Remote Desktop on Windows server 2008

#1
Hi everyone, I'm running windows server 2008 RD2 foundation on my small buissness and I need to do some work from home. Can someone tell me how to enable remote desktop so I can connect from home over the internet? Thanks
 


#2
Hi there,

You do have admin rights on the server right?
The easiest way to enable remote desktop is to use Server Manager and then you need to make a port forward in the Windows Firewall to 3389 and allow the access.
NOTE: You might also need to create the port forward on your internet router or whatever firewall your are using to filter your internet traffic.
 


#3
I got a good idea on how to foward the required port, but how I would have to configure the host computer and the client computer?
 


Trouble

Noob Whisperer
#4
How've you been. Haven't heard much from you lately. Anyway
On the server, right click "Computer" choose properties and follow the attachment.
If you have a domain configured you may have to take a look at the Domain Group Policies as well as Domain Controller Security Policies if it doesn't seem to work out of the box.
On the client side just type mstsc into the search or run dialog box and hit enter. Enter the IP address of the outside edge of your router and you should be off to the races.
 


#5
Hi, Randy Happy holidays been pretty buissy with the implementation and go live of the buisness software. this is the third week after go live so now is starting to settle down and starting to gow pretty smooth. now that I got the software up and running on the buisness I,m trying to do some work from home and need to do some remote desktop. What should I configure on Domain Group Policies and Domain Controller Security Policies?
 


Trouble

Noob Whisperer
#6
OK, first I will admit that I have not done anything with Windows SBS 2k8 r2 so I am kinda going on what I remember from SBS 2k3 r2, as well as what I'm currently running which is Windows Server 2k8 r2 (Standard). So if the latest version of SBS is the same as the older version than it does not support standard terminal server connections and licensing like a regular version of 2k8, but you are still allowed your standard two (2) remote desktop (Administrators) sessions so as long as you can work within that restriction you should be ok.
Configuring the Local Security Policy, as well as the Domain Policy and the Domain Controller Policy is relatively simple, it's just a matter of knowing how to get into each and what to look for. Generally speaking if a specific policy says not configured then leave it alone and it should not cause a problem. Unless you find that you are still having problems after configuring the remaining policies correctly, then you may need to go back in and define them explicitly. Just be careful and don't do anything unless you are sure it's necessary.
First let's start with the local security policy by typing
gpedit.msc
into the search or run dialog box on the SBS server and hit enter.
If the account you will be using is a member of the Domain Administrators Group (Which is by default a member of the Local Administators Group) you should be OK, by default, just double check and make sure.
You're concerned with two groups of settings four in all
Allow log on locally .... make sure that "Administrators" is present.
Allow log on through Remote Desktop Services .... make sure that "Administrators" is present
Deny log on locally ..... should be blank (this is one that you don't want to mess with as it impacts who can actuall set down at the computer and log on as well as Remote Desktop Users, since it's actually the same thing, even though you are logging on remotely, you are actually logging onto the local desktop) so be careful if you add anyone (user or group here)
Deny log on through Remote Desktop Services .... basically the same applies although not quite as disasterously critical.
I recommend creating a special user for remote sessions and make sure that that user is only a member of the "Domain Administrators" group and no others. This will generally support the default settings and should result in the easiest configuration with little to no changes in any of the policy consoles. To edit any of these individual settings just double click and you can edit the users or groups included or excluded. See attachment
 


Trouble

Noob Whisperer
#7
Now for the Default Domain Controller Policy and the Default Domain Policy. Same setting to examine, just slightly different in how to get there first type
gpmc.msc
into the search or run dialog box and hit enter.
See attachment.
 


Trouble

Noob Whisperer
#8
See attachments for Domain Policy and Domain Controller Policy
 


Last edited:
#9
Hi, Randy I checked everything you told me and it was good, I forwarded port 3389 on my linksys router and I unchecked the Block Anonymous Internet Requests box on the router as well but when I try to remote desktop from home over the internet I get this error message
View attachment 10250
I'm able to remote desktop from within the network but not from home.
 


Trouble

Noob Whisperer
#10
OK, so if you can RDP from inside the network from another machine then it's at least looking good there. So you need to determine what the issue is from home.
My first question of course is from home, when you type in the ip address in "mstsc.exe" are you sure you are using the correct ip address for the outside edge of your router? Check and confirm that the number is correct by setting down at the server and opening a browser and going to www.whatismyipaddress.com make sure that that is the one you are using from home.
If you have a statically assigned IP from you ISP then there shouldn't be a problem. However if you are using Dynamic or PPPoE from you ISP then that address can change and you may have to resort to using a service like DynDNS on the server to help get around that issue.
The basic service is free and would probably fit your needs. That way you can type in a FQDN instead of an IP address and the DynDNS service will detect and adjust for any dynamic changes in your IP from your provider.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.