| Author |
Message |
Robert Graham
Guest
|
 Posted:
Wed Nov 09, 2005 9:51 pm Post subject:
Remote desktop from outside |
|
|
Just a helpful note for those wishing to use RDP more powerfully.
I have a client who has two clone companies in two states. They both have
SBS2000 networks. They are in no way connected legally, and he flies back
and forth spending time at each.
He needs to be able to Remote Desktop from his workstation in one lan to
his workstation in the other.
I also want to be able to RDP from any machine in one lan to any machine
in the other, or from my home office to machines inside the lan without
having to VPN.
Solution:
Create a Protocol Definition in ISA that specifies an Inbound TCP Port of
your choosing, say 3390 (one above the normal RDP port).
Create a web publishing rule in ISA that specifies that protocol and
forwards it to a specific pc in the lan.
On that PC, in the registry, change the port for "terminal services" to
the port you chose in ISA.
If that PC has XP firewall enabled, open a port for your newly defined rdp
listener.
Now, from inside the lan you can rdp that box with the address:
<ComputerName>:3390
From oustside world or machine in other SBS lan: <Ip address of ISA
Machine>:3390
Works like a charm!
You have to do this separately for each machine you want better access to,
with a different port number for each. Yes, it's limiting that way, leave
machines you don't need improved access to alone, you can still rdp to
them inside by machine name, and from outside by vpn, then rdp to by
<MachineName.DomainName.Suffix> after establishing vpn. (ie:
machine1.server.local). You cannot directly access them by RDP from behind
one isa server to a machine behind a different isa server.
Please study security issues and use at your own risk ;-)
Bob Graham |
|
| Back to top |
|
 |
Robert Graham
Guest
|
| Posted:
Wed Nov 09, 2005 9:51 pm Post subject:
Re: Remote desktop from outside |
|
|
Yes, agree on the 2003 recommendation, I installed that for another
company and liked the improvements a lot!
Two layer rdp quickly becomes annoying, because of the layered window
edges and other reasons. Plus I'd never want to teach it to a severly
limited user.
On the security issue, not sure how much risk there is unless someone
probed that port specifically *and* knew a vulnerability they could
exploit in a *properly* updated machine.
I looked for a long time for this solution, it needs to be better
published!
PS, most of my info came the the M&M's site, smallbizserver.net and MS
knowledge base.
Bob |
|
| Back to top |
|
|
Javier Gomez [SBS MVP]
Guest
|
| Posted:
Wed Nov 09, 2005 9:51 pm Post subject:
Re: Remote desktop from outside |
|
|
Just so you know... that's a good reason to upgrade to SBS2003 (Remote Web
Workplace does this out of the box). :-)
Also, another option is to RDP to a server/workstation and then in that
session RDP to another machine on the local LAN (without having to expose 10
computers to the internet).
--
Javier [SBS MVP]
www.msmvps.com/javier
<< SBS ROCKS!!! >> |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in