Solved

SBS Server 2003 - Best way to Remote Desktop offsite

Posted on 2004-09-03
3
296 Views
Last Modified: 2010-10-05
I would like to work on our newly installed server at the client site, from our office. (Two different networks, no firewalls at either end...just NAT routers). We installed SBS 2003 and would like to open a port for Remote Desktop administration via the Internet.

Some experience tells me that opening a port may lead to snoopers. Is there a proper way to achieve what I'd like to, here?
0
Comment
Question by:ArtemisConsultants
  • 2
3 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11972207
There is only really two ways to do it.
1. Open the port up TCP 3389 forwarded to the server, but restrict access to this port to only your network Ip address range at your office, that way no one other that your compnay can access this service.
2. The better way is to setup a vpn either ipsec or pptp to the client site and use the tunnel to access the server using it's local LAN ip.

These are the most secure, or you can take a chance and leave the port open from any address but then you are relying on NT authentication which would not be to wise.
0
 
LVL 15

Expert Comment

by:vico1
ID: 11978141
The Best way to do it is Thru Remote work web workplace.

I would not worry about port 3389 since every body know that TS works over 3389.

1.Go to server Management.
2.Run the connect to the internet wizard
3.Check option to access Remote Web Workplace From internet.
4.Make Sure that Port 4125 and  is fowarded to your server.
5.You could also use Port 443 instead of port 80 for sercure connection The you would access your server by typing https//serveraddress
6.Now you have to make sure that you have proper credentials to access Remote web workplace

Let me knoe if you need more help


0
 
LVL 12

Accepted Solution

by:
ColinRoyds earned 125 total points
ID: 11979506
Vico I totally disagree with you when you say don't bother about port 3389, if you actually read carefully about what I stated it does say to RESTRICT ACCESS to this port TO CERTAIN IP ADDRESSES ONLY (as in the network ip of  ArtemisConsultants) , that kinda blows your whole theory out of the window. In this case no one other than  ArtemisConsultants would have access to it, AND if you use a VPN it is the MOST SECURE OPTION AVAILABLE. And where is the difference between using port 4125 or 3389, when 4125 the DEFAULT PORT for Remote work web workplace is just as well known as port 3389 .if you really wanted to add to security you would change the port numbers to something random.

I hope this is a bit of a lesson in security for you.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove the ability to reboot servers from helpdesk user's. 14 63
GPO Access denied in AD 12 50
home folder path for users 4 74
Big Problem with Redirected Folder 8 46
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question