Accesing Pc's from outside a network.

I have a user that would like to log onto a PC inside or network from outside. Do I just need to setup him up with a user account and let him use the RDP connection?

I am unfamiliar with the setup.
cmdolcetAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pjamCommented:
They will need a VPN connection such as AT&T global network client and a RSA token.
Then they can RDP
cmdolcetAuthor Commented:
pJam....when you talk about this.... you mean they need to be hooked up to the internet correct?
pjamCommented:
Yes but they need to have a tunnel to your network.  You computers are probably on private IP numbers such as 10.x.x.x or 192.168.1.x while they are on their ISP's IP number.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

cmdolcetAuthor Commented:
pJam yes correct...so who would setup that tunnel? me or them. I have a user account all setup thy can use.. but how do you set that up?
David Johnson, CD, MVPOwnerCommented:
you have a public ip address that the world knows.. typically one has more than 1 machine that uses this public ip. via a router. so you have to add a NAT (network address translation) rule which will route a protocol (tcp or udp or both) and a port from outside to an ip address on the inside. i.e. RDP to 192.168.0.100
public ip (24.12.34.56) -> tcp request on port 3389 -> router -> 192.168.0.100 (machine that will use RDP
the machine with ip 192.168.0.100 will then authenticate the username and password, local firewall rule to allow tcp port 3389

creating a vpn requires more work._
Lee W, MVPTechnology and Business Process AdvisorCommented:
Creating a VPN does require more work... But it's also FAR more secure than forwarding your public IP (that opens you up to TSGrinder attacks).

You could also just have them get a subscription to GoToMyPC or similar service and let them connect with that.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cmdolcetAuthor Commented:
Lee W I suggested that however they said this was industry standard and using GoToMyPC or Webex or Join.me or anything like that would take longer.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Well, whoever they are should be fired if they have ANY critical data they want to protect and keep people out of the network.  Tell them if they aren't concerned about the security risks, just remove the  antiviirus while they're at it - since AV requires resources and firewall is all they need.

And when they look at you like you're an idiot for even suggesting it, tell them it's very similar to poking holes in the firewall / router to allow RDP and TSGrinder attacks.  IF you do this foolish thing, check your event logs - you'll start being hit daily with massive amounts of bad logins for accounts that don't exist... and HOPEFULLY, they guess RIGHT!
Lee W, MVPTechnology and Business Process AdvisorCommented:
(Don't actually do that - but maybe print this and show them this post).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.