How do I allow remote users into Window 2000 server setup as a workgroup without AD installed?

stpetetech
stpetetech used Ask the Experts™
on
Hello,

  We have a Wndows 2000 Server with SP4, setup as a workgroup(so Active directory is not installed).
We are looking to have remote users connect to access Outlook and some Word/Excel Docs etc...VIA RDP or VPN

Do we have to create a domain and install AD to do this? Also, how would we setup the remote acess? We would like the users to be able to Remote desktop into this box. It is connected to the internet via a wireles router using DSL. This is  home based business...

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You do not need AD.  But with Windows 2000 server, you will need to install and license Terminal services and terminal server licensing.  You would also need to open the RDP port inbound to that server on the router.
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
You'll need to install terminal services on the server but I'm not sure you can still get terminal server licenses for 2000 anymore. When you install terminal services it will allow 2 concurrent administrative sessions and deny the 3rd attempt at simultaneous login. If you can come up with some terminal services licenses you can use RDP for all your clients. It will most likely work for 160 days with the initial install before it starts looking for licenses.

Author

Commented:
We also need to allow certain users only certain accesses to files/programs..
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
You can achieve that with specific NTFS permissions using the built-in accounts and groups. The users will need to be members of the remote desktop users group.

Author

Commented:
If AD is not installed how would I access these built in accounts and groups
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
right click on My Computer and go to Manage to access users and groups.

Author

Commented:
The remote desktop users group is not listed under groups...

Author

Commented:
When I setup routing and remote access, I lose internet connectivity to the server unless I delete the remote connctions icon in network connectons.

Author

Commented:
Actually, the incoming connections icon
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
If you don't have terminal services installed it may not include that group.

to setup RRAS when you only have a single nic you need to choose custom configuration when setting it up. Check this article : http://blogs.technet.com/rrasblog/archive/2006/06/19/437171.aspx

Author

Commented:
If we are not able to get licenses, is there a third party util that will work? Or can we achieve some of the file sharing/connectivity with VPN?

Author

Commented:
So, would this work?

Windows 2000 Terminal Server 5 User CALs only
 
Yes, that is what you would need to have up to 5 users use your 2000 server as a terminal server.  You would add that as a license to your terminal service license server - where ever you installed that.  You do not need to do this immediately however,  MS gives you a like 30 or 90 days to install it before it start to prohibit terminal sessions to the server.

Author

Commented:
Great, thank you. I still get "When I setup routing and remote access, I lose internet connectivity to the server unless I delete the incoming connections icon. Maybe this is configured incorrectly?

Author

Commented:
Do both NIC's need to be configured? there is one that is disabled. it is only for a handful of remote users...

Author

Commented:
I got the Cal 5 license pack installed but still cannot access the server via RDP. The server is set with a static IP, and port forwarding is set in the router.
Britt ThompsonSr. Systems Engineer
Top Expert 2009
Commented:
from a machine outside of the network can you go to a command line and type :

telnet yourserverip.com 3389

Does it connect or fail? If it's not connecting, and assuming you have the port forwards setup correctly, your listening port may have been changed from the default : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber


Can you connect from inside the office to the private IP of the server? Keep the other NIC disabled, it's not required for this to work.

Did you check the article I sent on how to setup RRAS on a single NIC?

Author

Commented:
IIs is not setup and this ia workgroup, so I typed in telnet IP 3389
The cursor blinks for 20-30 seconds then goes back to the prompt, I am guessing that is a failure?

I did check the article you sent, but I never saw the custom confguration option. This server had been used by a different company before with Citrix( I just found out), we got the licesnses updated, but I am not sure what else they changed from a standard configuration. I have been doing this work mostly remotely via showmypc.com so I am not 100% sure if I can rdp from inside. I will check that reg key out.

Author

Commented:
The Reg key is 3389, I am thinking the telnet works, but I can still not RDP. When they try to RDP to it internally it says: The remote computer disconnected the session because of an error in the licensing protocol. It says the licensing pack (CAL) was installed successfully, I am confused.

Author

Commented:
Would this be a problem if IIs is configured? The guy there(from a local laptop)
put in: computer.MCSPRO.com and got to a login prompt. MCSPRO is the computer nameof the server.

Author

Commented:
Now when I type:  telnet 71.180.201.5 3389 I get:

Connecting To 71.180.201.5...Could not open connection to the host, on port 3389: Connect failed

Author

Commented:
C:\Documents and Settings\Administrator>netstat -p TCP

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    MCSPRO:1067            MCSPRO.MCSPRO:6900     ESTABLISHED
  TCP    MCSPRO:1068            MCSPRO.MCSPRO:31414    ESTABLISHED
  TCP    MCSPRO:1114            MCSPRO.MCSPRO:31413    CLOSE_WAIT
  TCP    MCSPRO:6900            MCSPRO.MCSPRO:1067     ESTABLISHED
  TCP    MCSPRO:31413           MCSPRO.MCSPRO:1114     FIN_WAIT_2
  TCP    MCSPRO:31414           MCSPRO.MCSPRO:1068     ESTABLISHED
  TCP    MCSPRO:1049            server.hakim-group.com:https  ESTABLISHED

Author

Commented:
BTW i am still getting The remote computer disconnected the session because of an error in the licensing protocol
The licensing Server had the wrong name in the registry, mystery solved. thank you all!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial