Sign in with
Sign up | Sign in
Your question

Remote Desktop

Last response: in Windows XP
Share
Anonymous
August 10, 2005 4:35:38 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Good Afternoon,

I hope everyone is doing GREAT! today. We have a small office and we are
running Win 2003 Server. My boss would like to access his office computer
from his house. The office computer is running Windows XP Pro, and his home
computer is running XP Pro also.

We currently use Terminal Services to access the network, ie Outlook Web
Access primarily. But as you know that appears to be limited to
programs/applications on the server.

Is there a way I can set up access to my boss' workstation here in the
office for remote access? I'm not sure if this is a smallbiz question or a
windows xp. We have high speed access here at the office.
XP has that remote desktop feature that will allow you to control a computer
but I'm not sure if I can use this inside of a office network, because when
I try the IP address I get the server instead of a workstation.

Please advise, thanks!

Sincerely,
Anthony Smith
In God We Trust!

More about : remote desktop

Anonymous
August 10, 2005 4:35:39 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Hi Anthony:

Yes, this can be done, and can be done quite easily under certain
conditions, but doing so also introduces a whole bunch of potential security
issues, and would very much depend on the specific configuration of your
Internet Access.

First, if you are behind firewall or gateway (or are sharing your internet
connection through one single computer), you will first have to solve the
connection issue. In this case, your boss wont be able to find the office
computer on the Internet on its own. His office computer will need to
establish an outside connection first, and again this can introduce a whole
bunch of security issues.

Windows Messenger offers a lot of features to mke this possible, but
depending on your configuration, by the time you enable all the features,
you may as well tell the whole free world your boss' computer in on the net
for remote control by just about anyone.

So in order to avoid a lengthy diatribe, lets start with the following
questions:

1) Is your company network behind a firewall or does one computer share its
Internet access with all computers (i.e., NAT enabled)?

2) What kind of connectivity does your boss hve to the Internet from at
home? Do you know if he has a fixed IP address? (This helps with security,
if you have to open up features like remote control, you might be able to
open those features ONLY to his address if it doesn't change).

3) Does he use Windows/MSN Messenger? He will probably have to start using
it if he wants to use the built-in remote control features of XP.

4) Would he be willing to consider (purchase) a third party program?

5) Are both systems updated to SP2?

Lets start with those, and see what can be done to help you.

Keith C. Jakobs, MCP



"Anthony Smith" <anthony@peconet.com> wrote in message
news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
> Good Afternoon,
>
> I hope everyone is doing GREAT! today. We have a small office and we are
> running Win 2003 Server. My boss would like to access his office computer
> from his house. The office computer is running Windows XP Pro, and his
home
> computer is running XP Pro also.
>
> We currently use Terminal Services to access the network, ie Outlook Web
> Access primarily. But as you know that appears to be limited to
> programs/applications on the server.
>
> Is there a way I can set up access to my boss' workstation here in the
> office for remote access? I'm not sure if this is a smallbiz question or a
> windows xp. We have high speed access here at the office.
> XP has that remote desktop feature that will allow you to control a
computer
> but I'm not sure if I can use this inside of a office network, because
when
> I try the IP address I get the server instead of a workstation.
>
> Please advise, thanks!
>
> Sincerely,
> Anthony Smith
> In God We Trust!
>
>
Anonymous
August 10, 2005 6:44:13 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Thanks for the reply, let's see if we can answer these questions:

> 1) Is your company network behind a firewall or does one computer share
> its
> Internet access with all computers (i.e., NAT enabled)?
Yes we have firewall hardware and use the Win2003 server ISA. Our server
has 2 NIC, 1 is the internal network, the other is for our high speed
access. The high speed goes through the firewall, then connects to the
server.

>
> 2) What kind of connectivity does your boss hve to the Internet from at
> home? Do you know if he has a fixed IP address? (This helps with
> security,
> if you have to open up features like remote control, you might be able to
> open those features ONLY to his address if it doesn't change).
He has high speed cable connection and to the best of my knowledge it has a
fixed IP address.

>
> 3) Does he use Windows/MSN Messenger? He will probably have to start
> using
> it if he wants to use the built-in remote control features of XP.
No he doesn't use Windows/MSN Messenger but we can.

>
> 4) Would he be willing to consider (purchase) a third party program?

We'd prefer not to. We're you thinking about PC Anywhere. I was hoping we
could use what we have without purchasing any 3rd parties...people often get
drunk at parties, and I'm not that type of drinker! (smile)
>
> 5) Are both systems updated to SP2?

Yes we have SP2 running, if he doesn't at home I'll make sure he does. He
has 2 computers for home use, a company laptop which he uses often and a
desktop. I know the laptop has SP2 installed. All we're interested in is
getting the laptop to connect remotely to his office computer, we don't have
to worry about the other one at his home.

"Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
> Hi Anthony:
>
> Yes, this can be done, and can be done quite easily under certain
> conditions, but doing so also introduces a whole bunch of potential
> security
> issues, and would very much depend on the specific configuration of your
> Internet Access.
>
> First, if you are behind firewall or gateway (or are sharing your
> internet
> connection through one single computer), you will first have to solve the
> connection issue. In this case, your boss wont be able to find the office
> computer on the Internet on its own. His office computer will need to
> establish an outside connection first, and again this can introduce a
> whole
> bunch of security issues.
>
> Windows Messenger offers a lot of features to mke this possible, but
> depending on your configuration, by the time you enable all the features,
> you may as well tell the whole free world your boss' computer in on the
> net
> for remote control by just about anyone.
>
> So in order to avoid a lengthy diatribe, lets start with the following
> questions:
>
> 1) Is your company network behind a firewall or does one computer share
> its
> Internet access with all computers (i.e., NAT enabled)?
>
> 2) What kind of connectivity does your boss hve to the Internet from at
> home? Do you know if he has a fixed IP address? (This helps with
> security,
> if you have to open up features like remote control, you might be able to
> open those features ONLY to his address if it doesn't change).
>
> 3) Does he use Windows/MSN Messenger? He will probably have to start
> using
> it if he wants to use the built-in remote control features of XP.
>
> 4) Would he be willing to consider (purchase) a third party program?
>
> 5) Are both systems updated to SP2?
>
> Lets start with those, and see what can be done to help you.
>
> Keith C. Jakobs, MCP
>
>
>
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>> Good Afternoon,
>>
>> I hope everyone is doing GREAT! today. We have a small office and we are
>> running Win 2003 Server. My boss would like to access his office
>> computer
>> from his house. The office computer is running Windows XP Pro, and his
> home
>> computer is running XP Pro also.
>>
>> We currently use Terminal Services to access the network, ie Outlook Web
>> Access primarily. But as you know that appears to be limited to
>> programs/applications on the server.
>>
>> Is there a way I can set up access to my boss' workstation here in the
>> office for remote access? I'm not sure if this is a smallbiz question or
>> a
>> windows xp. We have high speed access here at the office.
>> XP has that remote desktop feature that will allow you to control a
> computer
>> but I'm not sure if I can use this inside of a office network, because
> when
>> I try the IP address I get the server instead of a workstation.
>>
>> Please advise, thanks!
>>
>> Sincerely,
>> Anthony Smith
>> In God We Trust!
>>
>>
>
>
Related resources
Anonymous
August 10, 2005 6:44:14 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Hi Anthony....

Looks like you are in a good position to set this up with a reasonable
amount of security in place, and without having to resort to those drinking
parties (hic) ;-)

First. make sure you can get Remote Connection running before establishing a
connection from outside the network. Make sure it has been enabled.... that
it can accept incoming requests without an invitation from the host, and
make sure that if Windows Firewall has been enabled, that you have allowed
exceptions for Remote Connections. Also, you may want to limit those who
can strt remote control sessions to just you and your boss. Then be sure
you can actually connect to the box from another computer inside the ISA
Firewall before you proceed to the next step.

The next thing is you will need to publish a rule in ISA Server that allows
your boss' work computer to be available on the Internet for remote control.
You will want to open ONLY port 3389 within this rule (Microsoft RDP [Remote
Desktop Protocol]), and ideally, allow ONLY the fixed IP address that your
boss uses at home to even connect to this 'published' service. What your
boss uses to connect to will be dependent on how many public IP addresses
you have available to you. If there is only one on your ISA Server, then
you will likely only be able to enable one box for remote connectivity. In
that case, if your boss tries to connect to the server they way he has been,
and your ISA publishing rule tells it to redirect all requests for Port 3389
on that IP address to his internal work computer, then it should connect him
to his office XP system.

Hope that helps get you started.

Good Luck.

Keith C. Jakobs, MCP
"Anthony Smith" <anthony@peconet.com> wrote in message
news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
> Thanks for the reply, let's see if we can answer these questions:
>
> > 1) Is your company network behind a firewall or does one computer share
> > its
> > Internet access with all computers (i.e., NAT enabled)?
> Yes we have firewall hardware and use the Win2003 server ISA. Our server
> has 2 NIC, 1 is the internal network, the other is for our high speed
> access. The high speed goes through the firewall, then connects to the
> server.
>
> >
> > 2) What kind of connectivity does your boss hve to the Internet from at
> > home? Do you know if he has a fixed IP address? (This helps with
> > security,
> > if you have to open up features like remote control, you might be able
to
> > open those features ONLY to his address if it doesn't change).
> He has high speed cable connection and to the best of my knowledge it has
a
> fixed IP address.
>
> >
> > 3) Does he use Windows/MSN Messenger? He will probably have to start
> > using
> > it if he wants to use the built-in remote control features of XP.
> No he doesn't use Windows/MSN Messenger but we can.
>
> >
> > 4) Would he be willing to consider (purchase) a third party program?
>
> We'd prefer not to. We're you thinking about PC Anywhere. I was hoping we
> could use what we have without purchasing any 3rd parties...people often
get
> drunk at parties, and I'm not that type of drinker! (smile)
> >
> > 5) Are both systems updated to SP2?
>
> Yes we have SP2 running, if he doesn't at home I'll make sure he does. He
> has 2 computers for home use, a company laptop which he uses often and a
> desktop. I know the laptop has SP2 installed. All we're interested in is
> getting the laptop to connect remotely to his office computer, we don't
have
> to worry about the other one at his home.
>
> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
> > Hi Anthony:
> >
> > Yes, this can be done, and can be done quite easily under certain
> > conditions, but doing so also introduces a whole bunch of potential
> > security
> > issues, and would very much depend on the specific configuration of your
> > Internet Access.
> >
> > First, if you are behind firewall or gateway (or are sharing your
> > internet
> > connection through one single computer), you will first have to solve
the
> > connection issue. In this case, your boss wont be able to find the
office
> > computer on the Internet on its own. His office computer will need to
> > establish an outside connection first, and again this can introduce a
> > whole
> > bunch of security issues.
> >
> > Windows Messenger offers a lot of features to mke this possible, but
> > depending on your configuration, by the time you enable all the
features,
> > you may as well tell the whole free world your boss' computer in on the
> > net
> > for remote control by just about anyone.
> >
> > So in order to avoid a lengthy diatribe, lets start with the following
> > questions:
> >
> > 1) Is your company network behind a firewall or does one computer share
> > its
> > Internet access with all computers (i.e., NAT enabled)?
> >
> > 2) What kind of connectivity does your boss hve to the Internet from at
> > home? Do you know if he has a fixed IP address? (This helps with
> > security,
> > if you have to open up features like remote control, you might be able
to
> > open those features ONLY to his address if it doesn't change).
> >
> > 3) Does he use Windows/MSN Messenger? He will probably have to start
> > using
> > it if he wants to use the built-in remote control features of XP.
> >
> > 4) Would he be willing to consider (purchase) a third party program?
> >
> > 5) Are both systems updated to SP2?
> >
> > Lets start with those, and see what can be done to help you.
> >
> > Keith C. Jakobs, MCP
> >
> >
> >
> > "Anthony Smith" <anthony@peconet.com> wrote in message
> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
> >> Good Afternoon,
> >>
> >> I hope everyone is doing GREAT! today. We have a small office and we
are
> >> running Win 2003 Server. My boss would like to access his office
> >> computer
> >> from his house. The office computer is running Windows XP Pro, and his
> > home
> >> computer is running XP Pro also.
> >>
> >> We currently use Terminal Services to access the network, ie Outlook
Web
> >> Access primarily. But as you know that appears to be limited to
> >> programs/applications on the server.
> >>
> >> Is there a way I can set up access to my boss' workstation here in the
> >> office for remote access? I'm not sure if this is a smallbiz question
or
> >> a
> >> windows xp. We have high speed access here at the office.
> >> XP has that remote desktop feature that will allow you to control a
> > computer
> >> but I'm not sure if I can use this inside of a office network, because
> > when
> >> I try the IP address I get the server instead of a workstation.
> >>
> >> Please advise, thanks!
> >>
> >> Sincerely,
> >> Anthony Smith
> >> In God We Trust!
> >>
> >>
> >
> >
>
>
Anonymous
August 10, 2005 8:49:13 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

We have the 3389 open because we use Terminal Server. I actually sometimes
do some admin stuff while I'm on the road so I'd like to continue to have
access to the server instead of forwarding everything to my boss' machine.
Is there another way? Maybe setting up a VPN or something.

So I know who I'm talking to, are you with the SBS group or the XP group?

Thanks!

"Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
> Hi Anthony....
>
> Looks like you are in a good position to set this up with a reasonable
> amount of security in place, and without having to resort to those
> drinking
> parties (hic) ;-)
>
> First. make sure you can get Remote Connection running before establishing
> a
> connection from outside the network. Make sure it has been enabled....
> that
> it can accept incoming requests without an invitation from the host, and
> make sure that if Windows Firewall has been enabled, that you have allowed
> exceptions for Remote Connections. Also, you may want to limit those who
> can strt remote control sessions to just you and your boss. Then be sure
> you can actually connect to the box from another computer inside the ISA
> Firewall before you proceed to the next step.
>
> The next thing is you will need to publish a rule in ISA Server that
> allows
> your boss' work computer to be available on the Internet for remote
> control.
> You will want to open ONLY port 3389 within this rule (Microsoft RDP
> [Remote
> Desktop Protocol]), and ideally, allow ONLY the fixed IP address that your
> boss uses at home to even connect to this 'published' service. What your
> boss uses to connect to will be dependent on how many public IP addresses
> you have available to you. If there is only one on your ISA Server, then
> you will likely only be able to enable one box for remote connectivity.
> In
> that case, if your boss tries to connect to the server they way he has
> been,
> and your ISA publishing rule tells it to redirect all requests for Port
> 3389
> on that IP address to his internal work computer, then it should connect
> him
> to his office XP system.
>
> Hope that helps get you started.
>
> Good Luck.
>
> Keith C. Jakobs, MCP
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>> Thanks for the reply, let's see if we can answer these questions:
>>
>> > 1) Is your company network behind a firewall or does one computer
>> > share
>> > its
>> > Internet access with all computers (i.e., NAT enabled)?
>> Yes we have firewall hardware and use the Win2003 server ISA. Our server
>> has 2 NIC, 1 is the internal network, the other is for our high speed
>> access. The high speed goes through the firewall, then connects to the
>> server.
>>
>> >
>> > 2) What kind of connectivity does your boss hve to the Internet from at
>> > home? Do you know if he has a fixed IP address? (This helps with
>> > security,
>> > if you have to open up features like remote control, you might be able
> to
>> > open those features ONLY to his address if it doesn't change).
>> He has high speed cable connection and to the best of my knowledge it has
> a
>> fixed IP address.
>>
>> >
>> > 3) Does he use Windows/MSN Messenger? He will probably have to start
>> > using
>> > it if he wants to use the built-in remote control features of XP.
>> No he doesn't use Windows/MSN Messenger but we can.
>>
>> >
>> > 4) Would he be willing to consider (purchase) a third party program?
>>
>> We'd prefer not to. We're you thinking about PC Anywhere. I was hoping we
>> could use what we have without purchasing any 3rd parties...people often
> get
>> drunk at parties, and I'm not that type of drinker! (smile)
>> >
>> > 5) Are both systems updated to SP2?
>>
>> Yes we have SP2 running, if he doesn't at home I'll make sure he does. He
>> has 2 computers for home use, a company laptop which he uses often and a
>> desktop. I know the laptop has SP2 installed. All we're interested in
>> is
>> getting the laptop to connect remotely to his office computer, we don't
> have
>> to worry about the other one at his home.
>>
>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>> > Hi Anthony:
>> >
>> > Yes, this can be done, and can be done quite easily under certain
>> > conditions, but doing so also introduces a whole bunch of potential
>> > security
>> > issues, and would very much depend on the specific configuration of
>> > your
>> > Internet Access.
>> >
>> > First, if you are behind firewall or gateway (or are sharing your
>> > internet
>> > connection through one single computer), you will first have to solve
> the
>> > connection issue. In this case, your boss wont be able to find the
> office
>> > computer on the Internet on its own. His office computer will need to
>> > establish an outside connection first, and again this can introduce a
>> > whole
>> > bunch of security issues.
>> >
>> > Windows Messenger offers a lot of features to mke this possible, but
>> > depending on your configuration, by the time you enable all the
> features,
>> > you may as well tell the whole free world your boss' computer in on the
>> > net
>> > for remote control by just about anyone.
>> >
>> > So in order to avoid a lengthy diatribe, lets start with the following
>> > questions:
>> >
>> > 1) Is your company network behind a firewall or does one computer
>> > share
>> > its
>> > Internet access with all computers (i.e., NAT enabled)?
>> >
>> > 2) What kind of connectivity does your boss hve to the Internet from at
>> > home? Do you know if he has a fixed IP address? (This helps with
>> > security,
>> > if you have to open up features like remote control, you might be able
> to
>> > open those features ONLY to his address if it doesn't change).
>> >
>> > 3) Does he use Windows/MSN Messenger? He will probably have to start
>> > using
>> > it if he wants to use the built-in remote control features of XP.
>> >
>> > 4) Would he be willing to consider (purchase) a third party program?
>> >
>> > 5) Are both systems updated to SP2?
>> >
>> > Lets start with those, and see what can be done to help you.
>> >
>> > Keith C. Jakobs, MCP
>> >
>> >
>> >
>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>> >> Good Afternoon,
>> >>
>> >> I hope everyone is doing GREAT! today. We have a small office and we
> are
>> >> running Win 2003 Server. My boss would like to access his office
>> >> computer
>> >> from his house. The office computer is running Windows XP Pro, and
>> >> his
>> > home
>> >> computer is running XP Pro also.
>> >>
>> >> We currently use Terminal Services to access the network, ie Outlook
> Web
>> >> Access primarily. But as you know that appears to be limited to
>> >> programs/applications on the server.
>> >>
>> >> Is there a way I can set up access to my boss' workstation here in the
>> >> office for remote access? I'm not sure if this is a smallbiz question
> or
>> >> a
>> >> windows xp. We have high speed access here at the office.
>> >> XP has that remote desktop feature that will allow you to control a
>> > computer
>> >> but I'm not sure if I can use this inside of a office network, because
>> > when
>> >> I try the IP address I get the server instead of a workstation.
>> >>
>> >> Please advise, thanks!
>> >>
>> >> Sincerely,
>> >> Anthony Smith
>> >> In God We Trust!
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Anonymous
August 10, 2005 8:49:14 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Hi Anthony,

I am with neither group... just an independent consultant that was looking
for help with some XP issues, and try to contribute back to the newsgroups
when I am using them. So, I have been replying from the XP newsgroup.

Yes, with only one IP address, you re only going to be able to expose one
'Terminal Server'.

You may be able to try to initiate a connection with the ISA server using
another port #, and use the difference in port numbers to determine which
server/PC to forward the request to, but you will still need to forward it
to the box you intend to remote control over the same 3389 port. I am not
sure if ISA 2004 supports that.

A VPN my be another way to go, but I know they can be complicated to set-up,
(though I have heard it is easier with ISA 2004... I still use ISA 2000),
and that would be outside of my expertise.

If you still want to try to do it without VPN and see if you can use
different ports on the same IP to determine the destination, I may be able
to still help.

Good Luck.

Keith C. Jakobs, MCP


"Anthony Smith" <anthony@peconet.com> wrote in message
news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
> We have the 3389 open because we use Terminal Server. I actually
sometimes
> do some admin stuff while I'm on the road so I'd like to continue to have
> access to the server instead of forwarding everything to my boss' machine.
> Is there another way? Maybe setting up a VPN or something.
>
> So I know who I'm talking to, are you with the SBS group or the XP group?
>
> Thanks!
>
> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
> > Hi Anthony....
> >
> > Looks like you are in a good position to set this up with a reasonable
> > amount of security in place, and without having to resort to those
> > drinking
> > parties (hic) ;-)
> >
> > First. make sure you can get Remote Connection running before
establishing
> > a
> > connection from outside the network. Make sure it has been enabled....
> > that
> > it can accept incoming requests without an invitation from the host, and
> > make sure that if Windows Firewall has been enabled, that you have
allowed
> > exceptions for Remote Connections. Also, you may want to limit those
who
> > can strt remote control sessions to just you and your boss. Then be
sure
> > you can actually connect to the box from another computer inside the ISA
> > Firewall before you proceed to the next step.
> >
> > The next thing is you will need to publish a rule in ISA Server that
> > allows
> > your boss' work computer to be available on the Internet for remote
> > control.
> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
> > [Remote
> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address that
your
> > boss uses at home to even connect to this 'published' service. What
your
> > boss uses to connect to will be dependent on how many public IP
addresses
> > you have available to you. If there is only one on your ISA Server,
then
> > you will likely only be able to enable one box for remote connectivity.
> > In
> > that case, if your boss tries to connect to the server they way he has
> > been,
> > and your ISA publishing rule tells it to redirect all requests for Port
> > 3389
> > on that IP address to his internal work computer, then it should connect
> > him
> > to his office XP system.
> >
> > Hope that helps get you started.
> >
> > Good Luck.
> >
> > Keith C. Jakobs, MCP
> > "Anthony Smith" <anthony@peconet.com> wrote in message
> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
> >> Thanks for the reply, let's see if we can answer these questions:
> >>
> >> > 1) Is your company network behind a firewall or does one computer
> >> > share
> >> > its
> >> > Internet access with all computers (i.e., NAT enabled)?
> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
server
> >> has 2 NIC, 1 is the internal network, the other is for our high speed
> >> access. The high speed goes through the firewall, then connects to the
> >> server.
> >>
> >> >
> >> > 2) What kind of connectivity does your boss hve to the Internet from
at
> >> > home? Do you know if he has a fixed IP address? (This helps with
> >> > security,
> >> > if you have to open up features like remote control, you might be
able
> > to
> >> > open those features ONLY to his address if it doesn't change).
> >> He has high speed cable connection and to the best of my knowledge it
has
> > a
> >> fixed IP address.
> >>
> >> >
> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
start
> >> > using
> >> > it if he wants to use the built-in remote control features of XP.
> >> No he doesn't use Windows/MSN Messenger but we can.
> >>
> >> >
> >> > 4) Would he be willing to consider (purchase) a third party program?
> >>
> >> We'd prefer not to. We're you thinking about PC Anywhere. I was hoping
we
> >> could use what we have without purchasing any 3rd parties...people
often
> > get
> >> drunk at parties, and I'm not that type of drinker! (smile)
> >> >
> >> > 5) Are both systems updated to SP2?
> >>
> >> Yes we have SP2 running, if he doesn't at home I'll make sure he does.
He
> >> has 2 computers for home use, a company laptop which he uses often and
a
> >> desktop. I know the laptop has SP2 installed. All we're interested in
> >> is
> >> getting the laptop to connect remotely to his office computer, we don't
> > have
> >> to worry about the other one at his home.
> >>
> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
> >> > Hi Anthony:
> >> >
> >> > Yes, this can be done, and can be done quite easily under certain
> >> > conditions, but doing so also introduces a whole bunch of potential
> >> > security
> >> > issues, and would very much depend on the specific configuration of
> >> > your
> >> > Internet Access.
> >> >
> >> > First, if you are behind firewall or gateway (or are sharing your
> >> > internet
> >> > connection through one single computer), you will first have to solve
> > the
> >> > connection issue. In this case, your boss wont be able to find the
> > office
> >> > computer on the Internet on its own. His office computer will need
to
> >> > establish an outside connection first, and again this can introduce a
> >> > whole
> >> > bunch of security issues.
> >> >
> >> > Windows Messenger offers a lot of features to mke this possible, but
> >> > depending on your configuration, by the time you enable all the
> > features,
> >> > you may as well tell the whole free world your boss' computer in on
the
> >> > net
> >> > for remote control by just about anyone.
> >> >
> >> > So in order to avoid a lengthy diatribe, lets start with the
following
> >> > questions:
> >> >
> >> > 1) Is your company network behind a firewall or does one computer
> >> > share
> >> > its
> >> > Internet access with all computers (i.e., NAT enabled)?
> >> >
> >> > 2) What kind of connectivity does your boss hve to the Internet from
at
> >> > home? Do you know if he has a fixed IP address? (This helps with
> >> > security,
> >> > if you have to open up features like remote control, you might be
able
> > to
> >> > open those features ONLY to his address if it doesn't change).
> >> >
> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
start
> >> > using
> >> > it if he wants to use the built-in remote control features of XP.
> >> >
> >> > 4) Would he be willing to consider (purchase) a third party program?
> >> >
> >> > 5) Are both systems updated to SP2?
> >> >
> >> > Lets start with those, and see what can be done to help you.
> >> >
> >> > Keith C. Jakobs, MCP
> >> >
> >> >
> >> >
> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
> >> >> Good Afternoon,
> >> >>
> >> >> I hope everyone is doing GREAT! today. We have a small office and
we
> > are
> >> >> running Win 2003 Server. My boss would like to access his office
> >> >> computer
> >> >> from his house. The office computer is running Windows XP Pro, and
> >> >> his
> >> > home
> >> >> computer is running XP Pro also.
> >> >>
> >> >> We currently use Terminal Services to access the network, ie Outlook
> > Web
> >> >> Access primarily. But as you know that appears to be limited to
> >> >> programs/applications on the server.
> >> >>
> >> >> Is there a way I can set up access to my boss' workstation here in
the
> >> >> office for remote access? I'm not sure if this is a smallbiz
question
> > or
> >> >> a
> >> >> windows xp. We have high speed access here at the office.
> >> >> XP has that remote desktop feature that will allow you to control a
> >> > computer
> >> >> but I'm not sure if I can use this inside of a office network,
because
> >> > when
> >> >> I try the IP address I get the server instead of a workstation.
> >> >>
> >> >> Please advise, thanks!
> >> >>
> >> >> Sincerely,
> >> >> Anthony Smith
> >> >> In God We Trust!
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
August 10, 2005 11:35:37 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

"" wrote:
> Good Afternoon,
>
> I hope everyone is doing GREAT! today. We have a small office
> and we are
> running Win 2003 Server. My boss would like to access his
> office computer
> from his house. The office computer is running Windows XP
> Pro, and his home
> computer is running XP Pro also.
>
> We currently use Terminal Services to access the network, ie
> Outlook Web
> Access primarily. But as you know that appears to be limited
> to
> programs/applications on the server.
>
> Is there a way I can set up access to my boss' workstation
> here in the
> office for remote access? I'm not sure if this is a smallbiz
> question or a
> windows xp. We have high speed access here at the office.
> XP has that remote desktop feature that will allow you to
> control a computer
> but I'm not sure if I can use this inside of a office network,
> because when
> I try the IP address I get the server instead of a
> workstation.
>
> Please advise, thanks!
>
> Sincerely,
> Anthony Smith
> In God We Trust!

If you have a win 2003 domain, shouldnt you have a "computer guy" who
takes care of the network? If so, ask them. It is easy to do if you
know what to do.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/General-Discussion-Remote-...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1350489
Anonymous
August 11, 2005 11:40:41 AM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

I've gotta ask, is this server an SBS 2003 or just a plain W2003Server?

You mention ISA and Exchange and have posted to the SBS4.x newsgroup, so I
gotta wonder.

If it is SBS2003 you need to investigate Remote Web Workplace (RWW) which
will allow users to connect to any PC behind the SBS and additionally allow
administrators to connect to the server desktops using a process known as
RDP proxy. You log in to RWW using HTTPS and the RDP Proxy will accept
multiple connections in port 4125 and redirect them to the desktops (or
TS's) port 3389.

SBS public Newsgroups:

SBS 4.x: microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs


"Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
> Hi Anthony,
>
> I am with neither group... just an independent consultant that was looking
> for help with some XP issues, and try to contribute back to the newsgroups
> when I am using them. So, I have been replying from the XP newsgroup.
>
> Yes, with only one IP address, you re only going to be able to expose one
> 'Terminal Server'.
>
> You may be able to try to initiate a connection with the ISA server using
> another port #, and use the difference in port numbers to determine which
> server/PC to forward the request to, but you will still need to forward it
> to the box you intend to remote control over the same 3389 port. I am not
> sure if ISA 2004 supports that.
>
> A VPN my be another way to go, but I know they can be complicated to
> set-up,
> (though I have heard it is easier with ISA 2004... I still use ISA 2000),
> and that would be outside of my expertise.
>
> If you still want to try to do it without VPN and see if you can use
> different ports on the same IP to determine the destination, I may be able
> to still help.
>
> Good Luck.
>
> Keith C. Jakobs, MCP
>
>
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>> We have the 3389 open because we use Terminal Server. I actually
> sometimes
>> do some admin stuff while I'm on the road so I'd like to continue to have
>> access to the server instead of forwarding everything to my boss'
>> machine.
>> Is there another way? Maybe setting up a VPN or something.
>>
>> So I know who I'm talking to, are you with the SBS group or the XP group?
>>
>> Thanks!
>>
>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>> > Hi Anthony....
>> >
>> > Looks like you are in a good position to set this up with a reasonable
>> > amount of security in place, and without having to resort to those
>> > drinking
>> > parties (hic) ;-)
>> >
>> > First. make sure you can get Remote Connection running before
> establishing
>> > a
>> > connection from outside the network. Make sure it has been enabled....
>> > that
>> > it can accept incoming requests without an invitation from the host,
>> > and
>> > make sure that if Windows Firewall has been enabled, that you have
> allowed
>> > exceptions for Remote Connections. Also, you may want to limit those
> who
>> > can strt remote control sessions to just you and your boss. Then be
> sure
>> > you can actually connect to the box from another computer inside the
>> > ISA
>> > Firewall before you proceed to the next step.
>> >
>> > The next thing is you will need to publish a rule in ISA Server that
>> > allows
>> > your boss' work computer to be available on the Internet for remote
>> > control.
>> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>> > [Remote
>> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address that
> your
>> > boss uses at home to even connect to this 'published' service. What
> your
>> > boss uses to connect to will be dependent on how many public IP
> addresses
>> > you have available to you. If there is only one on your ISA Server,
> then
>> > you will likely only be able to enable one box for remote connectivity.
>> > In
>> > that case, if your boss tries to connect to the server they way he has
>> > been,
>> > and your ISA publishing rule tells it to redirect all requests for Port
>> > 3389
>> > on that IP address to his internal work computer, then it should
>> > connect
>> > him
>> > to his office XP system.
>> >
>> > Hope that helps get you started.
>> >
>> > Good Luck.
>> >
>> > Keith C. Jakobs, MCP
>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>> >> Thanks for the reply, let's see if we can answer these questions:
>> >>
>> >> > 1) Is your company network behind a firewall or does one computer
>> >> > share
>> >> > its
>> >> > Internet access with all computers (i.e., NAT enabled)?
>> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
> server
>> >> has 2 NIC, 1 is the internal network, the other is for our high speed
>> >> access. The high speed goes through the firewall, then connects to
>> >> the
>> >> server.
>> >>
>> >> >
>> >> > 2) What kind of connectivity does your boss hve to the Internet from
> at
>> >> > home? Do you know if he has a fixed IP address? (This helps with
>> >> > security,
>> >> > if you have to open up features like remote control, you might be
> able
>> > to
>> >> > open those features ONLY to his address if it doesn't change).
>> >> He has high speed cable connection and to the best of my knowledge it
> has
>> > a
>> >> fixed IP address.
>> >>
>> >> >
>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
> start
>> >> > using
>> >> > it if he wants to use the built-in remote control features of XP.
>> >> No he doesn't use Windows/MSN Messenger but we can.
>> >>
>> >> >
>> >> > 4) Would he be willing to consider (purchase) a third party program?
>> >>
>> >> We'd prefer not to. We're you thinking about PC Anywhere. I was hoping
> we
>> >> could use what we have without purchasing any 3rd parties...people
> often
>> > get
>> >> drunk at parties, and I'm not that type of drinker! (smile)
>> >> >
>> >> > 5) Are both systems updated to SP2?
>> >>
>> >> Yes we have SP2 running, if he doesn't at home I'll make sure he does.
> He
>> >> has 2 computers for home use, a company laptop which he uses often and
> a
>> >> desktop. I know the laptop has SP2 installed. All we're interested
>> >> in
>> >> is
>> >> getting the laptop to connect remotely to his office computer, we
>> >> don't
>> > have
>> >> to worry about the other one at his home.
>> >>
>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>> >> > Hi Anthony:
>> >> >
>> >> > Yes, this can be done, and can be done quite easily under certain
>> >> > conditions, but doing so also introduces a whole bunch of potential
>> >> > security
>> >> > issues, and would very much depend on the specific configuration of
>> >> > your
>> >> > Internet Access.
>> >> >
>> >> > First, if you are behind firewall or gateway (or are sharing your
>> >> > internet
>> >> > connection through one single computer), you will first have to
>> >> > solve
>> > the
>> >> > connection issue. In this case, your boss wont be able to find the
>> > office
>> >> > computer on the Internet on its own. His office computer will need
> to
>> >> > establish an outside connection first, and again this can introduce
>> >> > a
>> >> > whole
>> >> > bunch of security issues.
>> >> >
>> >> > Windows Messenger offers a lot of features to mke this possible, but
>> >> > depending on your configuration, by the time you enable all the
>> > features,
>> >> > you may as well tell the whole free world your boss' computer in on
> the
>> >> > net
>> >> > for remote control by just about anyone.
>> >> >
>> >> > So in order to avoid a lengthy diatribe, lets start with the
> following
>> >> > questions:
>> >> >
>> >> > 1) Is your company network behind a firewall or does one computer
>> >> > share
>> >> > its
>> >> > Internet access with all computers (i.e., NAT enabled)?
>> >> >
>> >> > 2) What kind of connectivity does your boss hve to the Internet from
> at
>> >> > home? Do you know if he has a fixed IP address? (This helps with
>> >> > security,
>> >> > if you have to open up features like remote control, you might be
> able
>> > to
>> >> > open those features ONLY to his address if it doesn't change).
>> >> >
>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
> start
>> >> > using
>> >> > it if he wants to use the built-in remote control features of XP.
>> >> >
>> >> > 4) Would he be willing to consider (purchase) a third party program?
>> >> >
>> >> > 5) Are both systems updated to SP2?
>> >> >
>> >> > Lets start with those, and see what can be done to help you.
>> >> >
>> >> > Keith C. Jakobs, MCP
>> >> >
>> >> >
>> >> >
>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>> >> >> Good Afternoon,
>> >> >>
>> >> >> I hope everyone is doing GREAT! today. We have a small office and
> we
>> > are
>> >> >> running Win 2003 Server. My boss would like to access his office
>> >> >> computer
>> >> >> from his house. The office computer is running Windows XP Pro, and
>> >> >> his
>> >> > home
>> >> >> computer is running XP Pro also.
>> >> >>
>> >> >> We currently use Terminal Services to access the network, ie
>> >> >> Outlook
>> > Web
>> >> >> Access primarily. But as you know that appears to be limited to
>> >> >> programs/applications on the server.
>> >> >>
>> >> >> Is there a way I can set up access to my boss' workstation here in
> the
>> >> >> office for remote access? I'm not sure if this is a smallbiz
> question
>> > or
>> >> >> a
>> >> >> windows xp. We have high speed access here at the office.
>> >> >> XP has that remote desktop feature that will allow you to control a
>> >> > computer
>> >> >> but I'm not sure if I can use this inside of a office network,
> because
>> >> > when
>> >> >> I try the IP address I get the server instead of a workstation.
>> >> >>
>> >> >> Please advise, thanks!
>> >> >>
>> >> >> Sincerely,
>> >> >> Anthony Smith
>> >> >> In God We Trust!
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Anonymous
August 11, 2005 12:39:10 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Thanks for your help. Guess what, thank the Lord, we figured it out. We
have SBS2003. And I logged in to Terminal Server as usual from a remote
location. Then I log into Remote Desktop that is located ON THE SERVER and
then I choose my boss' computer and whoop there it is.

So I can still have access to terminal server and my boss can also. Once he
logs into the network and access the server, because Remote Desktop is on
the server he can then open that application and log into his computer.

Thanks for your help, glad we could find a workaround without really
changing any settings on the server. Just clicked the Allow Remote Desktop
on my boss' pc was the only real change I had to do.

Have a blessed day!
"Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
> Hi Anthony,
>
> I am with neither group... just an independent consultant that was looking
> for help with some XP issues, and try to contribute back to the newsgroups
> when I am using them. So, I have been replying from the XP newsgroup.
>
> Yes, with only one IP address, you re only going to be able to expose one
> 'Terminal Server'.
>
> You may be able to try to initiate a connection with the ISA server using
> another port #, and use the difference in port numbers to determine which
> server/PC to forward the request to, but you will still need to forward it
> to the box you intend to remote control over the same 3389 port. I am not
> sure if ISA 2004 supports that.
>
> A VPN my be another way to go, but I know they can be complicated to
> set-up,
> (though I have heard it is easier with ISA 2004... I still use ISA 2000),
> and that would be outside of my expertise.
>
> If you still want to try to do it without VPN and see if you can use
> different ports on the same IP to determine the destination, I may be able
> to still help.
>
> Good Luck.
>
> Keith C. Jakobs, MCP
>
>
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>> We have the 3389 open because we use Terminal Server. I actually
> sometimes
>> do some admin stuff while I'm on the road so I'd like to continue to have
>> access to the server instead of forwarding everything to my boss'
>> machine.
>> Is there another way? Maybe setting up a VPN or something.
>>
>> So I know who I'm talking to, are you with the SBS group or the XP group?
>>
>> Thanks!
>>
>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>> > Hi Anthony....
>> >
>> > Looks like you are in a good position to set this up with a reasonable
>> > amount of security in place, and without having to resort to those
>> > drinking
>> > parties (hic) ;-)
>> >
>> > First. make sure you can get Remote Connection running before
> establishing
>> > a
>> > connection from outside the network. Make sure it has been enabled....
>> > that
>> > it can accept incoming requests without an invitation from the host,
>> > and
>> > make sure that if Windows Firewall has been enabled, that you have
> allowed
>> > exceptions for Remote Connections. Also, you may want to limit those
> who
>> > can strt remote control sessions to just you and your boss. Then be
> sure
>> > you can actually connect to the box from another computer inside the
>> > ISA
>> > Firewall before you proceed to the next step.
>> >
>> > The next thing is you will need to publish a rule in ISA Server that
>> > allows
>> > your boss' work computer to be available on the Internet for remote
>> > control.
>> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>> > [Remote
>> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address that
> your
>> > boss uses at home to even connect to this 'published' service. What
> your
>> > boss uses to connect to will be dependent on how many public IP
> addresses
>> > you have available to you. If there is only one on your ISA Server,
> then
>> > you will likely only be able to enable one box for remote connectivity.
>> > In
>> > that case, if your boss tries to connect to the server they way he has
>> > been,
>> > and your ISA publishing rule tells it to redirect all requests for Port
>> > 3389
>> > on that IP address to his internal work computer, then it should
>> > connect
>> > him
>> > to his office XP system.
>> >
>> > Hope that helps get you started.
>> >
>> > Good Luck.
>> >
>> > Keith C. Jakobs, MCP
>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>> >> Thanks for the reply, let's see if we can answer these questions:
>> >>
>> >> > 1) Is your company network behind a firewall or does one computer
>> >> > share
>> >> > its
>> >> > Internet access with all computers (i.e., NAT enabled)?
>> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
> server
>> >> has 2 NIC, 1 is the internal network, the other is for our high speed
>> >> access. The high speed goes through the firewall, then connects to
>> >> the
>> >> server.
>> >>
>> >> >
>> >> > 2) What kind of connectivity does your boss hve to the Internet from
> at
>> >> > home? Do you know if he has a fixed IP address? (This helps with
>> >> > security,
>> >> > if you have to open up features like remote control, you might be
> able
>> > to
>> >> > open those features ONLY to his address if it doesn't change).
>> >> He has high speed cable connection and to the best of my knowledge it
> has
>> > a
>> >> fixed IP address.
>> >>
>> >> >
>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
> start
>> >> > using
>> >> > it if he wants to use the built-in remote control features of XP.
>> >> No he doesn't use Windows/MSN Messenger but we can.
>> >>
>> >> >
>> >> > 4) Would he be willing to consider (purchase) a third party program?
>> >>
>> >> We'd prefer not to. We're you thinking about PC Anywhere. I was hoping
> we
>> >> could use what we have without purchasing any 3rd parties...people
> often
>> > get
>> >> drunk at parties, and I'm not that type of drinker! (smile)
>> >> >
>> >> > 5) Are both systems updated to SP2?
>> >>
>> >> Yes we have SP2 running, if he doesn't at home I'll make sure he does.
> He
>> >> has 2 computers for home use, a company laptop which he uses often and
> a
>> >> desktop. I know the laptop has SP2 installed. All we're interested
>> >> in
>> >> is
>> >> getting the laptop to connect remotely to his office computer, we
>> >> don't
>> > have
>> >> to worry about the other one at his home.
>> >>
>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>> >> > Hi Anthony:
>> >> >
>> >> > Yes, this can be done, and can be done quite easily under certain
>> >> > conditions, but doing so also introduces a whole bunch of potential
>> >> > security
>> >> > issues, and would very much depend on the specific configuration of
>> >> > your
>> >> > Internet Access.
>> >> >
>> >> > First, if you are behind firewall or gateway (or are sharing your
>> >> > internet
>> >> > connection through one single computer), you will first have to
>> >> > solve
>> > the
>> >> > connection issue. In this case, your boss wont be able to find the
>> > office
>> >> > computer on the Internet on its own. His office computer will need
> to
>> >> > establish an outside connection first, and again this can introduce
>> >> > a
>> >> > whole
>> >> > bunch of security issues.
>> >> >
>> >> > Windows Messenger offers a lot of features to mke this possible, but
>> >> > depending on your configuration, by the time you enable all the
>> > features,
>> >> > you may as well tell the whole free world your boss' computer in on
> the
>> >> > net
>> >> > for remote control by just about anyone.
>> >> >
>> >> > So in order to avoid a lengthy diatribe, lets start with the
> following
>> >> > questions:
>> >> >
>> >> > 1) Is your company network behind a firewall or does one computer
>> >> > share
>> >> > its
>> >> > Internet access with all computers (i.e., NAT enabled)?
>> >> >
>> >> > 2) What kind of connectivity does your boss hve to the Internet from
> at
>> >> > home? Do you know if he has a fixed IP address? (This helps with
>> >> > security,
>> >> > if you have to open up features like remote control, you might be
> able
>> > to
>> >> > open those features ONLY to his address if it doesn't change).
>> >> >
>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
> start
>> >> > using
>> >> > it if he wants to use the built-in remote control features of XP.
>> >> >
>> >> > 4) Would he be willing to consider (purchase) a third party program?
>> >> >
>> >> > 5) Are both systems updated to SP2?
>> >> >
>> >> > Lets start with those, and see what can be done to help you.
>> >> >
>> >> > Keith C. Jakobs, MCP
>> >> >
>> >> >
>> >> >
>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>> >> >> Good Afternoon,
>> >> >>
>> >> >> I hope everyone is doing GREAT! today. We have a small office and
> we
>> > are
>> >> >> running Win 2003 Server. My boss would like to access his office
>> >> >> computer
>> >> >> from his house. The office computer is running Windows XP Pro, and
>> >> >> his
