By default, Windows Remote Desktop is only available on your own network. To access Remote Desktop via the Internet, use a VPN or configure your router to forward ports.
TechNinja PRO has thoroughly investigated remote desktop access through the Internet. Fortunately, all Professional, Enterprise and Ultimate editions of Windows include the complete version of Windows Remote Desktop.
This feature is only available in higher-priced versions of Windows; it is not available in lower-priced versions of Windows. Setting up a Remote Desktop for internet access is simple, but you’ll have to jump through a few hoops if you utilize it. Before you begin, enable Remote Desktop on the PC you want to use and ensure that other computers on your local network may reach it.
Option 1: Set up a Virtual Private Network (VPN)
If you set up a VPN, you don’t have to expose the Remote Desktop server directly to the Internet. It’s also feasible to use the Remote Desktop server while you’re away from home by connecting via VPN, which will make your computer appear to be linked to your home network. Many services that were previously only available on your local network can now be accessed remotely.
Making Remote Desktop available over the internet via VPN is substantially more secure, and it is rather straightforward to set up with the right tools. There are further alternatives open to you.
Option 2: A second alternative is to directly expose Remote Desktop to the Internet
For individuals who do not require a virtual private network (VPN), you can simply configure your router to send Remote Desktop traffic to your PC, bypassing the VPN entirely. As a result, if you decide to go this way, you should be aware of the potential risks.
Open TCP ports, such as the one used by Remote Desktop, are a common weakness in routers that malware and automated hacking tools are always looking for. Even if you’ve set up strong passwords on your computer, you’re still vulnerable to exploits that have been discovered but have not yet been patched. You should be certain. Despite the fact that a VPN is strongly advised, you have the option of permitting RDP traffic through your network if you so wish.
Setup Remote Access on a Single Computer
If you only have one computer to connect to the internet, it’s a straightforward process. The Remote Desktop Protocol is already in use on the PC where Remote Desktop was installed (RDP). To use Remote Desktop, you must forward all traffic on TCP port 3389 to the IP address of the PC. It is impossible to provide instructions matched to your specific router. For additional in-depth assistance, we’ve also put together a detailed guide on port forwarding. To explain this concept, TechNinja PRO utilizes a basic router.
- Before you can connect to a machine running Remote Desktop, you must first determine its IP address. To gather the information you need to fix the problem, use the “config” command at the Command Prompt. In the search results, the network adapter that connects you to the Internet is listed under “Ethernet Adapter.” In that section, look for the IPv4 address.
- After that, navigate to the Port Forwarding section of your router’s control panel. You may or may not be able to find it, depending on the router you’re using. The IPv4 address you discovered earlier in that step should now be delivered to TCP port 3389.
- You should now be able to log into Remote Desktop via the internet by connecting to the public IP address provided by your router for your local network.
- You may also want to configure a static IP address on the system that hosts the Remote Desktop server. You should do this to avoid having to adjust your port forwarding settings if the computer’s internal IP address changes.
Note: If you have difficulties remembering your IP address, you may want to set up a dynamic DNS service so that you may always connect with a simple-to-remember domain name (especially if it changes).
Alter the Remote Access Port or Set Up Multiple PCs
Changing the default port for Remote Desktop on multiple PCs on your local network, or changing the port for a single PC, is a more difficult operation. Although port forwarding can be used instead of a VPN, it is still the safer and more convenient option. It’s a little difficult to change the TCP port number that each PC uses to listen for the Remote Desktop connections.
You then use the port numbers you’ve assigned to each PC to forward ports on the router separately. You can use this procedure even if you only have one computer and want to change the port number. In principle, leaving the default port open is less secure.
Before you go into the Registry, you should be aware that certain routers allow you to listen for traffic on one exterior port number but then forward it to a different port number and PC internally. You might have your router listen for internet traffic on a port number say 55,000 and then divert that traffic to a specific PC on your local network. This technique avoids the need to modify the Registry in order to change the ports that each PC uses.
You could accomplish everything if you had a router. So, before proceeding, check to determine if your router is capable of handling this. If it does not, the Registry component of these steps can be skipped.
You must perform the following procedures for each PC:
- Discover the computer’s IP address by following the steps outlined above.
- Using Registry Editor, change the Remote Desktop listening port number on that PC.
- Make a list of the IP addresses and the port numbers that belong to them.
Launch Registry Editor and allow it to make changes to your computer:
As you can see, the Registry portion of those acts is available here. Please bear in mind that if you use Registry Editor incorrectly, your system may become unstable or even inoperable. You should have no problems with this hack as long as you follow the instructions. As a result, if you’ve never used the Registry Editor before, it’s a good idea to practice first. Make a backup of the Registry (or your PC) before making any changes.
- To open the Registry Editor, click Start and type “Regedit.” By pressing Enter, you can launch Registry Editor and allow it to make changes to your computer.
- To access the properties window for the PortNumber value, double-click it on the right side.
- In the properties box, select “Decimal,” and then enter the port number you want to use in the field. You should be aware, however, that certain ports have already been seized. Wikipedia has a list of popular port assignments that you can use to determine which numbers to avoid, however network software installed on your machine may use additional ports. Although port numbers can go up to 65,535, you’ll be secure if you choose one that is greater than 50,000. Once you’ve entered the port number, click the “OK” button.
- The Registry Editor window has now been closed. Usage the port number and IP address you used to connect to that PC as a reference for future use. After that, it’s on to the next computer.
