We help IT Professionals succeed at work.

Access Windows 2012 R2 Server Remotely (configuration)

136 Views
Last Modified: 2018-10-19
Would like to know how to access a Windows 2012 R2 server remotely with a static IP without using Cisco VPN. We have a external IP with our ISP, not sure if Windows Direct Access or Windows Remote Desktop Services is the solution?

Any ideas how can I access the server from outside using only Windows remote desktop?

Thanks.
Comment
Watch Question

David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
enable remote desktop in control/panel system

Suggest changing the default port from 3389 via this registry change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp change the portnumber dword 32bit to the desired port.

in your firewall forward the port you specified above from wan tcp/udp to the same port to the internal ip of the machines local ip address.
yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
This is not a very secure practice and not recommended.
Not sure what brand or level firewall you have.  
You need to setup a NAT for the Public IP to the Internal IP  (208.34.25.103 --> 192.168.1.100)  and you may have to setup port forwarding.

If you do this you need to make sure your firewall only allows from specific IP to the destination.
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
Most important thing is to have long, string passwords and account lockout enabled. There are many documented ransomware attacks against servers with open RDP and weak passwords without account lockout.

I would also highly suggest 2 factor authentication such as Duo. For a limited number of users, it is free or low cost.

Now that we have handled authentication, let's look at most secure to least secure method.

Most secure would be to setup RD Gateway. It required RDP CALs. Next best option is VPN, which you are trying to avoid. Next less secure option is port forwarding to a custom RDP port. Finally, least secure is port forwarding to default port 3389.

I would not do anything without a long and strong password policy with account lockout. 2 factor significantly improves security.
Katrach0System Admin

Author

Commented:
Wonder how this works, "Most secure would be to setup RD Gateway. It required RDP CALs. "
David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The gateway authenticates the user before RDS connection and it is on port 80 which is a less desirable attack port (attackers think it is just a low value website vs a high value access to a computer via rdp
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
RD Gateway is over 443, not 80. It encapsulates all RDP traffic over TLS (SSL).
Sajid Shaik MSystem Admin
CERTIFIED EXPERT

Commented:
you can access directly ...just put the public ip on the server and access it from any where in the world remotely..... as its a windows 2012 server

security is other thing.... if you are concirning about security so you have to check the vivid options  

all the bst
Katrach0System Admin

Author

Commented:
"Most secure would be to setup RD Gateway. It required RDP CALs. 

Do you guys have a lead on how to set this option up?

Thank you everyone.
Network Engineer
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Katrach0System Admin

Author

Commented:
Got it, thanks, everyone. Will work on this and keep you posted if it worked with what I have.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions