name can be entered at one time.
LogAdminAttempts
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000001 (1)
Description
The LogAdminAttempts entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
If you set this value to the default value of 1, and logging is enabled, then Telnet Server logs attempts by administrators to log on to the server. If you set this value to 0, Windows does not log attempts by administrators to log on to the server.
LogFailures
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000000 (0)
Description
The LogFailures entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
If you set this value to 1, and logging is enabled, then Telnet Server logs failed attempts to log on to the server. If you set this value to 0, Windows does not log failed attempts to log on to the server.
LogFile
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
(blank)
Description
The LogFile entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can specify the path and file name for the log file that is created by the Telnet server when you enable logging to a file. This entry is used only with the LogToFile registry entry.
LogFileSize
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
5 - in megabytes
Description
The LogFileSize entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure the maximum file size of the log that is created by the Telnet server when you enable logging to a file.
LoginScript
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_EXAPND_SZ
Default Value
(blank)
Description
The LoginScript entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can specify a path and file name for a script that is run as soon as a user logs on to the Telnet server. The script must contain commands that can be processed by the configured shell program in the Telnet session.
LogNonAdminAttempts
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000000 (0)
Description
The LogNonAdminAttempts entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
If you set this value to 1, and logging is enabled, then Telnet Server logs attempts by non-administrators to log on to the server. If you set this value to 0, Windows does not log attempts by non-administrators to log on to the server.
LogToFile
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000000 (0)
Description
The LogToFile entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure Telnet Server to log significant events to a file. The service must have write permissions to the location specified or the attempt to create the log file will fail.
Setting the value to 0 indicates that logging to a file is disabled. Setting the value to a 1 specifies that Windows should write the log to the location specified in the LogFile registry value.
MaxConnections
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000002 (2)
Description
The MaxConnections entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure the number of connections that Telnet Server allows at one time. If the MaxConnections number of sessions are currently open, additional users cannot connect.
MaxFailedLogins
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000003 (3)
Description
The MaxFailedLogins entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure the number of failed log on attempts that Telnet Server allows before it disconnects the user as a security measure. Microsoft recommends that you do not set this value to 0, because that makes your Telnet server more vulnerable to brute-force password guessing attacks.
ModeOfOperation
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000001 (1)
Description
The ModeOfOperation entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure your Telnet server to operate in console mode or stream mode. To set console mode, set the value to 0x1. To set stream mode, set the value to 0x2. In console mode, the output is managed in a terminal window of a specific number of rows and columns. In stream mode, no such terminal window is assumed, and you cannot use ANSI escape commands to control the cursor position in the window.
SecurityMechanism
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000006 (6)
Description
The SecurityMechanism entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
The SecurityMechanism entry uses binary bit positions to represent the two supported authentication mechanisms. If the '2' bit (second bit from the right) is set to 1, then NTLM authentication is enabled. If it is 0, then NTLM authentication is disabled. If the '4' bit (third bit from the right) is a 1, then password authentication is enabled. If it is a 0, then password authentication is disabled.
At least one authentication mechanism must be enabled. The default value of 6 (which includes both the 2 and 4 bits) indicates that both NTLM and password authentication are enabled.
TelnetPort
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\
Type
REG_DWORD
Default Value
0x00000017 (23)
Description
The TelnetPort entry is included in Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server
2003, and Windows
XP.
You can configure the TCP port number on which the Telnet server listens for connection requests. If you change this value from the default of 23, then you must inform the Telnet clients who need to access your server what the new value is, or else they cannot connect.
See Also
Concepts
Telnet Client Startup Parameter Reference
Telnet Client Command Reference
Telnet Server Admin Tool TlntAdmn.exe Command Line Reference
Telnet Errors and Events
RFCs Supported by the Microsoft Implementation of Telnet