Remote View/Control

Discussion in 'Server Networking' started by Terry, Aug 16, 2004.

  1. Terry

    Terry Guest

    What are the best ways to be able to manage the server from another desktop?
    Do I need a KVM over Cat5 for instance? or is there another way?
    Regards
     
    Terry, Aug 16, 2004
    #1
    1. Advertisements

  2. Terry

    Miha Pihler Guest

    Depending on operating system and other requirements, you could probably use
    Terminal Service. Terminal Services work on Windows 2000 Server or newer
    operating system (Windows XP, Windows 2003). In Windows 2003 Microsoft added
    support for console logon.

    If you are looking for 3rd party tools that will also work on older
    operating systems, look at VNC. http://www.realvnc.com/

    I hope this helps,

    Mike
     
    Miha Pihler, Aug 16, 2004
    #2
    1. Advertisements

  3. Terry

    Terry Guest

    Thanks Mike,
    I need to manage the server from an XP client. Anyspecial considerations to
    use Terminal Services? I have used VNC before, works quite well on Win98.
    Regards
     
    Terry, Aug 16, 2004
    #3
  4. Terry

    Miha Pihler Guest

    I use terminal service daily to access and manage servers at remote sites. I
    do it all from my Windows XP. In Windows 2003 TS is installed by default it
    is just not enabled. In Windows 2000 you have to select it when installing
    server.

    TS Client that comes with Windows XP is better (faster) then the one that
    comes with Windows 2000. You can even install it on Windows 98 and manage
    server from there.

    TS is also much faster then VNC.

    Anything special that you would like to know? Any special requirements?

    Mike
     
    Miha Pihler, Aug 16, 2004
    #4
  5. Terry

    Terry Guest

    Hello Mike,
    I have spotted an old webcast I could watch to give me an overview, I
    suppose what I need to know is some basic setup requirements for the server
    and XP client. Any HOWTO docs on this please?
    Regards
     
    Terry, Aug 17, 2004
    #5
  6. Terry

    Terry Guest

    Hello Mike,
    Just one Q. At the moment I am using a user account that has admin rights
    but only to certain shares. What do I need to put into place regarding a
    user account to be able to manage all of the server with TS? The server has
    a raid 5 configured as a C: that has the OS and D: that has all the user
    data. Currently there are shares on the D: drive that user login scripts map
    to drive letters.
    Regards
     
    Terry, Aug 17, 2004
    #6
  7. Terry

    Miha Pihler Guest

    Hi Terry,

    First, user must be able to logon to the server, just like he would be
    behind the console. He doesn't need to be a domain administrator -- but this
    will require some additional work for user to be able to logon to servers
    that are domain controllers. By default only domain administrators are
    allowed to logon to domain controllers. It is not recommended that you alow
    users that you don't trust, logon to domain controllers.

    Terminal Services in Windows Server 2003
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/terminal/default.mspx

    Mike
     
    Miha Pihler, Aug 17, 2004
    #7
  8. Terry

    Mario Guest

    I am looking for a way to manage my Windows Server 2003
    remotely. Do you have detailed instructions on how to
    configure TS to allow me to do that from my XP pro system?

    I would really appreciate your information.

    Thank you,

    Mario Hernandez
     
    Mario, Aug 18, 2004
    #8
  9. Terry

    Miha Pihler Guest

    Hi Mario,

    Windows 2003 by default installs RDP which you can use to administer
    servers. You can have up to two concurrent connections to one server (two
    administrators can work on server at a time using TS).
    Even with TS installed, they are disabled by default. To enable it right
    click My Computer on server and click Remote tab. Select the option where is
    says "Allow users to connect remotely to this computer". Here you can also
    add any non administrator users that will use TS to access it. Apply the
    settings and close all the windows.

    On your windows XP click on Start > Run > mstsc and click OK. Enter name of
    IP of server and click OK. Well from here there should be no problems.

    If you need to access remote server or other network make sure that TCP port
    3389 is not blocked.

    Mike
     
    Miha Pihler, Aug 18, 2004
    #9
  10. Terry

    Mario Guest

    Hi Mike,
    thank you for your response.

    This is my scenario. I have a windows server 2003 server
    sitting behind a SMC broadband router. I want to be able
    to connect to the server from home using TS. What
    exactly do I need to do in the router configuration page
    to allow my connection through the sever?
    You mentioned port 3389 to be open for TCP/IP is that
    correct?
    Also, you said to enter the name or IP address of the
    server, does that mean the PRIMARY DNS IP address?
    because my server is getting an ip address from my router
    (i.e. 192.168.1.x)

    Let me see if I have the correct: After setting up
    remote desktop on both, the server and the home pc with
    th especific user account, forwarding the 3389 port to
    TCP/IP and specifying the server's IP addres I open up
    the remote desktop connection window at home and the as
    an example: 192.168.1.x:3389 (where the IP address is the
    PRIMARY DNS IP ADDRESS) and click connect?

    I woud really appreciate it if you can confirm my theory
    or if you can correct my procedures.

    Mario Hernandez
     
    Mario, Aug 19, 2004
    #10
  11. Terry

    Miha Pihler Guest

    Hi,

    On your firewall you need to open TCP port 3389 and I would open it only
    from your home IP if you have static IP, so that other internet users can't
    connect to server using TS.

    192.168.1.x is a private IP address and you can only use it inside your LAN
    or WAN or over VPN. If you will connect to your server from home over
    Internet (not VPN) you will need to enter server's _public_ IP address.
    Check your firewall since it is doing NAT (Network Address Translation) for
    you.

    In MSTSC client you don't have to specify TCP port if you will use 3389 port
    (it is default port). Here are some examples how this would look.

