Remote Management

Hi all, I have a client who has asked me if it's possible for me to maintain his business computers remotely. His setup is a Win2K
server and 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's have 2 NICS, one connects to the Win2K server and the
other to the internet via an ADSL router using a subnet of 192.168.1.* . What would be the best way of achieving what he wants ? if
neccessary he is willing to change his current setup

regards

Pete,
- You could allow RDP inbound on the router. But make sure you have a secure
username and password for any accounts that are allowed to RDP (by default,
admins) and perhaps limit the source as well as the destination of RDP.
- Or you could use one of the remote connection services like LogMeIn and
RemoteAssist that will work through the firewall.
- Or you could establish a VPN to the router (replacing the router if it is
not capable of VPN).
My preference would be VPN.
You don't need the two NICs in the PC's,
Anthony
http://www.airdesk.co.uk




"Pete Kane" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all, I have a client who has asked me if it's possible for me to
> maintain his business computers remotely. His setup is a Win2K server and
> 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's have 2
> NICS, one connects to the Win2K server and the other to the internet via
> an ADSL router using a subnet of 192.168.1.* . What would be the best way
> of achieving what he wants ? if neccessary he is willing to change his
> current setup
>
> regards

Anthony wrote:
> Pete,
> - You could allow RDP inbound on the router. But make sure you have a secure
> username and password for any accounts that are allowed to RDP (by default,
> admins) and perhaps limit the source as well as the destination of RDP.
> - Or you could use one of the remote connection services like LogMeIn and
> RemoteAssist that will work through the firewall.
> - Or you could establish a VPN to the router (replacing the router if it is
> not capable of VPN).
> My preference would be VPN.
> You don't need the two NICs in the PC's,
> Anthony
> http://www.airdesk.co.uk
>
>
>
>
> "Pete Kane" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi all, I have a client who has asked me if it's possible for me to
>> maintain his business computers remotely. His setup is a Win2K server and
>> 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's have 2
>> NICS, one connects to the Win2K server and the other to the internet via
>> an ADSL router using a subnet of 192.168.1.* . What would be the best way
>> of achieving what he wants ? if neccessary he is willing to change his
>> current setup
>>
>> regards
>
>

Hi Anthony, thanks for your time , not sure if the router supports VPN's but I'll check, when you say I don't need two NICs - how
could I set the LAN and WAN up in isolation with one NIC ?

regards

Anthony wrote:
> Pete,
> - You could allow RDP inbound on the router. But make sure you have a secure
> username and password for any accounts that are allowed to RDP (by default,
> admins) and perhaps limit the source as well as the destination of RDP.
> - Or you could use one of the remote connection services like LogMeIn and
> RemoteAssist that will work through the firewall.
> - Or you could establish a VPN to the router (replacing the router if it is
> not capable of VPN).
> My preference would be VPN.
> You don't need the two NICs in the PC's,
> Anthony
> http://www.airdesk.co.uk


Hi Anthony, thanks for your time , not sure if the router supports VPN's but I'll check, when you say I don't need two NICs - how
could I set the LAN and WAN up in isolation with one NIC ?

regards

The router is doing the isolating. It should allow nothing inbound. What you
have there is interesting but I don't think it achieves isolation. In effect
the server has no gateway. You could achieve that by removing the gateway in
its network settings.
Anthony
http://www.airdesk.co.uk



"Pete Kane" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Anthony wrote:
>> Pete,
>> - You could allow RDP inbound on the router. But make sure you have a
>> secure username and password for any accounts that are allowed to RDP (by
>> default, admins) and perhaps limit the source as well as the destination
>> of RDP.
>> - Or you could use one of the remote connection services like LogMeIn and
>> RemoteAssist that will work through the firewall.
>> - Or you could establish a VPN to the router (replacing the router if it
>> is not capable of VPN).
>> My preference would be VPN.
>> You don't need the two NICs in the PC's,
>> Anthony
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>> "Pete Kane" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi all, I have a client who has asked me if it's possible for me to
>>> maintain his business computers remotely. His setup is a Win2K server
>>> and 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's
>>> have 2 NICS, one connects to the Win2K server and the other to the
>>> internet via an ADSL router using a subnet of 192.168.1.* . What would
>>> be the best way of achieving what he wants ? if neccessary he is willing
>>> to change his current setup
>>>
>>> regards
>>
>>
>
> Hi Anthony, thanks for your time , not sure if the router supports VPN's
> but I'll check, when you say I don't need two NICs - how could I set the
> LAN and WAN up in isolation with one NIC ?
>
> regards

Pete Kane wrote:
> Hi all, I have a client who has asked me if it's possible for me to
> maintain his business computers remotely. His setup is a Win2K server
> and 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's
> have 2 NICS, one connects to the Win2K server and the other to the
> internet via an ADSL router using a subnet of 192.168.1.* . What would
> be the best way of achieving what he wants ? if neccessary he is willing
> to change his current setup
>
> regards

I've successfully used VNC (RealVNC.com) (runs on just about anything)
or Remote Desktop (XP Pro only) to do this. The key to security is to be
able to get your router to open the necessary port in its firewall: 5900
for VNC and 3398 for Remote Desktop. You have to set up a password in
the VNC server, and add relevant users to the Remote Desktop group on
the XP Pro boxes. I also limit router port forwarding to a specific
source address. I'm sure this could be spoofed, but the risk profile
doesn't warrant anything more stringent.

You can set up VNC to connect the other way - goes straight through
firewalls, although you have to run a "listening client" at your end and
allow port 5500 through your own firewall. Client has to initiate
connection, although I've managed to get a connection made on a
scheduled run of a script.

Phil, London

Philip Herlihy wrote:
> Pete Kane wrote:
>> Hi all, I have a client who has asked me if it's possible for me to
>> maintain his business computers remotely. His setup is a Win2K server
>> and 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's
>> have 2 NICS, one connects to the Win2K server and the other to the
>> internet via an ADSL router using a subnet of 192.168.1.* . What would
>> be the best way of achieving what he wants ? if neccessary he is
>> willing to change his current setup
>>
>> regards
>
> I've successfully used VNC (RealVNC.com) (runs on just about anything)
> or Remote Desktop (XP Pro only) to do this. The key to security is to be
> able to get your router to open the necessary port in its firewall: 5900
> for VNC and 3398 for Remote Desktop. You have to set up a password in
> the VNC server, and add relevant users to the Remote Desktop group on
> the XP Pro boxes. I also limit router port forwarding to a specific
> source address. I'm sure this could be spoofed, but the risk profile
> doesn't warrant anything more stringent.
>
> You can set up VNC to connect the other way - goes straight through
> firewalls, although you have to run a "listening client" at your end and
> allow port 5500 through your own firewall. Client has to initiate
> connection, although I've managed to get a connection made on a
> scheduled run of a script.
>
> Phil, London
thanks Phil I hadn't considered using VNC ( I use it a lot over LANs ) over the Internet because of the security factor - suppose I
could tunnel it through SSH

thanks again

Pete Kane wrote:
> Philip Herlihy wrote:
>> Pete Kane wrote:
>>> Hi all, I have a client who has asked me if it's possible for me to
>>> maintain his business computers remotely. His setup is a Win2K server
>>> and 2 XP Pro Pc's, the server uses a subnet of 192.168.2.*, the Pc's
>>> have 2 NICS, one connects to the Win2K server and the other to the
>>> internet via an ADSL router using a subnet of 192.168.1.* . What
>>> would be the best way of achieving what he wants ? if neccessary he
>>> is willing to change his current setup
>>>
>>> regards
>>
>> I've successfully used VNC (RealVNC.com) (runs on just about anything)
>> or Remote Desktop (XP Pro only) to do this. The key to security is to
>> be able to get your router to open the necessary port in its firewall:
>> 5900 for VNC and 3398 for Remote Desktop. You have to set up a
>> password in the VNC server, and add relevant users to the Remote
>> Desktop group on the XP Pro boxes. I also limit router port
>> forwarding to a specific source address. I'm sure this could be
>> spoofed, but the risk profile doesn't warrant anything more stringent.
>>
>> You can set up VNC to connect the other way - goes straight through
>> firewalls, although you have to run a "listening client" at your end
>> and allow port 5500 through your own firewall. Client has to initiate
>> connection, although I've managed to get a connection made on a
>> scheduled run of a script.
>>
>> Phil, London
> thanks Phil I hadn't considered using VNC ( I use it a lot over LANs )
> over the Internet because of the security factor - suppose I could
> tunnel it through SSH
>
> thanks again

The personal and enterprise versions have encryption built-in - only the
free one doesn't.

Phil