Remote Access





Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.

Share tech news, updates, or what's on your mind.

Sign up to Post


I have a question regarding remote users and security.

Which one is better or the standard way?

1. VPN and RDP to a inside computer
2. VPN without RDP, but more restrictions through ACLs.

What is the way to go? PS: We have extremely sensitive PII information.

Thank you in advance!

Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.


Having an issue on Server 2016 RDS servers where the start menu; action center etc do not work. Fail with error
"ActivateApplicationForContractByAppIdAsUserWithHost of the app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI for the Windows.Launch contract failed with Package could not be registered.."

Steps taken so far
re-register all windows apps - worked for a little while before failing again
Run through latest set of updates
sfc scan and repair
dsim repair
Test on cloned server excluded from group policies

I see this is a fairly common issue, but i havent seen a solution as yet.

any help would be greatly appreciated at this point
SSL certificate setupHi,
 I am setting up Anywhere Access in Windows Server 2016 Essentials. As you can see in the screenshot, I need to enter SSL Certificate for "".
 I have a few questions for this:
 (1) Can I have W2016 Essentials server to create a certificate like I was able to do in SBS2011?
 (2) If option (1) is not possible, where can I buy one cheap? (I know there is a free one out there, but I like to get one)
 (3) Since I am testing "Anywhere Access" on this test server/lab environment, I like to be able to re-assign SSL certificate (that I am going to buy) in production server in a week.
       Can I use SSL Certificate on this test server and use it in production server later?

Thanks for your help.
This may be a silly question but I'll feel better asking instead of just doing it.

I have just stood up my first RDS Server and have activated my RDS per user CAL using the RD Licensing Manager. Now when I went to the Deployment Overview and click on Tasks > Edit deployment properties and under RD Licensing I noticed that the Select the Remote Desktop licensing mode the Per User radio button was not checked.

I have done some testing by signing on with some test users and have no issues. Should I check the Per User or does it matter.Per User radio buttonLic Manager
I have a Windows 2012 R2 RDS farm and i've been asked to get usage and login stats for the farm. I haven't found much online other than using event logs. i'm hoping there's more than that i can do.

how can i do this and have good data? i know it'll have to be data in the future going forward, but is there any better way than event logs? and if not, what's the best way to derive that info from event viewer?

When using the Microsoft Remote Connection Client built by Microsoft for the MAC. It is difficult and challenging to remove a User Account from multiple remote connections in the list that builds up over time. If you make a mistake in the entry there is no easy way I can see to delete a User Account? There is no Remove or Delete User Account. See the images below) I am not saying the actual User who accesses the machine but the user account that is generated from a remote connection from a MacBook Pro per se to a Windows based machine. Does anyone know how to do this? Many support topics at the Microsoft Support site tell you ho to change the Registry Keys in Microsoft but hard to find anything about how to do it on a Mac? Any help appreciated.

From the Mac Tray at the bottom of the screen you see this icon.
Tray iconThen when you click on a Saved Desktop or create a new connection to the desktop you see the following type screen.

Microsofts Remote Desktop Client for the Mac
Again I am remoting in from a Mac to a Windows 10 machine. How to remove the user account on the MAC in the Remote Desktop Connection
I have a Server 2016 RDS Farm that currently has 1x Gateway, 2x Connection Brokers in HA, and 1x session host. It will expand in the future, but just in testing mode right now.

Functionally, everything works perfectly, however when connecting to the environment, cached credentials cannot be used and the "Remember Me" box is missing from the RDP Login box. Note that all connecting machines are going through the RDS Gateway and are not members of the target domain.

I also noticed that this is not an anomaly with this environment. I have a completely separate 2012 RDS farm on a different unrelated domain that exhibits the same behavior. Domain machines bypassing the gateway can save credentials, external people going through the Gateway can't and the checkbox is completely missing .

Being that the same issue exists in 2 different environments, is there a setting somewhere that I can get this working?

The group policies on both the server side and client side are completely stock and I have already tried defining the "Allow Delegating Saved Credentials" Client GPO and defined the connecting "TERMSRV/*" target, which didn't have any effect. Also have verified that the "Allow Delegating Saved Credentials" is also not defined on the server or client side.

My client machine is Windows 10, however I also tried it on an older Windows 7 machine with the same result.
Windows 10 Pro (Laptop) to a Windows 7 Pro Machine (Server) I am confused about RDP Remote Desktop Connection. I have a computer on my network that I should be able to connect to through wireless that has two users. 1. Administrator with NO PASSWORD. Then 2. (Also an Administrator account) My First Last Name with a Password I use 20 times a day at least.

I looked up the IP address and the machine I am going to has both LAN IP and a Wireless LAN
So since my laptop is wireless connecting to the server through it's wireless adapter I chose

I plug in the IP from one machine to another and get what looks like a connection with the machine. It asks for Username & Password. I put either of the two in and I get errors. The Administrator gets this error.
Admin ErrorThen my name as an Administrator
Local User Admin Me Error
Since I have been able to go to the machine (the server I am trying to remote into)  and login with either of those accounts. What can I look for that might address why I cannot remote in?
What is the command to check remote mgmt card is installed on windows server using command prompt?

Is there any other way to find that card is there or not?


I have had a Server 2016 RDS server restored from an image backup (Datto).

originally it was a hardware server, I have had to recover it as a VM, both OS and DATA drive are accessible.

During the process the newly restored VM/server was removed from the domain and re-added.

All users (including domain admins) are having the same issue when logging in, in that they are not able to 'access' their roaming profile and are given a temp profile. This is whether the user is logging in locally to the server or using RDP.

Note here that I have removed the GPO to return to default profile location and added another GPO to change the location of roaming profile. Still no joy.

Other GPOs are working fine, eg redirected folders and printers

Errors in event viewer are:

Log Name:      Application
Source:        Group Policy Drive Maps
Date:          3/31/2019 11:44:21 AM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      Server2-RDS.domain.internal
The user 'N:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' Group Policy Object did not apply because it failed with error code '0x800708ca This network connection does not exist.' This error was suppressed.
Event Xml:
<Event xmlns="">
    <Provider Name="Group Policy Drive Maps" />
    <EventID …
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

I have an odd situation that I can't explain and wanted to pick a few brains. I'm building a new large Server 2016 Terminal Server Farm with the following specs. I only have 1 Session host because I'm testing right now.

3x Gateways
2x Connection Brokers in HA with SQL
1x Session Host

The gateway resource policy allows the dns names for both connection brokers and the cluster/HA name for the HA Connection Brokers

If I try to login, the gateway properly sends it to the CB, the CB proxies it properly to the session host, but then the connection stops and you get the typical "Can't connect to <HA Address> because of gateway reasons. So the CB is sending it to the session host, but the login to the actual session host isn't being allowed and/or timing out as the log on the CB supports.

If I look at the log on the gateway, it indicates 2 pairs of successes for the authorization polices out to the CB which all work, then a deny saying it failed the resource policy.

If I add the session host FQDN to the gateway resource policy, then the entire connection works and the login works fine.

I've made plenty of Terminal Server farms in the past and I'm pretty sure I never needed to add the actual session host to the resource policy, but just the CB FQDN and the HA name if there is one.

Is this actually required for some reason?
I am trying to find a solution for a client which will allow them to push all SSH traffic over remote access VPN? they are also requesting that it must have split tunneling and all http/https traffic must go out over the local internet. Is this even possible? they currently have a fortigate, which says no its not possible, I've called a few other vendors who say their VPN solutions are not capable of that. I know in cisco you can force specific sites to go over the VPN but you need specific IPs and it is not recommend. OpenVPN might be able to do it but I might be misinterpreting what I'm finding. Has anyone come across something like this before and can point me in the right direction?

Basically this client has a lot of remote workers who download large images which is why split tunneling is a must. They work through AWS and SSH into the boxes. The security for this is getting out of hand as they have a lot of servers and they are putting everyone's public IP in the security settings to allow them to access the servers. They no longer want to do this and only use their public IP for security reasons so we are trying to get a baring on how one would be able to accomplish this as they want 1 point to cut all access to the servers if a user would leave or be terminated.
I am configuring a MS 2012 R2 RDS farm and i am customizing the login page. I have everything the way i want it, except i need to add the Warning text that i can see inside the login.aspx file in the C:\Windows\Web\RDWeb\Pages\en-US folder, but i can't seem to get it to display. i want the following on the initial RDS web page under the login credentials:


Warning: By logging in to this web page, you confirm that this computer complies with your organization's security policy.

please provide web URL that instructs how to get this to display, or state what's needed.  Thanks!
Old PCs listed in Remote Web Access 2011 when users log in
We use SBS2011 my users use Remote Web Access when they need to log onto their office computer remotely (away from LAN)
the problem is that the computer list will list old computers that are no longer on the network, they have been replaced with new PCs which can be confusing for users. Example user Steve had a computer name Steve, he now has a replacement computer named Steve-New. When steve logs in he sees Steve and Steve-new
where do I go to clear our computer Steve? I did go onto our DNS server and deleted Steve but that does not seem to work
RDP fails from a Public IP address but works ok either locally or via a VPN. When I connect from a VPN RDP is successful and works as it should, when I try from the same PC to the Public IP address on the firewall I get the Login Box and enter the details which after waiting a few seconds generates a pop of An internal error has occured and yet I can't see anything in Event viewer on the PC I am trying to connect to.
I have installed RDP gateway on windows server 2019 and went through the configuration. I was unable to disable UDP 3391 transport in RDP Gateway windows server 2019

I tried it on 2 separate windows 2019 servers that used the normal install and no GPOs.

Any idea how to get it to turn off. We do not want to use UDP 3391 due to the port being blocked throughout the enterprise.

It is disabled In windows server 2016 by default. I actually would get the same error if I tried to enable it in windows server 2016. But for the scope of the question, We are trying to disable it in 2019.
We ran into a problem on extracting files from a zip on a networkshare in our domain.
We are using RDP session hosts.
All data is on shares on other servers.

When a user has a zip file (even if generated by copy to compressed folder function by this very user self) that he wants op extract files from,
This message comes up:
"Windows found that this file is potentially harmful. To help protect your computer, Windows has blocked access to this file."
With only an OK-button.

Unblock is not an option (if this button is there anyway)
Only an administrator is able to extract this 'potentially harmful' file without any warning
We even have tried disabeling UAC without any succes
Searching the internet did not give any results to resolve this item.
I hope some one can help me getting this solved.
Hello Everyone and thank you in advance for all expert insights.
I had asked a similar question before and thought the answer was clear until I started reading about it and trying it, but sadly I am more confused than before.
We have 2 2012R2 servers that vendor techs need to be able to access via RDP from the outside. To get to network they will use VPN and then RDP to server. However, we must be able to allow more than 2 (I know trick with remote console \admin) techs to access the server via RDP at the same time. It is my understanding this can be done via Remote Desktop Services and RDP licenses. We have bought the CAL licenses and now it gets interesting. Note: All we are trying to do is add the terminal services (RDS) licenses so more than 2 people can connect to the server. We are not trying to publish apps or deploy VDI etc. I followed a bunch of how-to articles (see below), but cannot figure out if I ought to deploy the RDS via Server Manager Add Role-based or feature-based installation or the special remote desktop services installation option and do I use the standard or the quick setup option and finally the virtual machine-based desktop or session-based desktop deployment options (I think session, but...). From what I understood I will need (at a minimum) the RD desktop connection broker, RD desktop session host and the RD desktop licensing. I did install those at one point, added the licenses and registered license server with MS (those steps …
I'm in the process of setting up RDS to run RemoteApps on a Windows 2016 Server and I've run into another "snag".  Remote Desktop is set up and working fine.  The RemoteApps have been published and are functioning as expected provided the user invoking the RemoteApp has Administrative Rights on the Windows 2016 Server.  Users without administrative rights receive the following message when they attempt to run the RemoteApp:
I don't understand this message in that 1) the software has been signed, 2) the application is running on the Server and NOT on the local user's computer, 3) the file location shown in the message is physically on the Windows 2016 Server, yet 4) the message seems to imply that the "File Origin" is on the C: drive of the local computer (which, of course, is NOT the case!).  Again, if I run the RemoteApp from my local computer, it runs fine, but, of course, I have administrative rights on the server.

Does anyone have any suggestions or has anyone encountered a similar situation?  Any and all assistance will be greatly appreciated!
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

We have 3 published virtual Desktop icons when logging into Citrix NetScaler Gateway.  

1 - Published Virtual Desktop icon = Windows 2012 R2 Server
2 - Published Virtual Desktop icon = Windows 10 Pro. Desktop
3 - Published Virtual Desktop icon = Windows 7 Pro. Desktop

I have a problem that is Laptop specific where when I try to launch the 201 R2 icon from the NetScaler portal (version 12.0) the Citrix ica session opens and then freezes after a couple of seconds and then the session disappears/closes before I see the desktop screen.  Usually the 2012 R2 icon is the only one that UI use; but, I have not used it in a while and now it is just not opening for me.

The other 2 icons are opening up just fine on the same laptop.  If I use other computers or laptops the same 2012 R2 icon comes up and works well.  And if I login as a different user on my 'rouge' laptop (test user) I have the same problem; hence it appears that the proble is specific to the laptop.  What can I do to have the 2012 R2 icon work on my laptop?

The Citrix .ica session launches then it closes after a couple of seconds.  I have seen that before and the fix was to uninstall receiver and to re-install it but that did not work in this case.  Equally important, this problem happens when logged in to the NetScaler Gateway while using different internet browsers (Chrome, internet explorer, Edge); but, it is laptop specific.
We often work on remote computers and have to reboot them.  However, we waste time by waiting and watching them do so (i.e. waiting for the client to reconnect).  Is there any way to use a program or create a script to send us a message once the computer is back online?
I am setting up a terminal server for some of our employees on the road; I published to them the app’s they need.

However, would love if I could give them the ability to save documents they download locally to the server,

Please advice

In addition, I am looking to reduce the time from clicking on application to being connected to the session, what I did I published calendar and created a task schedule that as soon they login it lurches the calendar,  once the connection is made when they open the application they want to work on, it opens immediately, I am not so excited about the calendar pops up, and if they x out the calendar it will again take time when they open their applications, is there a hidden app or something nice like a clock I can publish instead of the calculator?
I have a 2012 R2 based Domain. We now are using 2012R2 server as clients. All functions are maintained through GPO. Everything is working up to recently. If a domain user with RDP access attempts needs his password reset then either the administrator or a domain admin resets him and provides the temporary password. That domain user then logs in and as soon as he makes the change to his password the GUI goes away. He then attempts to log in again with the NEW password and it rejects it. This is repeatable. Some initial troubleshooting pointed towards some Windows patches could cause this. I took some steps in removing these patches and nothing changed. I re-installed the patches.

We have 2400 local site personnel that use these devices locally. We have 100 "super" ETs that log in to these 2012 R2 clients and help the local site personnel or remotely fix something. So again everything works except if someone forgets their password.

If I (as admin) log in from my desktop (Windows 7) I reset the password for one of these accounts. I then login to the client 2012 R2 and make a new password it then switches over to the normal login and the new password works. SO this problem only occurs if originated from the 2012 R2 client. Help!?
Hello Everyone,

This is going to sound like a dumb question and I feel stupid even asking it, but am sufficiently confused now that I have no choice. LOL!
We have 2 new servers that the vendor team needs to work on to install products etc.
I was asked to purchase two Remote Desktop CALS so they can connect and did so through a reseller.
See item below
RDS server for 2 Remote Desktop CALI then  started looking for a way to integrate these so they can be used. Eventually I read about needing an RDS server and that is when the confusion began. We recently updated our AD with two new 2016 DC and bought the 400+ User CALS required. However, I never came upon anything that stated that I needed to install licensing servers, etc. nor did any vendor tech helping us out ever mention it and we do not have one installed. So is the RDS server merely for the Remote Desktop and is it a feature installed on the two servers the vendor needs access to, or am I missing a serious piece of the AD puzzle that will eventually cripple us?
Thanks in advance for all insights.
What is the best way, to remotely access a MAC, from a Windows 10 operating system.
I am looking for a very low cost one time software, or freeware to do this.
In an internal Windows network setting.

Thanks in advance for your assistance.

Remote Access





Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.