    Using IP:
    http://freeweb.siol.net/mpihler/ip.jpg

    Using name:
    http://freeweb.siol.net/mpihler/name.jpg

    After you connect it would look something like this:
    http://freeweb.siol.net/mpihler/session.jpg

    I hope this helps,

    Mike
     
    Miha Pihler, Aug 19, 2004
    #11
  12. Terry

    Terry Guest

    Hello Mike,
    RDP works just fine. I'm noting the VPN requirements as that is the next
    thing for me to do. As I'm running Zonealarm Pro firewall I note that I will
    have to enable some ports. Not too sure about NAT getting in the way but
    seem to recall an update to one of the protocols to allow the handling of
    NAT.
    To really make things a little tricky, my ISP dishes out a dynamic IP for my
    ADSL connection which is leased for a period of time before being changed.
    Regards
     
    Terry, Aug 19, 2004
    #12
  13. Terry

    Guest Guest

    Hi Mike,
    Excuse my stupidity but what exactly do you mean when you
    say to open port 3389 from my home IP only? Do you mean
    to just open port 3389 and assign my home PC's IP address
    so it would only accept calls or connections from my home
    PC?

    Which Ip address would I use to connect to the server
    since the 192.168.x.x is a public one? I have assigned
    the server an static IP address but it is also a public
    one.
     
    Guest, Aug 19, 2004
    #13
  14. Terry

    Miha Pihler Guest

    Hi,

    What I meant was to configure your firewall that it will only allow RDP (TS)
    connections from YOUR home IP and none other. You can only do this if you
    have static IP that doesn't change every day or so (this depends on your
    ISP).

    Go to server and browse to this address:

    www.whatismyip.com

    It will say something like this:

    Your IP is 193.2.1.66.

    (For security reasons, don't post back your public IP).

    This is your public address that everyone will see when you browse internet
    from this computer (or any other if you have only 1 public IP and you
    perform NAT).

    There some IPs that are reserved only for private use (e.g. 10.0.0.0 -
    10.255.255.255; 172.16.0.0 - 172.31.255.25 and 192.168.0.0 -
    192.168.255.255) and can only be used on LAN, WAN, VPN etc. To work on
    internet you have to translate this private IP e.g. in your case 192.168.1.x
    to a public IP address (e.g. 193.2.1.66). Equipment that does that for you
    is usually a firewall, router or some other NAT device.

    Mike
     
    Miha Pihler, Aug 19, 2004
    #14
  15. Terry

    Guest Guest

    Hi Mike,
    I get it now. I was confused on which IP address i was
    going to use to establish the connection.

    So far this is what i've gather from the infomation you
    have provided:
    - Turn on Terminal services in the server and remote
    desktop on my home pc,
    - Open up port 3389 to TCP/IP and with the server's
    internal IP address.
    - find out what the server's public IP address is and
    establish the connection using that public IP address.

    Is there anything I should be concerned about in the
    server side. Things like the built-in firewall that come
    with server 2003?

    Thank you again Mike and I will let you know how
    everything works out but I won't find out until the
    weekend.

    Mario
     
    Guest, Aug 20, 2004
    #15
  16. Terry

    Miha Pihler Guest

    You only have to turn on TS (RDP) on your desktop if you want to access it
    remotely (e.g. from office). If not then you don't have to do it. The thing
    is on your desktop you will only use RDP _client_ to access the server.
    You need to open port 3389 on firewall at your office -- firewall that
    protects your server.

    You can also test it inside your company -- in the office. First enable TS
    on server and then try to connect from your desktop in the office to the
    server. This will tell you if things are working. Again make sure TCP port
    3389 is not filtered on firewall between your office PC and server.

    Mike
     
    Miha Pihler, Aug 20, 2004
    #16
  17. Terry

    Mario Guest

    Hi Mike,
    I wanted to thank you for all your help with TS and
    Remote desktop. I was able to successfully connect to my
    2003 server from my XP machine at home. the only problem
    I am running into is like you usaid, I don't have an
    Static IP address from my provider so the IP changes all
    the time.
    Based on your experience, what would you recommend as the
    best way to remotely manage my server without an static
    ip address? Should I look into purchasing an static IP
    address from my provider or is there another way tha will
    allow me to accomplish my goal by keeping the dynamic IP
    address?

    Thanks again Mike and I hope to hear from you.

    Mario
     
    Mario, Aug 22, 2004
    #17
  18. Terry

    Miha Pihler Guest

    Hi Mario,

    You are welcome :). I am glad it worked.

    My usual practice is as follows. If user has static IP I will allow him/her
    direct access to server with Terminal Service from his/hers IP.

    If they don't have static IP I will usually give them VPN access. Once they
    successfully connect using VPN they can start TS to server they need access
    to.

    TS by itself is secured using 128bit encryption by default. What would worry
    me is that anyone can get to log on screen from the internet. If you can get
    static IP and if that works for you (doesn't involve any other problems with
    any other services that you might use) to it so. Another option is to allow
    access only from your ISPs pool of IP. This is not preferred solution, but
    still better then allowing whole internet to have access to your logon
    screen...

    Mike
     
    Miha Pihler, Aug 22, 2004
    #18
  19. Terry

    Mario Guest

    Hi Mike,
    How will I go about setting up a VPN connection? I mean
    I know how to configure a VPN connection on my computer
    but what kind of information will I need from my server?
    Wouldn't the ISP's IP address be needed as well? or
    which information do I need from the office to establish
    a successful VPN connection?

    Thanks again,

    Mario
     
    Mario, Aug 23, 2004
    #19
  20. Terry

    Miha Pihler Guest

    Miha Pihler, Aug 23, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.