Remote Desktop on Windows server 2008

Discussion in 'Windows Server Forums' started by Jadames, Dec 19, 2010.

  1. Jadames

    Jadames New Member

    Joined:
    Oct 10, 2010
    Messages:
    50
    Likes Received:
    0
    Hi everyone, I'm running windows server 2008 RD2 foundation on my small buissness and I need to do some work from home. Can someone tell me how to enable remote desktop so I can connect from home over the internet? Thanks
     
  2. TheDigitalJedi

    TheDigitalJedi New Member

    Joined:
    May 5, 2009
    Messages:
    74
    Likes Received:
    2
    Hi there,

    You do have admin rights on the server right?
    The easiest way to enable remote desktop is to use Server Manager and then you need to make a port forward in the Windows Firewall to 3389 and allow the access.
    NOTE: You might also need to create the port forward on your internet router or whatever firewall your are using to filter your internet traffic.
     
  3. Jadames

    Jadames New Member

    Joined:
    Oct 10, 2010
    Messages:
    50
    Likes Received:
    0
    I got a good idea on how to foward the required port, but how I would have to configure the host computer and the client computer?
     
  4. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    How've you been. Haven't heard much from you lately. Anyway
    On the server, right click "Computer" choose properties and follow the attachment.
    If you have a domain configured you may have to take a look at the Domain Group Policies as well as Domain Controller Security Policies if it doesn't seem to work out of the box.
    On the client side just type mstsc into the search or run dialog box and hit enter. Enter the IP address of the outside edge of your router and you should be off to the races.
     
  5. Jadames

    Jadames New Member

    Joined:
    Oct 10, 2010
    Messages:
    50
    Likes Received:
    0
    Hi, Randy Happy holidays been pretty buissy with the implementation and go live of the buisness software. this is the third week after go live so now is starting to settle down and starting to gow pretty smooth. now that I got the software up and running on the buisness I,m trying to do some work from home and need to do some remote desktop. What should I configure on Domain Group Policies and Domain Controller Security Policies?
     
  6. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    OK, first I will admit that I have not done anything with Windows SBS 2k8 r2 so I am kinda going on what I remember from SBS 2k3 r2, as well as what I'm currently running which is Windows Server 2k8 r2 (Standard). So if the latest version of SBS is the same as the older version than it does not support standard terminal server connections and licensing like a regular version of 2k8, but you are still allowed your standard two (2) remote desktop (Administrators) sessions so as long as you can work within that restriction you should be ok.
    Configuring the Local Security Policy, as well as the Domain Policy and the Domain Controller Policy is relatively simple, it's just a matter of knowing how to get into each and what to look for. Generally speaking if a specific policy says not configured then leave it alone and it should not cause a problem. Unless you find that you are still having problems after configuring the remaining policies correctly, then you may need to go back in and define them explicitly. Just be careful and don't do anything unless you are sure it's necessary.
    First let's start with the local security policy by typing
    gpedit.msc
    into the search or run dialog box on the SBS server and hit enter.
    If the account you will be using is a member of the Domain Administrators Group (Which is by default a member of the Local Administators Group) you should be OK, by default, just double check and make sure.
    You're concerned with two groups of settings four in all
    Allow log on locally .... make sure that "Administrators" is present.
    Allow log on through Remote Desktop Services .... make sure that "Administrators" is present
    Deny log on locally ..... should be blank (this is one that you don't want to mess with as it impacts who can actuall set down at the computer and log on as well as Remote Desktop Users, since it's actually the same thing, even though you are logging on remotely, you are actually logging onto the local desktop) so be careful if you add anyone (user or group here)
    Deny log on through Remote Desktop Services .... basically the same applies although not quite as disasterously critical.
    I recommend creating a special user for remote sessions and make sure that that user is only a member of the "Domain Administrators" group and no others. This will generally support the default settings and should result in the easiest configuration with little to no changes in any of the policy consoles. To edit any of these individual settings just double click and you can edit the users or groups included or excluded. See attachment
     
  7. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Now for the Default Domain Controller Policy and the Default Domain Policy. Same setting to examine, just slightly different in how to get there first type
    gpmc.msc
    into the search or run dialog box and hit enter.
    See attachment.
     
  8. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    See attachments for Domain Policy and Domain Controller Policy
     
    #8 Trouble, Dec 26, 2010
    Last edited: Dec 26, 2010
  9. Jadames

    Jadames New Member

    Joined:
    Oct 10, 2010
    Messages:
    50
    Likes Received:
    0
    Hi, Randy I checked everything you told me and it was good, I forwarded port 3389 on my linksys router and I unchecked the Block Anonymous Internet Requests box on the router as well but when I try to remote desktop from home over the internet I get this error message
    View attachment 10250
    I'm able to remote desktop from within the network but not from home.
     
  10. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    OK, so if you can RDP from inside the network from another machine then it's at least looking good there. So you need to determine what the issue is from home.
    My first question of course is from home, when you type in the ip address in "mstsc.exe" are you sure you are using the correct ip address for the outside edge of your router? Check and confirm that the number is correct by setting down at the server and opening a browser and going to www.whatismyipaddress.com make sure that that is the one you are using from home.
    If you have a statically assigned IP from you ISP then there shouldn't be a problem. However if you are using Dynamic or PPPoE from you ISP then that address can change and you may have to resort to using a service like DynDNS on the server to help get around that issue.
    The basic service is free and would probably fit your needs. That way you can type in a FQDN instead of an IP address and the DynDNS service will detect and adjust for any dynamic changes in your IP from your provider.
     

Share This Page

Loading...