Solved

SBS Server 2003 - Best way to Remote Desktop offsite

Posted on 2004-09-03
3
294 Views
Last Modified: 2010-10-05
I would like to work on our newly installed server at the client site, from our office. (Two different networks, no firewalls at either end...just NAT routers). We installed SBS 2003 and would like to open a port for Remote Desktop administration via the Internet.

Some experience tells me that opening a port may lead to snoopers. Is there a proper way to achieve what I'd like to, here?
0
Comment
Question by:ArtemisConsultants
  • 2
3 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11972207
There is only really two ways to do it.
1. Open the port up TCP 3389 forwarded to the server, but restrict access to this port to only your network Ip address range at your office, that way no one other that your compnay can access this service.
2. The better way is to setup a vpn either ipsec or pptp to the client site and use the tunnel to access the server using it's local LAN ip.

These are the most secure, or you can take a chance and leave the port open from any address but then you are relying on NT authentication which would not be to wise.
0
 
LVL 15

Expert Comment

by:vico1
ID: 11978141
The Best way to do it is Thru Remote work web workplace.

I would not worry about port 3389 since every body know that TS works over 3389.

1.Go to server Management.
2.Run the connect to the internet wizard
3.Check option to access Remote Web Workplace From internet.
4.Make Sure that Port 4125 and  is fowarded to your server.
5.You could also use Port 443 instead of port 80 for sercure connection The you would access your server by typing https//serveraddress
6.Now you have to make sure that you have proper credentials to access Remote web workplace

Let me knoe if you need more help


0
 
LVL 12

Accepted Solution

by:
ColinRoyds earned 125 total points
ID: 11979506
Vico I totally disagree with you when you say don't bother about port 3389, if you actually read carefully about what I stated it does say to RESTRICT ACCESS to this port TO CERTAIN IP ADDRESSES ONLY (as in the network ip of  ArtemisConsultants) , that kinda blows your whole theory out of the window. In this case no one other than  ArtemisConsultants would have access to it, AND if you use a VPN it is the MOST SECURE OPTION AVAILABLE. And where is the difference between using port 4125 or 3389, when 4125 the DEFAULT PORT for Remote work web workplace is just as well known as port 3389 .if you really wanted to add to security you would change the port numbers to something random.

I hope this is a bit of a lesson in security for you.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now