Setting up a Terminal Server For Remote Access

Tech bud

Tech bud

Active Member
Reaction score
27
Location
Oshkosh, WI
Alright, so a long story short, through a family friend that owns a business. His original tech guy was caught ripping him off. Billed him for work he was performing remotely supposedly. But he didn't realize that he had the server unplugged the whole time.

But he was going to set him up a terminal server. I got wind of this, let him know that I can do it for cheap to just get my experience doing it and a local business to spread the word a bit. I"m more confident now as my day job is a lot of server work as I service a secure application system.

But so far so good, I got remote desktop services to install on my test environment, I have the domain set, the users added into and can remote into the server. The wild card is the thin client, never seen the brand before, Ncomputing. But found an Indian video on how to use, looks like just point it at the server and give the credentials for the user.

I can install software for each session. Need office licenses for each desktop. But he wants to be able to access the desktops from out of the office.

So my question: I'm assuming this should be set up like every other device, go to the router and set up port forwarding to the server on port 3389?

Then they remote in with remote desktop with the public IP address with a port number. Should hit their network and connect to the server and then they enter their credentials?
 
Tech bud said:
Alright, so a long story short, through a family friend that owns a business. His original tech guy was caught ripping him off. Billed him for work he was performing remotely supposedly. But he didn't realize that he had the server unplugged the whole time.

But he was going to set him up a terminal server. I got wind of this, let him know that I can do it for cheap to just get my experience doing it and a local business to spread the word a bit. I"m more confident now as my day job is a lot of server work as I service a secure application system.

But so far so good, I got remote desktop services to install on my test environment, I have the domain set, the users added into and can remote into the server. The wild card is the thin client, never seen the brand before, Ncomputing. But found an Indian video on how to use, looks like just point it at the server and give the credentials for the user.

I can install software for each session. Need office licenses for each desktop. But he wants to be able to access the desktops from out of the office.

So my question: I'm assuming this should be set up like every other device, go to the router and set up port forwarding to the server on port 3389?

Then they remote in with remote desktop with the public IP address with a port number. Should hit their network and connect to the server and then they enter their credentials?
Click to expand...

Nooooooooooooooooooo....................

Never, ever use RDP in the wild, as in over the Internet. On the LAN is fine but most LAN's have little to no firewall so you should not need to make any changes. If they need RDP over the Internet do it over VPN.
 
Markverhyden said:
Nooooooooooooooooooo....................

Never, ever use RDP in the wild, as in over the Internet. On the LAN is fine but most LAN's have little to no firewall so you should not need to make any changes. If they need RDP over the Internet do it over VPN.
Click to expand...

Yes in my test environment at my house, everything runs smoothly. That would make sense with a vpn, they connect with a vpn and it's like a local connection.

Now to set up the VPN client.
 
Regular computers will have the VPN client built in. If they are think clients then I have no idea to be honest. You'd need to get your hands on it to test. Unless they have KVM over IP. The nickel solution to the dime problem would be to just deploy a VPN appliance at each remote location. ERL3 are cheap and can easily handle that.
 
RDP over the internet is fine, once you put a real SSL certificate on it, the thing is encrypted and safe as any VPN. There is however... ONE MASSIVE FAULT.

You need to 2FA the thing...

Operate RDP to the world with single factor auth at your own peril. So that's the trade, you can VPN, or 2FA, but you'd better done one of them or bad things will happen.

Oh, and you don't even have to expose 3389, if you're doing your job correctly only TCP 443 is exposed.
 
Sky-Knight said:
RDP over the internet is fine, once you put a real SSL certificate on it, the thing is encrypted and safe as any VPN. There is however... ONE MASSIVE FAULT.

You need to 2FA the thing...

Operate RDP to the world with single factor auth at your own peril. So that's the trade, you can VPN, or 2FA, but you'd better done one of them or bad things will happen.

Oh, and you don't even have to expose 3389, if you're doing your job correctly only TCP 443 is exposed.
Click to expand...

We could get the Certificate router too. Trying to think if we did the VPN, I would have to install the client on every desktop and then they could VPN into their stations.

Thinking a Cert, you could just have the one certification and then they could remote in as usual.

Must ponder on the best option, I don't think I can get away with just a VPN connection set up on the server, that would allow them to get to the administrator panel. Don't want that.
 
The admin panel is already exposed, if you're worried about people using VPN to get to that you need better passwords.
 
Tech bud said:
We could get the Certificate router too. Trying to think if we did the VPN, I would have to install the client on every desktop and then they could VPN into their stations.

Thinking a Cert, you could just have the one certification and then they could remote in as usual.

Must ponder on the best option, I don't think I can get away with just a VPN connection set up on the server, that would allow them to get to the administrator panel. Don't want that.
Click to expand...

A VPN essentially just connects your device to the local network, as if you were in the office. You don't VPN into individual desktops. You would connect to the VPN server then start an RDP session to the desktop. Nothing needs installed on desktops.

I think you may also have some confusion between a Terminal Server (now named RDS) and a Remote Desktop Gateway server. Afraid I don't have time to explain them, but Google both terms and you will see the difference.
 
Last edited:
SAFCasper said:
A VPN essentially just connects your device to the local network, as if you were in the office. You don't VPN into individual desktops. You would connect to the VPN server then start an RDP session to the desktop. Nothing needs installed on desktops.
Click to expand...
Alright, so just connect to the VPN, then use remote desktop to connect to their station. Must get this set up
 
I think you should take some time to step back, if you haven't already, and draw up a topology map first based upon their existing infrastructure and needs. My comments were based upon your initial remote desktop comment. As in app. Your options are really based upon what they have. If they are using an outdated server some services may not be available. But if it's a new version, say 2012, you have more options like RD Gateway.
 
Alright, got the VPN set up and can connect through the Windows 10 VPN connection, little more set up to get internet. But can access the desktop for that user, at least through a mobile data hotspot, going to have some friends connect to see if they can get it from there, thanks, everyone!!
 
You must log in or register to reply here.

Similar threads

ThatPlace928
[SOLVED] Best Remote Software?
2 3
Replies
58
Views
1K
twwabw
twwabw
YeOldeStonecat
Gaming rig...help with client computer with vid card issues.
2
Replies
25
Views
766
Rosco
Rosco
thecomputerguy
Super small accounting client needs new server/workstation.
Replies
8
Views
387
YeOldeStonecat
YeOldeStonecat
Appletax
Second Monitor Doesn't Wake Up - Using DP to HDMI Adapter
Replies
8
Views
409
Appletax
Appletax
LordX
'Complete' business management software for a client
Replies
5
Views
211
LordX
LordX
Back
Top