The entire Remote Desktop (RDP) session is encrypted by default at 128-bits.
If a client like a PocketPC, that can only do 64-bit encryption, connects
then that is what the session will be at. So I always recommend configuring
the RDP host PC to only allow connections using "high" encryption versus
The big difference connecting a Vista-2-Vista Remote Desktop session versus
a Vista-2-XP session is the use of Network Level Authentication (NLA) which
is not available for XP. NLA will help prevent man-in-the-middle attacks.
It goes without saying that you should use a strong password.
I also limit access to my Vista and XP Pro desktops with Remote Desktop to
my normal standard/limited user accounts. I disable access to my
administrator account. In this example my normal admin account is called
root (original eh...) and can not access my desktop via Remote Desktop.
Some folks, including myself, also only run Remote Desktop through a VPN or
Secure Shell (SSH) tunnel. I like SSH because I can use a 4096-bit RSA
private/public key pair protected by a strong password for authentication
versus a password only (strong or otherwise). Another advantage of a VPN or
SSH tunnel is you can access multiple desktops through the tunnel with
needing to open multiple ports.
Remember if you are accessing a XP Pro/MCE machine from a Vista machine that
you need to configure the Vista RDP client like this...
FWIW, I have always found the Remote Desktop is much faster and more
responsive that VNC (any flavor). As always YMMV...
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
How to ask a question