Avatar of cmdolcet
cmdolcet
Flag for United States of America asked on

Accesing Pc's from outside a network.

I have a user that would like to log onto a PC inside or network from outside. Do I just need to setup him up with a user account and let him use the RDP connection?

I am unfamiliar with the setup.
Windows Server 2012

Avatar of undefined
Last Comment
Lee W, MVP

8/22/2022 - Mon
pjam

They will need a VPN connection such as AT&T global network client and a RSA token.
Then they can RDP
cmdolcet

ASKER
pJam....when you talk about this.... you mean they need to be hooked up to the internet correct?
pjam

Yes but they need to have a tunnel to your network.  You computers are probably on private IP numbers such as 10.x.x.x or 192.168.1.x while they are on their ISP's IP number.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
cmdolcet

ASKER
pJam yes correct...so who would setup that tunnel? me or them. I have a user account all setup thy can use.. but how do you set that up?
David Johnson, CD

you have a public ip address that the world knows.. typically one has more than 1 machine that uses this public ip. via a router. so you have to add a NAT (network address translation) rule which will route a protocol (tcp or udp or both) and a port from outside to an ip address on the inside. i.e. RDP to 192.168.0.100
public ip (24.12.34.56) -> tcp request on port 3389 -> router -> 192.168.0.100 (machine that will use RDP
the machine with ip 192.168.0.100 will then authenticate the username and password, local firewall rule to allow tcp port 3389

creating a vpn requires more work._
ASKER CERTIFIED SOLUTION
Lee W, MVP

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
cmdolcet

ASKER
Lee W I suggested that however they said this was industry standard and using GoToMyPC or Webex or Join.me or anything like that would take longer.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Lee W, MVP

Well, whoever they are should be fired if they have ANY critical data they want to protect and keep people out of the network.  Tell them if they aren't concerned about the security risks, just remove the  antiviirus while they're at it - since AV requires resources and firewall is all they need.

And when they look at you like you're an idiot for even suggesting it, tell them it's very similar to poking holes in the firewall / router to allow RDP and TSGrinder attacks.  IF you do this foolish thing, check your event logs - you'll start being hit daily with massive amounts of bad logins for accounts that don't exist... and HOPEFULLY, they guess RIGHT!
Lee W, MVP

(Don't actually do that - but maybe print this and show them this post).