Avatar of Omegaman55
Omegaman55 asked on

Needing a solution to RDP and remote clients

I'm hoping I can get some sound (and hopefully simple) solutions to this problem.  I have inherited a client who recently migrated their server to SBS 2011.  They have since terminated their relationship with the company who did their support and migration.  I will preface this scenario with the fact that -- yes, Server Standard should have been installed instead of SBS 2011.  That said, here's what they have:

Windows SBS 2011 on a rackmount server with a modest Xeon processor and 32 GB of RAM, RAID 5 with plenty of storage.  Three clients (local) need to have an active RDP session on the server running on their client PCs simultaneously.  This is to access proprietary software which is run on the server tied to its database.  Additionally, they have an important remote client who needs to a) access his files (excel, word documents) and b) be able to run and access his Sage ACT! database remotely (whether he runs the ACT! locally or from the server).  The customer has 25 CALs (enough to include the 3 RDP clients and the remote client).  The only other caveat is that the customer is in a very rural location and only has access to a T1 (~1.5 Mb down), thus bandwidth is an issue.  

Obviously, RWW would be a simple solution for accessing the remote client's files, but doesn't solve having access to the Sage ACT! database.

Without buying expensive hardware (2nd RDS server, etc.) what are some viable options to accomplish the above needs of the client as I've described above?  The customer has already spent a fortune getting the migration done, so I don't want to give them any solutions with a sticker shock.
Microsoft Server OSRemote AccessSBS

Avatar of undefined
Last Comment

8/22/2022 - Mon

I would buy 5 RD CALs and allow the 3 internal users + 1 external user to access the server via RD.
GPOs should be set in order to limit user's capabilities on the server (hide C: drive and things like that).

All the customer has to spend is:
a. The 5 RD CALs,
b. The time needed to set GPOs and test everything,

If the external user uses low resolution (1024x768) and low color depth (15/16 bit) even a 1.5Mb will work fine. You posted the DOWN bandwidth. Please post the UP bandwidth as well.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Yes - a RDP server / terminal server would suit you best - either physically or virtually.
For three users you could really do it with a basic i7/16Gb System it doesn't have to be expensive. - you could virtualize later.
This will get the users OFF the file server which is never a good idea.
Don't be confused by the first solution offered - SBS2011 users must be admins to remote to the server - it will cost you a lot of time to try and lock down the risks.


"...SBS2011 users must be admins to remote to the server..."

This is FALSE!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
David Johnson, CD

This will get the users OFF the file server which is never a good idea.  With SBS you are kind of stuck, if you want to stay with the cheap, all in one solution, run the wizards, type of operation that SBS is .

You didn't say which version of SBS 2011 (Essentials or Standard?)

Cheaper to set up a VPN into the network http://blog.ronnypot.nl/?p=693.  RDP is not really an option without spending a fair bunch of change, (RDP CAL's, additional hardware, Premium Add on, need I go on to add the Terminal Services (remote desktop services) function).

With the VPN you just access the file shares as required as if you were located on the lan in the office..

Thanks for the responses so far.  The version is SBS 2011 Standard.  No they haven't purchased the Premium add-on pack.

I understand running the VPN for the remote client, but a VPN won't get me the third RDP session I need, unless I go with a second server.

What are my options for virtualization? I didn't think SBS would run Hyper-V so then do I need to go with a third party VM solution?

I agree allowing users admin access to the file system is not ideal at all and it is currently an on-going discussion with the client, however, we are stuck with what we have for now until they can make more decisions regarding new hardware/software.  It's not the best decision but it's what I (we) have to work with right now.

I seem to see conflicting comments regarding whether or not SBS 2011 can support TS CALs, etc.  I was under the impression that SBS isn't built for that.  Are you guys referring to third party software to accomplish this or some server hack?

I think I agree that the VPN solution is probably the best solution right now for the remote client, however, I still seem confused or undecided on the best RDP session solution for the customer.  Any and all further input would be appreicated.  Thanks to those who have responded thus far.
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

if you can get the app to run on a workstation then you are halfway there - this should be your first priority as it will open up choices for you. It may be a little slower but if it works then you can address the speed later.
Then you can use RWW to give access to a spare PC for the really remote user to run the app, and the two local users can run it as they should from their workstations.
What app is it - I bet someone on here knows how to make it work from a share rather than straight off C:
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
David Johnson, CD

Then you can use RWW to give access to a spare PC for the really remote user to run the app, and the two local users can run it as they should from their workstations.  Substitute RDP for RWW and then I'd agree with you.. (I see an echo here)

Read my lips, SBS does not support Terminal Services as Session Host is disabled in SBS 2011 Standard (An RD Session host server is the server that’s hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients). To implement Remote Desktop Services with Session Host, you would need to add another server to the domain running either the SBS 2011 Premium Add-on or Windows Server 2008 or 2008 R2 and acquire RDS CAL’s for either users or devices.

Q. Do I require RDS Cal’s to access the SBS 2011 Server using RDS Admin Mode?
A. No, SBS 2011 provides you 2 connections via RDS Admin mode to remotely administer your server.

source: http://social.technet.microsoft.com/Forums/en-US/67fe9e9b-9dd1-4aae-8c66-4fab7ac6d287/remote-desktop-services-terminal-services-licenses-on-sbs-2011

Remote web Workplace (RWW) in sbs2011 will provide a neat little console to let you RDP through to a workstation. So a spare PC can be used to allow 1 user to connect, or a terminal server will allow multiple, and both can be easily accessed via the RWW webpage.

I agree the SBS server will not allow you any more than 2 connections as admins which is messy - but can help out on very odd occasions  - it can even be tidy to setup a rdp client that runs the app straight away to really hide that it is an admin on the server. But still not the solution for the third user.

We need the original asker to talk about the app!
VPN may work - but databases particularly nonsql ones, can be very crappy over VPN. Remote Control of a PC will often be faster and less likely to corrupt data if the connection drops.