How to connect to more than one machine using RDP ??

I have used Small Business Server's Remote Web Workplace facility and I
find it very good. All connected desktop machines on the network can be
easily accessed through the server.

But can something like this be done at all when not using SBS? As the RDP
port can only be forwarded to one machine, what is the solution when you
want to connect to more than one? And yes, obviously I have one IP address
and am using NAT.

ss.

Hi,

In this case you could use different port number. E.g. 3389 is default TCP
port. You can use 3390 for another RDP session, 3391 for another session
etc. Of course when user wants to connect to his computer he has to specify
name of the computer and correct TCP port number in the MSTSC client.

On your NAT device you have to configure forwarding. E.g. if connection
comes to TCP port 3390 you know that it has to be forwarded to PC10 (with
e.g. IP address 192.168.1.10) and if connection comes to TCP port 3391 it
has to be forwarded to PC15 (with e.g. IP address 192.168.1.15).

This article might also help you out...

How to change the listening port for Remote Desktop
http://support.microsoft.com/?kbid=306759

--
Mike
Microsoft MVP - Windows Security

"Synapse Syndrome" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> I have used Small Business Server's Remote Web Workplace facility and I
> find it very good. All connected desktop machines on the network can be
> easily accessed through the server.
>
> But can something like this be done at all when not using SBS? As the RDP
> port can only be forwarded to one machine, what is the solution when you
> want to connect to more than one? And yes, obviously I have one IP
> address and am using NAT.
>
> ss.
>

"Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> In this case you could use different port number. E.g. 3389 is default TCP
> port. You can use 3390 for another RDP session, 3391 for another session
> etc. Of course when user wants to connect to his computer he has to
> specify name of the computer and correct TCP port number in the MSTSC
> client.
>
> On your NAT device you have to configure forwarding. E.g. if connection
> comes to TCP port 3390 you know that it has to be forwarded to PC10 (with
> e.g. IP address 192.168.1.10) and if connection comes to TCP port 3391 it
> has to be forwarded to PC15 (with e.g. IP address 192.168.1.15).
>
> This article might also help you out...
>
> How to change the listening port for Remote Desktop
> http://support.microsoft.com/?kbid=306759
>


Hi Mike/Miha

Thanks, that's great. But how do I choose which computer to connect to on
the RDP client? In the Computer: field would I type something like
my.domain.com:3390 for example?

ss.

Hi

<snip>

> Hi Mike/Miha
>
> Thanks, that's great. But how do I choose which computer to connect to on
> the RDP client? In the Computer: field would I type something like
> my.domain.com:3390 for example?

Yes, that is correct. You can also use command line option. E.g.

mstsc /v:my.domain.com:3390.

Note that I have run into some problems on same networks. While they allowed
3389 for RDP ports they blocked other ports like 3390 etc... So in this case
these clients would not be able to connect to RDP.

A safer way is to setup a Virtual Private Network (VPN) and access all PCs
through the VPN tunnel. That way you only need one port open on the firewall
versus multiple ports. I would post to the
microsoft.public.windows.server.sbs news group for help with that...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Synapse Syndrome" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> I have used Small Business Server's Remote Web Workplace facility and I
> find it very good. All connected desktop machines on the network can be
> easily accessed through the server.
>
> But can something like this be done at all when not using SBS? As the RDP
> port can only be forwarded to one machine, what is the solution when you
> want to connect to more than one? And yes, obviously I have one IP
> address and am using NAT.
>
> ss.
>

Hi,

Can you explain a bit more why would VPN be safer then RDP connection?

Actually for VPN you do need more then one port open and few protocols
compared to RDP where you actually do have one TCP port open (3389).

--
Mike
Microsoft MVP - Windows Security

"Sooner Al [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>A safer way is to setup a Virtual Private Network (VPN) and access all PCs
>through the VPN tunnel. That way you only need one port open on the
>firewall versus multiple ports. I would post to the
>microsoft.public.windows.server.sbs news group for help with that...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "Synapse Syndrome" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>
>> I have used Small Business Server's Remote Web Workplace facility and I
>> find it very good. All connected desktop machines on the network can be
>> easily accessed through the server.
>>
>> But can something like this be done at all when not using SBS? As the
>> RDP port can only be forwarded to one machine, what is the solution when
>> you want to connect to more than one? And yes, obviously I have one IP
>> address and am using NAT.
>>
>> ss.
>>
>
>

It depends on what VPN package you use...

