Solved

SBS Server 2003 - Best way to Remote Desktop offsite

Posted on 2004-09-03
3
297 Views
Last Modified: 2010-10-05
I would like to work on our newly installed server at the client site, from our office. (Two different networks, no firewalls at either end...just NAT routers). We installed SBS 2003 and would like to open a port for Remote Desktop administration via the Internet.

Some experience tells me that opening a port may lead to snoopers. Is there a proper way to achieve what I'd like to, here?
0
Comment
Question by:ArtemisConsultants
  • 2
3 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11972207
There is only really two ways to do it.
1. Open the port up TCP 3389 forwarded to the server, but restrict access to this port to only your network Ip address range at your office, that way no one other that your compnay can access this service.
2. The better way is to setup a vpn either ipsec or pptp to the client site and use the tunnel to access the server using it's local LAN ip.

These are the most secure, or you can take a chance and leave the port open from any address but then you are relying on NT authentication which would not be to wise.
0
 
LVL 15

Expert Comment

by:vico1
ID: 11978141
The Best way to do it is Thru Remote work web workplace.

I would not worry about port 3389 since every body know that TS works over 3389.

1.Go to server Management.
2.Run the connect to the internet wizard
3.Check option to access Remote Web Workplace From internet.
4.Make Sure that Port 4125 and  is fowarded to your server.
5.You could also use Port 443 instead of port 80 for sercure connection The you would access your server by typing https//serveraddress
6.Now you have to make sure that you have proper credentials to access Remote web workplace

Let me knoe if you need more help


0
 
LVL 12

Accepted Solution

by:
ColinRoyds earned 125 total points
ID: 11979506
Vico I totally disagree with you when you say don't bother about port 3389, if you actually read carefully about what I stated it does say to RESTRICT ACCESS to this port TO CERTAIN IP ADDRESSES ONLY (as in the network ip of  ArtemisConsultants) , that kinda blows your whole theory out of the window. In this case no one other than  ArtemisConsultants would have access to it, AND if you use a VPN it is the MOST SECURE OPTION AVAILABLE. And where is the difference between using port 4125 or 3389, when 4125 the DEFAULT PORT for Remote work web workplace is just as well known as port 3389 .if you really wanted to add to security you would change the port numbers to something random.

I hope this is a bit of a lesson in security for you.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question