• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Setting up Remote Access in Windows 2003 Server

Hi all,

I want to set up Remote Access for staff and students to access their documents from home, however I am not sure which server I need to put it on! I have 2 servers for students data and profiles, 1 main server for staff data and profiles and also 1 other server that contains both staff and student data, which is like an archive / video server. Would I need to set up remote access on all of these servers or just my Domain Controller, or a new server altogether. Sorry to sound so primitive in my question, but all the documentation states how to do it, it just doesn't state on which server to put it on!

Thanks in advance

1 Solution
All of this can be accomplished by having your remote users connect back to the main office via a VPN conection.
Your firewall should have that ability and if not, Windows 2003 has that abiltity.

Once the user connects the VPN he/she shoudl be able to use all the same network functions that are available to them while physically at the main office location.  

Here is an artcile on configure RAS for Windows 2003.
brookesmAuthor Commented:
If I do it using windows server 2003, which server do I have to set it up on?
Cláudio RodriguesFounder and CEOCommented:
VPN is a double edge sword. When the connection is established the computer becomes a node on the network and if you have no control over this computer (meaning if you do not know/guarantee they have antivirus, are patched, worm free, etc) this may end up attacking/infecting your network.
In this case it is much better to setup a terminal server for your users that need remote access to applications.
The basics are very simple:
1. Install a new server with Windows 2003.
2. After the install go to Control Panel | Add/Remove Programs | Windows Components and select 'Terminal Services'. Do not worry at this stage about 'Terminal Services Licensing'. You will have 120 days to install this and another 90 days after it is installed to purchase/install Terminal Services Client Access Licenses (TSCALs as we call them). Note that you can install the Terminal Services Licensing on the TS itself or on your domain controller. Just keep this in the back of your mind that you will need to have that installed and with licenses within 210 days.
3. Once Terminal Services get installed it will ask for a reboot. Reboot.
4. Make the TS part of your domain.
5. On the TS, logon to it and go to computer management. Under Local Users and Groups find the 'Remote Desktop Users' group. Add the users you want to access the TS to that group. I would go to the domain controller and create a group called 'TS Users' and all the users you need there. Then just add the 'TS Users' group to the local TS group mentioned above.
6. Now logon to the TS and install applications on it always using Control Panel | Add/Remove Programs.
7. Configure your firewall to do a port mapping on the external IP address, port TCP 3389 to go to the TS internal IP, port 3389.
8. Give the external IP address to your users and tell them to use the Remote Desktop Client software (from Microsoft, part of Windows XP). They can run it by simply typing MSTSC on their Windows XP PCs. Once they launch it they just type the external IP and they will see the logon screen!

Optional steps:
1. Create an OU on your domain called Terminal Servers.
2. Move the TS you just created to that OU.
3. Create a group policy at that OU level to lockdown/restrict what your users do. Make sure you DENY the policy to administrators, REMOVE 'Authenticated Users' from it and ADD 'TS Users' (the group you created above) and the TS computer object itself.
4. Enable 'Loopback Processing Mode' in the policy itself (check Google).
5. Configure the policy to lock down all you want (so users cannot screw up the TS).

Hope this helps.

Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now