- Your router should provide you with a public IP address for your local network, which you can use to connect to Remote Desktop by entering the public IP address, followed by a colon, and the port number of the PC you want to connect to. For example, 22.214.171.124:55501 is the IP address of the PC I’d set up with the port number 55501.
Log in to the router after making the port modifications on all of your PCs to begin forwarding each of the given ports to the proper PC:
- If your router enables it, enter the computer’s name to keep things organised. Keep track of the programme to which a port is assigned by using the “Application” entry found on most routers. To keep things organised, provide the computer’s name followed by “_RDP.”
- That connection can be named and kept in Remote Desktop so you don’t have to enter the IP address and port number every time.
- If you do not use a VPN and have multiple workstations that you want to connect to using Remote Desktop, the process becomes a little more complicated. While Remote Desktop is a powerful and dependable method of remotely accessing your PCs, it does necessitate some setup before you can use it.
Remote Desktop Access has both Benefits and Drawbacks
Remote desktops provide numerous benefits to businesses of all sizes, including:
Remote desktop access allows employees all over the world to easily access the desktop resources they need without having to be physically present at the organization. This will help to improve productivity by avoiding common problems that may arise when employees work remotely, such as not having enough processing power or access to the data they require.
Companies can save money on laptops and cell phones by enabling employees to bring their own devices to work instead of purchasing additional devices for those who are away from the office.
You no longer need to rely on flash drives to access your desktop data from anywhere in the world with remote desktops. Even if you forget your flash drive, you can still complete the task using a remote desktop. It’s still a good idea to back up your files before embarking on a lengthy business trip.
Working remotely on an open public Wi-Fi network, hackers might easily eavesdrop on an employee’s browsing session and obtain their password, rendering remote desktop access vulnerable. It is also possible that an employee’s password is shared with friends or coworkers, allowing unauthorized individuals to access their remote desktop and causing more serious problems for the firm.
A virtual private network (VPN) is the most secure method of securing a remote desktop. VPNs, such as Access Server, provide secure network access, and the VPN server is set so that an employee may only access his or her own computer’s IP address via a remote desktop. You won’t have to worry about your employees gaining access to a coworker’s computer, and hackers won’t be able to access your sensitive business information.
Connecting to a Remote Desktop through a VPN
Windows is the preferred operating system for a company that sells educational software. Individuals, libraries, and schools can all purchase their products through their websites.
Microsoft’s technology pervades all aspects of the business.
- To access resources in their domains, users are authorized to use Windows Networking, Windows Domains, and Microsoft Active Directory.
- The company wants all of its employees, whether they work in the office or not, to be able to work in the same atmosphere.
- Employees can use Microsoft Workplace workstations remotely using Access Server, which also serves as a secure VPN gateway to the office network.
- On the workplace network, LDAP authentication to Windows Active Directory was configured on Access Server. When an employee used their Active Directory credentials to log onto their Windows remote access desktop, they could also use the same credentials to log into the VPN.
- The Access Server was configured to provide employees with the same level of service as if they were in the office, using Active Directory groups as a guide.
- Workers can now use their Windows login credentials to authenticate the VPN connection. Users can connect to their office PC and access all network resources as if they were sitting right next to it using the RDP client on their machine.
Using Remote Desktop Safely
With the Microsoft Distant Desktop software, you can connect to a remote PC, a virtual app, or a desktop. With this software in hand, you can stay productive wherever you go.
As a result, you’ll have better control over who has access to your network and will be able to utilise the same Windows credentials for VPN and Access Server authentication.
1. Connect to a server to remotely control a computer
A remote desktop protocol can use TCP or UDP port 3389.
2. OpenVPN Access Server provides additional protection in a number of ways
- Google Authenticator can be used for multi-factor authentication on devices that have the appropriate client certificate.
- To ensure least-privilege access, RDP access can be restricted to specific workstations using a VPN connection.
- Users can be authenticated on Access Server using Windows Active Directory and LDAP. Using their Windows credentials, the user will be able to connect to the VPN.
A virtual private network (VPN) is the most secure method of securing a remote desktop. Access Server and other Virtual Private Networks (VPNs) give secure access to your company's network, and the VPN server has the least privilege access controls in place to prevent employees from accessing the network from a remote desktop.
When using Academica, Canvas, Microsoft Office 365, Echo360, or the university library's database systems, there is no need for Remote Desktop Protocol (RDP).
Because your laptop is managed by the C&IT DeskTech staff, you will not need to use Remote Desktop Protocol (RDP). On these laptops, DirectAccess technology allows access to all WSU systems, including the W:/ disc. There is no longer any need for an RDP or VPN connection.
You'll need RDP (whether or not it's managed by C&IT DeskTech) on your Windows desktop to access your department's shared files. You can connect your personal computer to your workplace desktop, which is already configured to see your shared files, via RDP.
RDP can only be utilised if the six conditions listed below are met:
- You'll need your office's designated IT experts to set up your desktop in order to enable remote desktop connections.
- Before you can do anything else, you must first turn on your office computer.
- To meet security standards, your personal computer must have Windows 10 or macOS 10.11+ installed, as well as frequent security upgrades.
- Any computer that you own outright must have an Internet connection.
- You must install both RDP and Global Protect VPN on your PC in order to utilize them.
- Before you can use Global Protect, your smartphone must have the Duo Two-Factor Authentication software installed and push notifications activated.