Solved

Remote Desktop from outside of SBS to a machine inside of SBS - without VPN

Posted on 2006-11-13
6
358 Views
Last Modified: 2010-04-19
We have a machine that we would like to allow Remote Desktop access for.  The machine is in our SBS 2003 network.

Right now we can Remote Desktop directly to the machine as long as we are on another machine that is on our network (if we're on the network via VPN or via a direct connection, Remote Desktop works).

However, we would like to be able to give a client remote access to this machine - without them having to log onto our network or use VPN.

We've already setup the machine to listen for Remote Desktop connections via port 3390.

However, because our SBS machine uses 2 NICs, we cannot forward port 3390 directly to the machine from the router.  We can forward it to the SBS machine - and I assume there are some fairly simple settings to have SBS, in turn, forward it to the appropriate specific machine.

Can anyone help us provide the appropriate forwarding so that we can give Remote Desktop access to this machine from anywhere on the Internet?

Thanks.
0
Comment
Question by:crm_info
6 Comments
 
LVL 9

Expert Comment

by:JamesTX10
ID: 17930534
Hi crm_info,
Another option besides remote desktop is www.logmein.com. It handles all the connection issues for you.

JamesTX10
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 60 total points
ID: 17931920
My question is, WHY do you want to put a security hole like this into the network.  Give the client VPN access and direct them to use that.

Set the port back to 3389.  You didn't have to change it - and it's better to keep things consistent.

Now, if you insist on doing the unwise, go to the Routing and Remote Access Administrative Tool, expand ServerName, IP Routing, NAT/Basic Firewall, and then right click on the network adapter in the right column that is used for the internet connection (not the local connection).  On te window that appears, click "Services and Ports" tab, then click the Add button.  In that window, type in a description of the service, leave TCP as the protocol selected, and for the incoming port, select 3390, for the private IP, enter the IP of the workstation you want them to have access to, then enter port 3389 as the outgoing port (This is why you didn't have to change the port earlier - this translates it for you).  Click ok, make sure the service is selected with a check mark, and OK out.  That should do it.
0
 
LVL 10

Author Comment

by:crm_info
ID: 17932336
leew ... THANKS.

Can you tell me know to setup an outside client with a VPN connection to our network?  I'll need help on setting up the user login, and allowing the user to download the VPN client, etc.

I would like to do this without using up another license on our SBS machine.

I would also like to do this in such a way that they cannot access any machine except for the specific machine that I've given them permission for.

The only reasons why I might prefer to poke a security hole:
(1) Don't want to ask our clients to install software on their desktop
(2) Some of our clients have very secure systems that won't allow them to install other software and, even if it can be installed, they may not be able to run a VPN client on their machine
(3) I don't want to create additional users on our network (thus requiring additional licenses on our SBS machine ... unless I'm missing a way to create a login without using a license).

Thanks again for your help.  I'm optimistic that we'll be able to make the VPN work and would certainly prefer to have a more secure setup.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 60 total points
ID: 17932725
crm_info...

If you are providing a user access to a machine on your network, you are required to have a CAL for that user, or you can use DEVICE CALs and then you can have as many users as you like accessing various machines.  Either way, though, you cannot avoid the licensing issue.

Your clients don't have to install anything other than a small ActiveX script to allow remote desktops through Remote Web Workplace (http://sbsurl.com/rww).

RWW does not require the use of a VPN.  It only requires the ability to access a web page.

Allowing users to access your network without having the proper licenses is a violation of your licensing agreement.

Jeff
TechSoEasy
0
 
LVL 6

Assisted Solution

by:manicsquirrel
manicsquirrel earned 30 total points
ID: 17934710
CRM_Info:

Follows Jeff's advise above, however, you must also port forward TCP 4125 from your router to the SBS's external NIC for Remote Web Workplace to work.
0
 
LVL 10

Author Comment

by:crm_info
ID: 17937811
leew & TechSoEasy - thanks for the tips.  We'll either buy the extra licenses and use the recommended approach ... or we'll just take this particular machine off of the SBS network and put it on our "dev" network so we can provide access without requiring the additional SBS license.  I'll split the points between the two of you.

manicsquirrel - thanks for fine tuning of the feedback.  I'll also put a small portion of points towards your answer.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now