Re: Remote assistance/desktop

From: Phil (itchy&scratchy_at_homer.doh.no.spam)
Date: 10/27/04 

Date: Wed, 27 Oct 2004 09:53:37 -0400

See answers below.........

"Wowbagger" <none> wrote in message
news:%23EFdJaCvEHA.2200@TK2MSFTNGP11.phx.gbl
> Environment:
>
> Host machine, Windows XP Professional SP/2 in a LAN behind a
> NAT/firewall device. No restrictions beyond an admin who may not
> know how to configure port forwarding (or even what it is - I won't
> approach him until I know exactly what I need to request).
>
> Client machine, Windows XP Media Center edition SP/2, also behind a
> NAT/firewall device over which I have full control.
>
> What specifically do I need to control host from client?

You'll need to download and install the remote desktop client from ms
website if media center doesn't have it. You also need to turn remote
desktop on in xp pro and allow it to accept connections. All accounts should
be password protected with a complex password as well.

>If I set up remote assistance using messenger will I be able to connect on
>demand
> or would somebody physically at the host have to initiate the session?

Someone would have to be physically at the machine to accept the session.
Don't do it this way.

> If I go with remote desktop, what NAT configuration changes do I need
> to request from the admin?

You will need to setup port forwarding in the firewall. Usually in the
firewalls config page(192.168.0.1) there's a place to tell it to open port
3389(default remote desktop port) and then when anyone hits that port to
forward that connection to your IP address of your computer in the
lan(network). For greater security, if your firewall supports it, you can
set it up so that it only forwards connections if they come from a certain
ip address. Then you'd add your home ip address in the firewall and if you
try to connect it will forward you, but if anyone else tries it won't
forward them. And I would also change the default listen port of 3389 to any
other port that isn't being used and then set that port up in the firewall
instead of 3389. This is just because if your firewall doesn't support the
"only forward certain ip's" function and you keep port 3389 then anyone
could hit your ip with remote desktop client and it would forward them, then
all they'd need is your user name and password. If you change the default
port, someone would need your ip address, the correct port, your user name,
and your password in order to get it to forward and connect. See here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759

> If I can get this working there are others in the office who will
> probably want to do the same - how would the NAT need to be
> configured to support remote desktop on multiple machines? Is it
> just a question of assigning NAT port xxx to forward to 3389 on the
> first desktop, NAT port yyy forwarding to 3389 on the second and so
> forth?

You'd have to change the listen ports on different machines and set up port
forwarding using those specific ports to forward to specific computers(ip's)
in the office. So Joe Smith would have his port set at 6969 and he'd connect
to your wan ip at that port, the the firewall would forward the connection
to his machine. Ex: Joe connects to -- 68.134.212.34:6969, then the firewall
is set to forward any connect attempt on 6969 to Joe's ip network address
and Joe connects, he enters his user and pass and he's in.
Post back if you need help or more info. I use remote desktop everyday(using
it right now) and have it working between work and home with a
firewall/router in office and wireless firewall/router at home. I will also
add that a firewall/router that does nat and spi is better if you want to
use this sort of remote stuff daily. SPI brings a true firewall into the
mix. Nat alone will work but isn't as secure. Both my firewall/routers do
nat and spi.

Relevant Pages

  • Re: More on Remote Desktop
    ... I still won't be opening up a port on my firewall for it, ... The Remote Desktop ... > Yes a VPN will work just fine. ...
    (microsoft.public.windowsxp.network_web)
  • Re: XP to Vista Remote Assistance.
    ... Have the Vista end turn off the NLA requirement for Remote Desktop. ... RA on XP listened on the regular RDP port so that all the ... firewall and to the machine. ...
    (microsoft.public.windowsxp.general)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)