Access Windows 2012 R2 Server Remotely (configuration)

Katrach0
Katrach0 used Ask the Experts™
on
Would like to know how to access a Windows 2012 R2 server remotely with a static IP without using Cisco VPN. We have a external IP with our ISP, not sure if Windows Direct Access or Windows Remote Desktop Services is the solution?

Any ideas how can I access the server from outside using only Windows remote desktop?

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
enable remote desktop in control/panel system

Suggest changing the default port from 3389 via this registry change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp change the portnumber dword 32bit to the desired port.

in your firewall forward the port you specified above from wan tcp/udp to the same port to the internal ip of the machines local ip address.
yo_beeDirector of Information Technology

Commented:
This is not a very secure practice and not recommended.
Not sure what brand or level firewall you have.  
You need to setup a NAT for the Public IP to the Internal IP  (208.34.25.103 --> 192.168.1.100)  and you may have to setup port forwarding.

If you do this you need to make sure your firewall only allows from specific IP to the destination.
kevinhsiehNetwork Engineer

Commented:
Most important thing is to have long, string passwords and account lockout enabled. There are many documented ransomware attacks against servers with open RDP and weak passwords without account lockout.

I would also highly suggest 2 factor authentication such as Duo. For a limited number of users, it is free or low cost.

Now that we have handled authentication, let's look at most secure to least secure method.

Most secure would be to setup RD Gateway. It required RDP CALs. Next best option is VPN, which you are trying to avoid. Next less secure option is port forwarding to a custom RDP port. Finally, least secure is port forwarding to default port 3389.

I would not do anything without a long and strong password policy with account lockout. 2 factor significantly improves security.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Katrach0System Admin

Author

Commented:
Wonder how this works, "Most secure would be to setup RD Gateway. It required RDP CALs. "
Top Expert 2016

Commented:
The gateway authenticates the user before RDS connection and it is on port 80 which is a less desirable attack port (attackers think it is just a low value website vs a high value access to a computer via rdp
kevinhsiehNetwork Engineer

Commented:
RD Gateway is over 443, not 80. It encapsulates all RDP traffic over TLS (SSL).

Commented:
you can access directly ...just put the public ip on the server and access it from any where in the world remotely..... as its a windows 2012 server

security is other thing.... if you are concirning about security so you have to check the vivid options  

all the bst
Katrach0System Admin

Author

Commented:
"Most secure would be to setup RD Gateway. It required RDP CALs. 

Do you guys have a lead on how to set this option up?

Thank you everyone.
Katrach0System Admin

Author

Commented:
Got it, thanks, everyone. Will work on this and keep you posted if it worked with what I have.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial