Setting up Remote Access in Windows 2003 Server

Posted on 2007-10-17
Last Modified: 2013-11-21
Hi all,

I want to set up Remote Access for staff and students to access their documents from home, however I am not sure which server I need to put it on! I have 2 servers for students data and profiles, 1 main server for staff data and profiles and also 1 other server that contains both staff and student data, which is like an archive / video server. Would I need to set up remote access on all of these servers or just my Domain Controller, or a new server altogether. Sorry to sound so primitive in my question, but all the documentation states how to do it, it just doesn't state on which server to put it on!

Thanks in advance

Question by:brookesm
    LVL 9

    Expert Comment

    All of this can be accomplished by having your remote users connect back to the main office via a VPN conection.
    Your firewall should have that ability and if not, Windows 2003 has that abiltity.

    Once the user connects the VPN he/she shoudl be able to use all the same network functions that are available to them while physically at the main office location.  

    Here is an artcile on configure RAS for Windows 2003.
    LVL 1

    Author Comment

    If I do it using windows server 2003, which server do I have to set it up on?
    LVL 31

    Accepted Solution

    VPN is a double edge sword. When the connection is established the computer becomes a node on the network and if you have no control over this computer (meaning if you do not know/guarantee they have antivirus, are patched, worm free, etc) this may end up attacking/infecting your network.
    In this case it is much better to setup a terminal server for your users that need remote access to applications.
    The basics are very simple:
    1. Install a new server with Windows 2003.
    2. After the install go to Control Panel | Add/Remove Programs | Windows Components and select 'Terminal Services'. Do not worry at this stage about 'Terminal Services Licensing'. You will have 120 days to install this and another 90 days after it is installed to purchase/install Terminal Services Client Access Licenses (TSCALs as we call them). Note that you can install the Terminal Services Licensing on the TS itself or on your domain controller. Just keep this in the back of your mind that you will need to have that installed and with licenses within 210 days.
    3. Once Terminal Services get installed it will ask for a reboot. Reboot.
    4. Make the TS part of your domain.
    5. On the TS, logon to it and go to computer management. Under Local Users and Groups find the 'Remote Desktop Users' group. Add the users you want to access the TS to that group. I would go to the domain controller and create a group called 'TS Users' and all the users you need there. Then just add the 'TS Users' group to the local TS group mentioned above.
    6. Now logon to the TS and install applications on it always using Control Panel | Add/Remove Programs.
    7. Configure your firewall to do a port mapping on the external IP address, port TCP 3389 to go to the TS internal IP, port 3389.
    8. Give the external IP address to your users and tell them to use the Remote Desktop Client software (from Microsoft, part of Windows XP). They can run it by simply typing MSTSC on their Windows XP PCs. Once they launch it they just type the external IP and they will see the logon screen!

    Optional steps:
    1. Create an OU on your domain called Terminal Servers.
    2. Move the TS you just created to that OU.
    3. Create a group policy at that OU level to lockdown/restrict what your users do. Make sure you DENY the policy to administrators, REMOVE 'Authenticated Users' from it and ADD 'TS Users' (the group you created above) and the TS computer object itself.
    4. Enable 'Loopback Processing Mode' in the policy itself (check Google).
    5. Configure the policy to lock down all you want (so users cannot screw up the TS).

    Hope this helps.

    Cláudio Rodrigues
    Microsoft MVP
    Windows Server - Terminal Services

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
    I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now