jjoz
asked on
How to enable secure Remote Desktop access from the internet using Windows 2008 ?
To All Windows Server Expert,
I wonder if Windows Server 2008 does have the capability for me to secure port 3389 that i open for remote desktop using internet.
What security measure should i put in place to allow me securely access my Windows Server 2008 from home.
Thanks.
I wonder if Windows Server 2008 does have the capability for me to secure port 3389 that i open for remote desktop using internet.
What security measure should i put in place to allow me securely access my Windows Server 2008 from home.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
wow, that sounds scary for the wrong configuration ;-|
but that's a good idea to setup an enterprise CA service for the Windows 2008 server and then importing the .cer file into my workstation which will access the server.
I'll try that over the weekend and see how it goes.
but that's a good idea to setup an enterprise CA service for the Windows 2008 server and then importing the .cer file into my workstation which will access the server.
I'll try that over the weekend and see how it goes.
If you think that's scary, we went with a smartcard authenticated session riding on a certificate encrypted tunnel!
The new Terminal Services Gateway feature, introduced in Server 2008, is what you need. This enables users to launch sessions via an encrypted HTTPS channel to the Server 2008 box, which then proxies them to the back-end Terminal Server.
A TS Gateway can be deployed directly on the Terminal Server, or as it is intended, it can be deployed on a dedicated server into the DMZ.
-Matt
ASKER
wow, that is very great idea in utilizing the built in features of Windows Server 2008.
If I'd like to implement it into a virtualized box, can I deploy it together with the ISA Server 2006 Std ?
HomeProject.jpg
If I'd like to implement it into a virtualized box, can I deploy it together with the ISA Server 2006 Std ?
HomeProject.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks Matt,
I shall now run Windows Server 2008 Std. x86 TS Gateway + ISA Server 2006 so that i can securely publish my port 389 to the ADSL2+ modem.
I shall now run Windows Server 2008 Std. x86 TS Gateway + ISA Server 2006 so that i can securely publish my port 389 to the ADSL2+ modem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, so it is quite simple then for this matter,
port 443 (as the RDP published by the ISA Server will be going through this port)
port 80 - website
port 25 - mail traffic
yes, it all make sense.
port 443 (as the RDP published by the ISA Server will be going through this port)
port 80 - website
port 25 - mail traffic
yes, it all make sense.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the response guys.
ASKER
I'll have a look into using TightVNC Enterprise.
Paka,
using IPSEC tunnel with certificate, is it possible for me to use my current SSL certificate ?