Avatar of Katrach0
Katrach0
Flag for United States of America asked on

Access Windows 2012 R2 Server Remotely (configuration)

Would like to know how to access a Windows 2012 R2 server remotely with a static IP without using Cisco VPN. We have a external IP with our ISP, not sure if Windows Direct Access or Windows Remote Desktop Services is the solution?

Any ideas how can I access the server from outside using only Windows remote desktop?

Thanks.
Remote AccessWindows OSWindows Server 2012

Avatar of undefined
Last Comment
Katrach0

8/22/2022 - Mon
David Johnson, CD

enable remote desktop in control/panel system

Suggest changing the default port from 3389 via this registry change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp change the portnumber dword 32bit to the desired port.

in your firewall forward the port you specified above from wan tcp/udp to the same port to the internal ip of the machines local ip address.
yo_bee

This is not a very secure practice and not recommended.
Not sure what brand or level firewall you have.  
You need to setup a NAT for the Public IP to the Internal IP  (208.34.25.103 --> 192.168.1.100)  and you may have to setup port forwarding.

If you do this you need to make sure your firewall only allows from specific IP to the destination.
kevinhsieh

Most important thing is to have long, string passwords and account lockout enabled. There are many documented ransomware attacks against servers with open RDP and weak passwords without account lockout.

I would also highly suggest 2 factor authentication such as Duo. For a limited number of users, it is free or low cost.

Now that we have handled authentication, let's look at most secure to least secure method.

Most secure would be to setup RD Gateway. It required RDP CALs. Next best option is VPN, which you are trying to avoid. Next less secure option is port forwarding to a custom RDP port. Finally, least secure is port forwarding to default port 3389.

I would not do anything without a long and strong password policy with account lockout. 2 factor significantly improves security.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Katrach0

ASKER
Wonder how this works, "Most secure would be to setup RD Gateway. It required RDP CALs. "
David Johnson, CD

The gateway authenticates the user before RDS connection and it is on port 80 which is a less desirable attack port (attackers think it is just a low value website vs a high value access to a computer via rdp
kevinhsieh

RD Gateway is over 443, not 80. It encapsulates all RDP traffic over TLS (SSL).
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Sajid Shaik M

you can access directly ...just put the public ip on the server and access it from any where in the world remotely..... as its a windows 2012 server

security is other thing.... if you are concirning about security so you have to check the vivid options  

all the bst
Katrach0

ASKER
"Most secure would be to setup RD Gateway. It required RDP CALs. 

Do you guys have a lead on how to set this option up?

Thank you everyone.
ASKER CERTIFIED SOLUTION
kevinhsieh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Katrach0

ASKER
Got it, thanks, everyone. Will work on this and keep you posted if it worked with what I have.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy