How to connect to more than one machine using RDP ??

Discussion in 'Server Networking' started by Synapse Syndrome, May 3, 2006.

  1. I have used Small Business Server's Remote Web Workplace facility and I
    find it very good. All connected desktop machines on the network can be
    easily accessed through the server.

    But can something like this be done at all when not using SBS? As the RDP
    port can only be forwarded to one machine, what is the solution when you
    want to connect to more than one? And yes, obviously I have one IP address
    and am using NAT.

    ss.
     
    Synapse Syndrome, May 3, 2006
    #1
    1. Advertisements

  2. Hi,

    In this case you could use different port number. E.g. 3389 is default TCP
    port. You can use 3390 for another RDP session, 3391 for another session
    etc. Of course when user wants to connect to his computer he has to specify
    name of the computer and correct TCP port number in the MSTSC client.

    On your NAT device you have to configure forwarding. E.g. if connection
    comes to TCP port 3390 you know that it has to be forwarded to PC10 (with
    e.g. IP address 192.168.1.10) and if connection comes to TCP port 3391 it
    has to be forwarded to PC15 (with e.g. IP address 192.168.1.15).

    This article might also help you out...

    How to change the listening port for Remote Desktop
    http://support.microsoft.com/?kbid=306759
     
    Miha Pihler [MVP], May 3, 2006
    #2
    1. Advertisements


  3. Hi Mike/Miha

    Thanks, that's great. But how do I choose which computer to connect to on
    the RDP client? In the Computer: field would I type something like
    my.domain.com:3390 for example?

    ss.
     
    Synapse Syndrome, May 3, 2006
    #3
  4. Hi

    Yes, that is correct. You can also use command line option. E.g.

    mstsc /v:my.domain.com:3390.

    Note that I have run into some problems on same networks. While they allowed
    3389 for RDP ports they blocked other ports like 3390 etc... So in this case
    these clients would not be able to connect to RDP.
     
    Miha Pihler [MVP], May 3, 2006
    #4
  5. A safer way is to setup a Virtual Private Network (VPN) and access all PCs
    through the VPN tunnel. That way you only need one port open on the firewall
    versus multiple ports. I would post to the
    microsoft.public.windows.server.sbs news group for help with that...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], May 3, 2006
    #5
  6. Hi,

    Can you explain a bit more why would VPN be safer then RDP connection?

    Actually for VPN you do need more then one port open and few protocols
    compared to RDP where you actually do have one TCP port open (3389).
     
    Miha Pihler [MVP], May 3, 2006
    #6
  7. It depends on what VPN package you use...

    I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194
    is the default although I use another obscure port.

    http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

    In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one
    port open (TCP Port 22 is the default) on my firewall and I can access any
    of my PCs on my local LAN...

    http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

    In both cases I either use a cert and a key protected with a strong password
    or a private/public key pair protected with a strong password and only have
    one port forwarded/opened incoming on my firewall...

    I just like to minimize my exposure to the public internet.

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], May 3, 2006
    #7
  8. Hi,

    What I usually recommend (depending on the needs of the client) is to use
    RDP since it too requires one port. Personally I prefer RDP since I don't
    have to worry about security of the client (does it have antivirus running
    or is it infected with a virus; does it have all patches installed; does it
    have e.g. personal firewall enable etc)... It is very unlikely that users
    will infect the LAN with a worm over RDP connection while I seen quite a few
    infection over VPN connections (connections that allowed unlimited access to
    the remote network). And with RDP it is relatively easy to set what users
    can and can't do on the remote server.
    In environments where they did need VPN -- we set up VPN quarantine to make
    sure clients would not infect whole network.

    If the number of ports is an issue -- I would recommend open only 3389 and
    logon to the server. Once on the server RDP to the computer you want to
    access...

    As far as traffic is concerned -- RDP sessions are encrypted with 128 bit
    keys (if RDP server is set to high encryption). As addition in environments
    requiring higher security -- we also implemented two factor authentication
    on RDP sessions (e.g. RSA SecurID cards) or Smart Card logons...

    --
    Mike
    Microsoft MVP - Windows Security

     
    Miha Pihler [MVP], May 3, 2006
    #8
  9. Synapse Syndrome

    roman modic Guest

    Hello!

    What was the main reason for replacing SSH with OpenVPN?

    Thanks, Roman
     
    roman modic, May 3, 2006
    #9
  10. Access to shared files/folders on other PCs besides my SSH server PC. With
    OpenVPN I can access shares on each PC seamlessly from the remote client. I
    could not do that with SSH.

    As far as RDP is concerned there really is no difference other than
    addressing, ie. you need port redirection/forwarding through the SSH client,
    versus direct addressing via IP or NetBIOS name with OpenVPN... In my case I
    also have a common "hosts" file on my OpenVPN server PC and my clients.

    Now you need to be aware that this is for access to a Small Office/Home
    Office (SoHo) network without a standalone server like SBS or W2K3/W2K...

    As always YMMV...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], May 3, 2006
    #10

  11. What about using UPnP? How would that effect things?

    ss.
     
    Synapse Syndrome, May 4, 2006
    #11
  12. Synapse Syndrome

    roman modic Guest

    Hello!
    Groovy - RDP over RDP.
    BTW, here are some RDP hacks for heavy users of Remote Desktop ...
    http://odetocode.com/Blogs/scott/archive/2006/04/19/3334.aspx

    Regards, Roman
     
    roman modic, May 4, 2006
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.