Is possible to secure remote desktop access to server 2008 by a remote computer to be secure through VPN ?

I want a couple of my  friends to remote to a windows server 2008. The server is not a domain controller therefore I can not setup them up on a domain, add certificates or use group policy.
I want to secure their remote access from their workstation. My friends have a apple snow os mac and windows 7 os pc.

Note, on the server I have three nics. I have a static public nic and another nic connected to another network (wireless router for my private network). The last nic is not being  used . I am thinking (if I could) use the third nic to give out dhcp ip address for the VPN.

Is it possible to use VPN to connect to the network if I create a remote and access role to create a secure remote desktop connection with a windows server 2008 SP2?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What do you mean by 'secure'. RDP connections are encrypted and authentication uses username/password by default. If you run RDP inside a VPN connection you are just encrypting twice and reusing the same username/password combination. Using a VPN will expose your network to greater risk because malware on the VPN clients can attack your network. There isn't as much of an attack vector over RDP, though files can get copied.

Have you considered using remote desktop gateway? It is like a VPN just for RDP sessions.
Yes, if you used a VPN then it always secure and you can access your remote PC's from Windows Remote Desktop or any other remote admin tools. But before you access them make sure that remote end PC or Servers are allowed to access through Remotely.
jeamrotaeAuthor Commented:
i thought when I use remote desktop and enter username and password, I expose information cleartext over the internet
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

If you use a VPN with encryption, your cleartext RDP login will be encrypted by the VPN tunnel itself.

So while the RDP components are not encrypted, the VPN tunnel takes care of that for you.

-Cheers, Peter.
RDP connections are encrypted. They use 128 bit encryption, and you can disable weaker encryption that is available for older clients.

Make sure that your users have a strong password, because there is a worm that spreads by using a dictionary attack to logon to RDP servers. This is a vulnerability in the RDP protocol, but rather an attack against weak passwords. Worms could use the same technique against VPNs, web pages, OWA, ftp servers, SSH hosts, etc.  
jeamrotaeAuthor Commented:
I am getting confuse. Please help. Which is better to use with apple mac snow and windows 7, RDP with VPN or RDP without VPN for better security/password protection?
The RDP stream is encrypted either way. Using a VPN can make your NETWORK more vulnerable because it is the same as if you take your friends' computers and put them on your network without any firewalls. If you use a weak VPN method, such as PPTP you also risk having the credentials stolen by someone who sniffs the traffic (the risk isn't high, but it is there).

My recommendation is to just forward the RDP traffic to your server, or install RD Gateway and use that to protect your RDP server. I think that using a weak VPN increases your risks.
jeamrotaeAuthor Commented:
If I install RD gateway, do I need a license and if I don't, can i install RD Gateway and my friends can RDP to the server without them being part of a domain?

Note: Before my friends would know my ip address (isp) and just remote in (i trust them). I have no domain/ domain controller installed. Recently I found out that this is security risk that is why I thought of VPN but since that is not wise. What do you suggest?
I am not sure that you can use RD Gateway without a domain. Having a domain doesn't inherently make things more secure. You would still be using a username and password. It would still be encrypted. A domain gives you access to other services, but it doesn't add encryption, or somehow make passwords better.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jeamrotaeAuthor Commented:
If RD gateway does not need a domain to be installed then this would be good because my friends are not part of any domain. They just use there computers as regular work stations/laptops.

Do you know if I need a license to installed RD gateway?
Your friends wouldn't need to be part of the domain. Your servers do.

The RD Gateway role doesn't require additional licensing, but you do need to have Windows CALs and RDP CALs for your friends. This is independent of using RD Gateway.
jeamrotaeAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.