Re: RWW problem with SBS2003
- From: "Josh" <jajunk@xxxxxxxxxxxx>
- Date: Thu, 31 Mar 2005 00:22:27 -0600
Well, that isn't quite the solution I was hoping for, but I think we can
work with that. This SBS server is new since the ex left, and all
usernames/passwords have been altered, so hopefully that will assist with
security a little. Thanks for all of your help.
Josh
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:%23Uu$HXZNFHA.3788@xxxxxxxxxxxxxxxxxxxxxxx
> You can block 3389, with one of RRAS (if using the basic firewall), ISA,
> or an external firwall/router, and RWW and Connect to Desktop is still
> going to work.
>
> If you do this, you can log into RWW with adminstrative credentials, and
> connect to the server desktop. 3389 open to the internet isn't a
> requirement for RWW to work.
>
> Your username and password combinations are the whole enchilada so far as
> security is concerned, at this point. If the ex knows usernames, then
> having lockout policy enabled probably is good. Obfuscating ports isn't
> going to buy you much security, only complicate things for you.
>
> --
> Les Connor [SBS Community Member - SBS MVP]
> -----------------------------------------------------------
> SBS Rocks !
>
>
> "Josh" <Josh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:FA401711-D467-4418-9A93-CBCBDB585E9B@xxxxxxxxxxxxxxxx
>> The only thing we're using RWW for is to connect to the server desktop
>> from
>> remote sites. Generally RDP suits our needs, but we like having RWW for
>> the
>> offsite machines that don't have TS client or RDC client installed and we
>> don't want to install the client. Administration costs are not an issue
>> for
>> us at this point in time. Most of our own server administration is done
>> after
>> hours whenever we feel the whim to stay and play with something new... I
>> kind
>> of understand what you are saying about SBS and dynamic port numbers, but
>> not
>> totally. I guess I don't understand why RWW doesn't pick up on the change
>> of
>> the default RDP port from 3389. Apparently it assumes the port will be
>> 3389
>> rather than querying the registry? I understand that the way things are
>> designed make it more convenient, but we have had some employees that
>> have
>> left the company that know we use RDP, and my manager wants to change the
>> RDP
>> default port to make it one step more difficult for any unwanted
>> intrusion.
>> If it were up to me, I wouldn't worry about it. But, unfortunately, it's
>> not
>> up to me....
>>
>> "Les Connor [SBS Community Member - SBS M" wrote:
>>
>>> I'd not recommend changing this.
>>>
>>> The beauty of the 'connect to my desktop' feature of RWW is that both
>>> ends
>>> of the RDP connection can stay at their defaults, meaning no special
>>> configuration - multiplied by the number of workstations on the lan +
>>> the
>>> number of remote clients. It all adds up to a huge saving in
>>> administration
>>> costs.
>>>
>>> The feature allows all workstations to listen for RDP connections. And,
>>> all
>>> remote clients to use the default 3389 to establish RDP connections.
>>> Normally, once port 3389 is in use for one connection from the
>>> internet -
>>> it's not available for any additional connections until it's released.
>>> In
>>> the case of RWW and 'connect to my desktop', SBS does a cool thing. It
>>> picks
>>> up the incoming RDP connection, opens port 4125 (which is otherwise
>>> closed),
>>> then assigns a dynamic port number to make the connection to the local
>>> machine on 3389. So, you have an established connection on both ends
>>> using
>>> the default RDP port 3389, but sitting in the middle - at the server -
>>> the
>>> connection is actually proxied over some other port number. This frees
>>> up
>>> the port at the server so that additional remote connection(s) are
>>> possible.
>>>
>>> It's a cool feature with the goal of simplifying administration, and it
>>> meets that goal.
>>>
>>> --
>>> Les Connor [SBS Community Member - SBS MVP]
>>> -----------------------------------------------------------
>>> SBS Rocks !
>>>
>>>
>>> "Josh" <Josh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:DAAF8477-4A0C-4526-B2E3-2F3FAEC7751B@xxxxxxxxxxxxxxxx
>>> >I am having a problem with Remote Web Workplace on our Small Business
>>> >2003
>>> > Server. The situation is this: We want to change our Remote Desktop
>>> > Connection port to a non-default port and have done this as per
>>> > instructions
>>> > here:
>>> >
>>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;306759
>>> >
>>> > And we forward our new port through the router, and walla - RDC works
>>> > perfectly. However, when we use this non-default port, RWW no longer
>>> > works.
>>> > We've double checked port 4125 and it is forwarded through the router
>>> > and
>>> > it
>>> > is. We tried setting RDC port back to 3389 and RWW again works
>>> > correctly.
>>> > So,
>>> > I did a little searching and I found this article:
>>> >
>>> > http://support.microsoft.com/?kbid=886209
>>> >
>>> > and I went ahead and set a non-default port there and a non-default
>>> > port
>>> > for
>>> > RDC, and forwarded both through the router, and I still can't get RWW
>>> > to
>>> > connect. What am I doing wrong?
>>>
>>>
>>>
>
>
.
- References:
- Re: RWW problem with SBS2003
- From: Josh
- Re: RWW problem with SBS2003
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: RWW problem with SBS2003
- Prev by Date: RE: Restoring Public folders.
- Next by Date: Bluescreen - IRQ not less or equal
- Previous by thread: Re: RWW problem with SBS2003
- Next by thread: RE: Is it possible to have two SBS in parallel on different domain
- Index(es):
Relevant Pages
|
