Link to home
Start Free TrialLog in
Avatar of Lizandro Diaz
Lizandro DiazFlag for United States of America

asked on

Access Windows 2012 R2 Server Remotely (configuration)

Would like to know how to access a Windows 2012 R2 server remotely with a static IP without using Cisco VPN. We have a external IP with our ISP, not sure if Windows Direct Access or Windows Remote Desktop Services is the solution?

Any ideas how can I access the server from outside using only Windows remote desktop?

Thanks.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

enable remote desktop in control/panel system

Suggest changing the default port from 3389 via this registry change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp change the portnumber dword 32bit to the desired port.

in your firewall forward the port you specified above from wan tcp/udp to the same port to the internal ip of the machines local ip address.
This is not a very secure practice and not recommended.
Not sure what brand or level firewall you have.  
You need to setup a NAT for the Public IP to the Internal IP  (208.34.25.103 --> 192.168.1.100)  and you may have to setup port forwarding.

If you do this you need to make sure your firewall only allows from specific IP to the destination.
Most important thing is to have long, string passwords and account lockout enabled. There are many documented ransomware attacks against servers with open RDP and weak passwords without account lockout.

I would also highly suggest 2 factor authentication such as Duo. For a limited number of users, it is free or low cost.

Now that we have handled authentication, let's look at most secure to least secure method.

Most secure would be to setup RD Gateway. It required RDP CALs. Next best option is VPN, which you are trying to avoid. Next less secure option is port forwarding to a custom RDP port. Finally, least secure is port forwarding to default port 3389.

I would not do anything without a long and strong password policy with account lockout. 2 factor significantly improves security.
Avatar of Lizandro Diaz

ASKER

Wonder how this works, "Most secure would be to setup RD Gateway. It required RDP CALs. "
The gateway authenticates the user before RDS connection and it is on port 80 which is a less desirable attack port (attackers think it is just a low value website vs a high value access to a computer via rdp
RD Gateway is over 443, not 80. It encapsulates all RDP traffic over TLS (SSL).
you can access directly ...just put the public ip on the server and access it from any where in the world remotely..... as its a windows 2012 server

security is other thing.... if you are concirning about security so you have to check the vivid options  

all the bst
"Most secure would be to setup RD Gateway. It required RDP CALs. 

Do you guys have a lead on how to set this option up?

Thank you everyone.
ASKER CERTIFIED SOLUTION
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Got it, thanks, everyone. Will work on this and keep you posted if it worked with what I have.