Home Forums Remote Desktop

I am looking for the best solution for remote access to AC.
Currently, I use Windows Remote Desktop Connection, set up so I can port-forward to whichever office machine I want to access from a remote client using port translation and forwarding on the main router.

So far, I have seen nothing as clear and fast as RDC/RDP -- though I still use Logmein occasionally. Teamviewer is just way too expensive.

Supposedly, there is web access built into the SBS essentials server software, but I have never figured out how to make it work. It seems easier to set up the router to forward the default RDP port 3389.

Question -- is that less secure than other options?
Is there some reason why people still use other alternatives?

Logmein (LMI) is easier to set up, with ignition it is a breeze to log into multiple machines. That said, RDP is fairly easy to set up, fast with a desktop icon.

SBS remote log in is slow to get into. You have to log into the site, go over to the machine. It's slower than LMI through their site.

Google how to change your RDP port number. It helps to have a static IP address but some don't change all that often. Instead of just putting the IP address in the RDP console, you append it with a colon ( xx.yyy.xxx.zzz:1234). Boom, you can log right into that machine more securely.

It does require editing your registry, but its not that hard.

I use both RDP and LMI ignition.

Actually, it is much faster to use RDP than even Ignition, and the desktop is much clearer than the LMI image.

ISP provides static internet address, and I set up the office machines I want to control with static addresses on the LAN.

I don't change the RDP port in the registry on the office machines -- that isn't necessary. The main router takes care of all that.

Set up port-forwarding and port translation so that the external port is whatever you choose, but the internal port remains 3389, forwarded to the IP address of office machine on the LAN. No logging in to the server -- the RDP app on the remote machine takes you there directly.

So -- on a Windows remote machine (tablet, laptop, cellphone, hotel desktop, whatever) set up RDP to accesses the office IP address (takes you to the router) followed by the "external port" number that you assigned it on the router in the office, then the router sends it to the correct machine on the LAN. With Android you can use 2X -- works like Windows RDP. Don't know about Apple; I assume they have something similar.

I remote to 3 different office machines. The RDP port on the machine is always 3389.
From the outside, I get to the machine with RDP, and the address is
Machine #1 XXX.XY.X XYZ:3389
Machine #2 XXX.XY.X.XYZ:3391
Machine #3 XXX.XY.X.XYZ:3393

This works just like RDP on the LAN itself -- with a good internet connection it is virtually identical with being at the office machine.

This is really so easy, and works so well -- better than Ignition, better than clumsy Web Access, better than VPN -- so it leaves me wondering why anyone does anything else? Is there a security issue I am overlooking?

Tom Duncan

I use an RDP setup identical to Tom's. Agree, works great from any windows device.

FYI: on some computers at my hospital, for some reason Remote Desktop accessory is not available...but there is a command line to access RDP: http://windows.microsoft.com/en-us/...arameters-with-remote-desktop-connection

On my ipad and iphone, I had been using an app "Mocha RDP" that emulates RDP ($10 a few years ago). It had been working great, but last few months I've had resolution issues that make it difficult to see the entire AC screen, so I've had to use LogMeIn instead. Not ready to spend $80/year on Parallels, but sounds like a good solution (was in David Pogue's NYT column, and discussed in a different thread here).

Steve

Good tip on the hospital.

Can you list your hardware and OS please?

Thanks.

My friend the Technowiz tells me RDP isn't secure. That I need Open VPN or something.

Seems like the port forwarding is reasonably bullet proof if your office machines are locked down properly.

I can't see how VPN adds much except latency and delay.
With RDP it is just like being at the office machine if the internet connection is good.

You don't need to slow things down with VPN.

RWA and RDP are the single two best, most secure connections.

But...you don't want to use port forwarding any more if you have servers 2008 and higher. No matter how well it works, using a Remote Gateway is 50 times better. It's simply Old School. Windows 2000 works, but it isn't Win 7.

And, please have your friend tell us how it isn't secure.

The connect with RDP is extremely secure. Your friend is correct if you are using port 3389. If you are on that port, you will need very good usernames and passwords. But, when you get to 3392 with three accounts, will one of them have csmith and football as their password?

HaHa

No, it's

Beast
666

Uh oh, Beast is one of the top 10 passwords.

Since it came up with a client this morning, the easiest way to protect and lock-down your remote access is to use your firewall to block/drop all traffic except that which comes from your home IP sub-net. (and of course your vacation home, private yacht, ski villa, sat phone etc.)

[There is actually a bit of obscure tech-humor in the previous statement]

By using this approach you greatly reduce the attack surface of the firewall without the performance impacts of a VPN or other network-wide encrypted transport.