PDA

View Full Version : Access domain remotely?


brockalee
01-21-2012, 02:19 PM
I have several users at varying permission levels that want to access their PC's remotely. They are all running XP Pro on a Server 2003 domain.

I figure it will go something like this:

1) Add users to the "Remote Access" permission group
2) Enable "Remote Desktop" on their PC's
3) Enable port forwarding on the firewall
4) Setup the RDP on the client machines with the IP address, domain name, and port

Should I change the RDP port on the machines? I know the default is 3389.

Am I heading in the right direction here? Or should I be looking at setting up a VPN?

controlfreak
01-21-2012, 03:30 PM
If your router supports it you can keep everyone at 3389 internal and just change external port therfore the connection you setup for them can for example for one person be 3390 and will forward to 3389 on the designated ip.

If you don't have this feature you will have to change the port in registry on each machine and be sure to open a port on the xp firewall.

As for vpn it depends on your config. Do they have all there files on the server? or do they have them in user profile? At the location they will use the vpn do they have the appropriate software?

As for security vpn tunnelling has a lot more security options and features that will protect it from attacks.

Frank
01-21-2012, 05:01 PM
If the router doesn't support the feature above, it'd be easier to have them connect via VPN and then RDP into their PCs. You'd have a lot more things to keep track of if you have to change the RDP port of several PCS.

YeOldeStonecat
01-21-2012, 05:22 PM
Or just keep it simple and use one of the many easy remote access programs like logmein.

brockalee
01-21-2012, 05:42 PM
They have a Watchdog Firebox Edge. It probably does have that port forwarding feature.:) The files such as the outlook pst are stored locally and they will not have programs they need on the remote pcs from which they are connecting.

brockalee
01-21-2012, 06:38 PM
Or just keep it simple and use one of the many easy remote access programs like logmein.
I haven't used logmein for computers connected to a domain before. Should that work too? And I guess that I wouldn't need to manually assign an IP address to those PCs either, right? Well, maybe I would so I could forward the ports Logmein would need. Or just use Hamachi.

I wonder which edition of Windows is going to make this stuff easy.

MobileTechie
01-21-2012, 07:21 PM
Logmein deals with all that stuff for you. The only problem you're likely to come across is that it wants users to have admin rights and will error if you're not. So you have change a setting: http://help.logmein.com/selfserviceknowledgerenderer?type=FAQ&id=kA030000000DGDrCAO

brockalee
01-22-2012, 05:00 PM
Logmein deals with all that stuff for you. The only problem you're likely to come across is that it wants users to have admin rights and will error if you're not. So you have change a setting: http://help.logmein.com/selfserviceknowledgerenderer?type=FAQ&id=kA030000000DGDrCAO

Thanks - I'll give that a shot and let you know how it all works out.

YeOldeStonecat
01-23-2012, 01:47 PM
I haven't used logmein for computers connected to a domain before. Should that work too? And I guess that I wouldn't need to manually assign an IP address to those PCs either, right? Well, maybe I would so I could forward the ports Logmein would need. Or just use Hamachi.

I wonder which edition of Windows is going to make this stuff easy.

Makes it easy for you...no need for static IPs, no need for firewall rules.

In the old days I used to setup VPNs and RDP setups for clients...but these days, so many good easier and still very secure methods are available. The less I have to deal with home users getting confused with VPNs...the better. Even myself as a network tech....for my own access to my workstation at our office..I used to do VPN and RDP...but since Microsoft came out with Live MESH...that's what I use now to access my office rig. I'll be remoting in in a few minutes to do some invoice...from the comfort of my couch at home. Live MESH requires Vista/Win7...so you're out of luck with XP. So 3rd party like logmein or gotomypc ..amongst others, are your alternatives.

mraikes
01-23-2012, 02:59 PM
I haven't used logmein for computers connected to a domain before. Should that work too? And I guess that I wouldn't need to manually assign an IP address to those PCs either, right? Well, maybe I would so I could forward the ports Logmein would need. Or just use Hamachi.

I wonder which edition of Windows is going to make this stuff easy.

I use LMI to access domain computers every day. You still log on to the machine using your domain credentials, just as if you were sitting there. No fixed ip or port forwarding required.

brockalee
02-01-2012, 12:12 PM
Yep, I got done with the job yesterday. All of the users had admin rights on their computer, so there were no issues with that. I'm glad I didn't go the remote desktop route.

The first of three went flawlessly. I used the same MSI installation file on the second and that went fine. On the third though, during setup it had the username from the 1st user somehow. Very weird - was it embedded into MSI? I re-downloaded another installation file and it went fine.

I got the first user logged in no problemo. On the 2nd and 3rd, it all went well until I got to the domain login. I was trying to use their e-mail as a login instead of their actual domain login. (Haven't had much sleep lately... 2 week old.) :)

So story made short, it all worked awesomely and I'm glad I went this route. Thanks for the help and support!