Access Windows 2012 R2 Server Remotely (configuration)

Would like to know how to access a Windows 2012 R2 server remotely with a static IP without using Cisco VPN. We have a external IP with our ISP, not sure if Windows Direct Access or Windows Remote Desktop Services is the solution?

Any ideas how can I access the server from outside using only Windows remote desktop?

Thanks.
Katrach0System AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
enable remote desktop in control/panel system

Suggest changing the default port from 3389 via this registry change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp change the portnumber dword 32bit to the desired port.

in your firewall forward the port you specified above from wan tcp/udp to the same port to the internal ip of the machines local ip address.
yo_beeDirector of Information TechnologyCommented:
This is not a very secure practice and not recommended.
Not sure what brand or level firewall you have.  
You need to setup a NAT for the Public IP to the Internal IP  (208.34.25.103 --> 192.168.1.100)  and you may have to setup port forwarding.

If you do this you need to make sure your firewall only allows from specific IP to the destination.
kevinhsiehCommented:
Most important thing is to have long, string passwords and account lockout enabled. There are many documented ransomware attacks against servers with open RDP and weak passwords without account lockout.

I would also highly suggest 2 factor authentication such as Duo. For a limited number of users, it is free or low cost.

Now that we have handled authentication, let's look at most secure to least secure method.

Most secure would be to setup RD Gateway. It required RDP CALs. Next best option is VPN, which you are trying to avoid. Next less secure option is port forwarding to a custom RDP port. Finally, least secure is port forwarding to default port 3389.

I would not do anything without a long and strong password policy with account lockout. 2 factor significantly improves security.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Katrach0System AdminAuthor Commented:
Wonder how this works, "Most secure would be to setup RD Gateway. It required RDP CALs. "
David Johnson, CD, MVPOwnerCommented:
The gateway authenticates the user before RDS connection and it is on port 80 which is a less desirable attack port (attackers think it is just a low value website vs a high value access to a computer via rdp
kevinhsiehCommented:
RD Gateway is over 443, not 80. It encapsulates all RDP traffic over TLS (SSL).
Sajid Shaik MSystem AdminCommented:
you can access directly ...just put the public ip on the server and access it from any where in the world remotely..... as its a windows 2012 server

security is other thing.... if you are concirning about security so you have to check the vivid options  

all the bst
Katrach0System AdminAuthor Commented:
"Most secure would be to setup RD Gateway. It required RDP CALs. 

Do you guys have a lead on how to set this option up?

Thank you everyone.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Katrach0System AdminAuthor Commented:
Got it, thanks, everyone. Will work on this and keep you posted if it worked with what I have.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.