I apologize as I should know this, but I am trying to make sure. I just purchased Windows Server 2016 Standard, but I have been running a domain on SBS 2008. It is called TS on SBS 2008, but I believe it is now RDS and RD.
I would think that using a client/server domain with a gateway for RDP connections that can then connect to the various clients would eliminate depending on the router, using port 3389 and port redirection. Of course, you can change the default port, but you would still have a port which is open that hackers could attack using brute force.
One person not on EE has told me that by using Group Policy settings locally and apply network authentication, etc, it will be just as secure. He argues that you can use 3389 as long as your security and encryption settings are set up correctly on the local computers, specifically the client encryption level.
I am of the belief that I can use the gateway along with using a certificate that gives me SSL using port 443. Finally, would you have to use a server OS to have a TS or RD Gateway or can one be made on Win 7 or Win 10? And, is a domain more secure than a workgroup on a client/server setup?
Finally, given all that, would GoToMyPC be more secure than either one of the above?