First of all, to prevent remote administration, disable the Telnet service and disable the remote registry service. Also disable file and print sharing to prevent connections to administrative shares. However, note that this means you will not be able to use tools such as the Microsoft Security Baseline Analyzer to assess the patching level of the computer.
If you want to remotely administer Windows 2000, I would suggest using Terminal Services in administrative mode. By default, all communication between client and server is encrypted at the medium level, which means 56-bit. This can be raised to 128-bit if the server and client support it. A white paper is available on the subject from Microsoft. I would not suggest the use of Telnet, unless you also provide IPsec policy to ensure encryption of the data between client and server. Like any action, client and server should be secured, and you may decide that for very sensitive systems you do not want to enable any remote administration.
This was first published in January 2003