Well, here we are full circle. P2P vs Client/Server Domain. Donna, please don't take this personally. Even a small office will reap many benefits using a client/server setup. When we "debated" this before, it was always about AC and its need to be on a client/server vs P2P. Those touting the benefits of using a server and a server OS could never really get across that it wasn't all about could a P2P run AC. It was about, yes it could, but can a P2P allow the so many other benefits? So, one is running their office with a client/server setup. The Windows OS will already have RDS and a RD Gateway (Terminal services before 2008). Here is where RDP would be so simple to set up. Port forward to 443. Port 443 used by RD Gateway and a certificate. Using a 3rd party certificate makes you much more secure. You talk to GoDaddy or DomainIt.com or one of the many other domain/certificate other companies, and they will walk you through your domain name and SSL certificate. Microsoft will provide you with a domain name now. Once your remote computer uses RDP, they will use the Gateway to go to any computer on the network. Not to mention Remote Web Access and remote SharePoint, etc. Group Policy on a server is rather simple and sitting down in front of it and going through the many settings will give you options you didn't even know existed. Users using Control Panel to do certain things. Hide it. Need to change password policy on every computer at once. It takes five seconds. One of my favorites since I have to work on users' computers all the time and can't find an icon since the background is either loaded with beautiful desert scenes or winter snow drifts or pictures of their kids, I can allow only a black wallpaper. They can't even get to the setting to try to change it. And, of course, setting the password policy to 10 characters, using lower case and upper case and numbers and characters. I don't even allow my users to set their own passwords. I set passphrases or use other methods to allow them to easily remember them without hackers to guess or use brute force. You can do this on each computer separately, but it takes quite a bit of time to go around to each computer and set up. And, don't forget that each client may have five accounts.
It is important to note that you can make RDP much more secure with James' suggestions. Just so you know how to get there, you need to use mmc by typing mmc in a run or search field, then browsing to:
Console root\Local computer policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session\Security: then using Set Client Connection Encryption Level and enabling it. Once you get there save it as a favorite. Do this on every computer or just use a Group Policy Object from the server.
I have a friend who has done networking with Microsoft Windows. All the credentials of MVP and MCITP, etc. Every time I screw up and ask him a question about P2P, his reply is I am not wasting my time on a P2P question. It is simply way too difficult.
Just for fun go to a site like
http://random-ize.com/how-long-to-hack-pass/ and type in each of your computer passwords and see how long it would take to crack them. Then type in something like "IuseAmazingcharts4(" and it becomes trillions of years to the 5th power. Or use a song like Goodbye Yellow Brick Road and make it gbYbrej5%5 and you get to 609 years. Just capitalizing the Y changes it from 22 years to 609 years. And, these are passwords you can remember for six users. And, they don't need yellow stickies on the back of their computers.
But to answer your original questions, Google
https://www.pcmag.com/roundup/355572/the-best-remote-access-software or
https://tinyurl.com/yb6r8out and choose what hits you want. Splashtop is pretty good. Notice the https:// on these sites. SSL/443, what banks use. What a server would use with a certificate.
You are a doctor. Plumbers and carpenters go to you for high blood pressure, diabetes, even eczema. Why do doctors not go to reputable IT companies to set up their networks? Just sayin'