I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194
is the default although I use another obscure port.

http://theillustratednetwork.mvps.or...N/OpenVPN.html

In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one
port open (TCP Port 22 is the default) on my firewall and I can access any
of my PCs on my local LAN...

http://theillustratednetwork.mvps.or...esktopSSH.html

In both cases I either use a cert and a key protected with a strong password
or a private/public key pair protected with a strong password and only have
one port forwarded/opened incoming on my firewall...

I just like to minimize my exposure to the public internet.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi,
>
> Can you explain a bit more why would VPN be safer then RDP connection?
>
> Actually for VPN you do need more then one port open and few protocols
> compared to RDP where you actually do have one TCP port open (3389).
>
> --
> Mike
> Microsoft MVP - Windows Security
>

Hi,

What I usually recommend (depending on the needs of the client) is to use
RDP since it too requires one port. Personally I prefer RDP since I don't
have to worry about security of the client (does it have antivirus running
or is it infected with a virus; does it have all patches installed; does it
have e.g. personal firewall enable etc)... It is very unlikely that users
will infect the LAN with a worm over RDP connection while I seen quite a few
infection over VPN connections (connections that allowed unlimited access to
the remote network). And with RDP it is relatively easy to set what users
can and can't do on the remote server.
In environments where they did need VPN -- we set up VPN quarantine to make
sure clients would not infect whole network.

If the number of ports is an issue -- I would recommend open only 3389 and
logon to the server. Once on the server RDP to the computer you want to
access...

As far as traffic is concerned -- RDP sessions are encrypted with 128 bit
keys (if RDP server is set to high encryption). As addition in environments
requiring higher security -- we also implemented two factor authentication
on RDP sessions (e.g. RSA SecurID cards) or Smart Card logons...

--
Mike
Microsoft MVP - Windows Security

"Sooner Al [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It depends on what VPN package you use...
>
> I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194
> is the default although I use another obscure port.
>
> http://theillustratednetwork.mvps.or...N/OpenVPN.html
>
> In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one
> port open (TCP Port 22 is the default) on my firewall and I can access any
> of my PCs on my local LAN...
>
> http://theillustratednetwork.mvps.or...esktopSSH.html
>
> In both cases I either use a cert and a key protected with a strong
> password or a private/public key pair protected with a strong password and
> only have one port forwarded/opened incoming on my firewall...
>
> I just like to minimize my exposure to the public internet.
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi,
>>
>> Can you explain a bit more why would VPN be safer then RDP connection?
>>
>> Actually for VPN you do need more then one port open and few protocols
>> compared to RDP where you actually do have one TCP port open (3389).
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>

Hello!

"Sooner Al [MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> It depends on what VPN package you use...
>
> I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194 is the default although I use another obscure port.
>
> http://theillustratednetwork.mvps.or...N/OpenVPN.html
>
> In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one port open (TCP Port 22 is the default) on my firewall
> and I can access any of my PCs on my local LAN...

What was the main reason for replacing SSH with OpenVPN?

Thanks, Roman

Access to shared files/folders on other PCs besides my SSH server PC. With
OpenVPN I can access shares on each PC seamlessly from the remote client. I
could not do that with SSH.

As far as RDP is concerned there really is no difference other than
addressing, ie. you need port redirection/forwarding through the SSH client,
versus direct addressing via IP or NetBIOS name with OpenVPN... In my case I
also have a common "hosts" file on my OpenVPN server PC and my clients.

Now you need to be aware that this is for access to a Small Office/Home
Office (SoHo) network without a standalone server like SBS or W2K3/W2K...

As always YMMV...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"roman modic" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello!
>
> "Sooner Al [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> It depends on what VPN package you use...
>>
>> I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port
>> 1194 is the default although I use another obscure port.
>>
>> http://theillustratednetwork.mvps.or...N/OpenVPN.html
>>
>> In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one
>> port open (TCP Port 22 is the default) on my firewall and I can access
>> any of my PCs on my local LAN...
>
> What was the main reason for replacing SSH with OpenVPN?
>
> Thanks, Roman
>