>> >> > home
>> >> >> computer is running XP Pro also.
>> >> >>
>> >> >> We currently use Terminal Services to access the network, ie
>> >> >> Outlook
>> > Web
>> >> >> Access primarily. But as you know that appears to be limited to
>> >> >> programs/applications on the server.
>> >> >>
>> >> >> Is there a way I can set up access to my boss' workstation here in
> the
>> >> >> office for remote access? I'm not sure if this is a smallbiz
> question
>> > or
>> >> >> a
>> >> >> windows xp. We have high speed access here at the office.
>> >> >> XP has that remote desktop feature that will allow you to control a
>> >> > computer
>> >> >> but I'm not sure if I can use this inside of a office network,
> because
>> >> > when
>> >> >> I try the IP address I get the server instead of a workstation.
>> >> >>
>> >> >> Please advise, thanks!
>> >> >>
>> >> >> Sincerely,
>> >> >> Anthony Smith
>> >> >> In God We Trust!
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Anonymous
August 11, 2005 12:39:41 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Thanks for the help! See my other post that I posted today for the solution.
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:%23kAvpQfnFHA.3120@TK2MSFTNGP09.phx.gbl...
> I've gotta ask, is this server an SBS 2003 or just a plain W2003Server?
>
> You mention ISA and Exchange and have posted to the SBS4.x newsgroup, so I
> gotta wonder.
>
> If it is SBS2003 you need to investigate Remote Web Workplace (RWW) which
> will allow users to connect to any PC behind the SBS and additionally
> allow administrators to connect to the server desktops using a process
> known as RDP proxy. You log in to RWW using HTTPS and the RDP Proxy will
> accept multiple connections in port 4125 and redirect them to the desktops
> (or TS's) port 3389.
>
> SBS public Newsgroups:
>
> SBS 4.x: microsoft.public.backoffice.smallbiz
> SBS 2000: microsoft.public.backoffice.smallbiz2000
> SBS 2003: microsoft.public.windows.server.sbs
>
>
> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
>> Hi Anthony,
>>
>> I am with neither group... just an independent consultant that was
>> looking
>> for help with some XP issues, and try to contribute back to the
>> newsgroups
>> when I am using them. So, I have been replying from the XP newsgroup.
>>
>> Yes, with only one IP address, you re only going to be able to expose one
>> 'Terminal Server'.
>>
>> You may be able to try to initiate a connection with the ISA server using
>> another port #, and use the difference in port numbers to determine which
>> server/PC to forward the request to, but you will still need to forward
>> it
>> to the box you intend to remote control over the same 3389 port. I am
>> not
>> sure if ISA 2004 supports that.
>>
>> A VPN my be another way to go, but I know they can be complicated to
>> set-up,
>> (though I have heard it is easier with ISA 2004... I still use ISA 2000),
>> and that would be outside of my expertise.
>>
>> If you still want to try to do it without VPN and see if you can use
>> different ports on the same IP to determine the destination, I may be
>> able
>> to still help.
>>
>> Good Luck.
>>
>> Keith C. Jakobs, MCP
>>
>>
>> "Anthony Smith" <anthony@peconet.com> wrote in message
>> news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>>> We have the 3389 open because we use Terminal Server. I actually
>> sometimes
>>> do some admin stuff while I'm on the road so I'd like to continue to
>>> have
>>> access to the server instead of forwarding everything to my boss'
>>> machine.
>>> Is there another way? Maybe setting up a VPN or something.
>>>
>>> So I know who I'm talking to, are you with the SBS group or the XP
>>> group?
>>>
>>> Thanks!
>>>
>>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>>> > Hi Anthony....
>>> >
>>> > Looks like you are in a good position to set this up with a reasonable
>>> > amount of security in place, and without having to resort to those
>>> > drinking
>>> > parties (hic) ;-)
>>> >
>>> > First. make sure you can get Remote Connection running before
>> establishing
>>> > a
>>> > connection from outside the network. Make sure it has been
>>> > enabled....
>>> > that
>>> > it can accept incoming requests without an invitation from the host,
>>> > and
>>> > make sure that if Windows Firewall has been enabled, that you have
>> allowed
>>> > exceptions for Remote Connections. Also, you may want to limit those
>> who
>>> > can strt remote control sessions to just you and your boss. Then be
>> sure
>>> > you can actually connect to the box from another computer inside the
>>> > ISA
>>> > Firewall before you proceed to the next step.
>>> >
>>> > The next thing is you will need to publish a rule in ISA Server that
>>> > allows
>>> > your boss' work computer to be available on the Internet for remote
>>> > control.
>>> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>>> > [Remote
>>> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address that
>> your
>>> > boss uses at home to even connect to this 'published' service. What
>> your
>>> > boss uses to connect to will be dependent on how many public IP
>> addresses
>>> > you have available to you. If there is only one on your ISA Server,
>> then
>>> > you will likely only be able to enable one box for remote
>>> > connectivity.
>>> > In
>>> > that case, if your boss tries to connect to the server they way he has
>>> > been,
>>> > and your ISA publishing rule tells it to redirect all requests for
>>> > Port
>>> > 3389
>>> > on that IP address to his internal work computer, then it should
>>> > connect
>>> > him
>>> > to his office XP system.
>>> >
>>> > Hope that helps get you started.
>>> >
>>> > Good Luck.
>>> >
>>> > Keith C. Jakobs, MCP
>>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>>> >> Thanks for the reply, let's see if we can answer these questions:
>>> >>
>>> >> > 1) Is your company network behind a firewall or does one computer
>>> >> > share
>>> >> > its
>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
>> server
>>> >> has 2 NIC, 1 is the internal network, the other is for our high speed
>>> >> access. The high speed goes through the firewall, then connects to
>>> >> the
>>> >> server.
>>> >>
>>> >> >
>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>> >> > from
>> at
>>> >> > home? Do you know if he has a fixed IP address? (This helps with
>>> >> > security,
>>> >> > if you have to open up features like remote control, you might be
>> able
>>> > to
>>> >> > open those features ONLY to his address if it doesn't change).
>>> >> He has high speed cable connection and to the best of my knowledge it
>> has
>>> > a
>>> >> fixed IP address.
>>> >>
>>> >> >
>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>> start
>>> >> > using
>>> >> > it if he wants to use the built-in remote control features of XP.
>>> >> No he doesn't use Windows/MSN Messenger but we can.
>>> >>
>>> >> >
>>> >> > 4) Would he be willing to consider (purchase) a third party
>>> >> > program?
>>> >>
>>> >> We'd prefer not to. We're you thinking about PC Anywhere. I was
>>> >> hoping
>> we
>>> >> could use what we have without purchasing any 3rd parties...people
>> often
>>> > get
>>> >> drunk at parties, and I'm not that type of drinker! (smile)
>>> >> >
>>> >> > 5) Are both systems updated to SP2?
>>> >>
>>> >> Yes we have SP2 running, if he doesn't at home I'll make sure he
>>> >> does.
>> He
>>> >> has 2 computers for home use, a company laptop which he uses often
>>> >> and
>> a
>>> >> desktop. I know the laptop has SP2 installed. All we're interested
>>> >> in
>>> >> is
>>> >> getting the laptop to connect remotely to his office computer, we
>>> >> don't
>>> > have
>>> >> to worry about the other one at his home.
>>> >>
>>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>>> >> > Hi Anthony:
>>> >> >
>>> >> > Yes, this can be done, and can be done quite easily under certain
>>> >> > conditions, but doing so also introduces a whole bunch of potential
>>> >> > security
>>> >> > issues, and would very much depend on the specific configuration of
>>> >> > your
>>> >> > Internet Access.
>>> >> >
>>> >> > First, if you are behind firewall or gateway (or are sharing your
>>> >> > internet
>>> >> > connection through one single computer), you will first have to
>>> >> > solve
>>> > the
>>> >> > connection issue. In this case, your boss wont be able to find the
>>> > office
>>> >> > computer on the Internet on its own. His office computer will need
>> to
>>> >> > establish an outside connection first, and again this can introduce
>>> >> > a
>>> >> > whole
>>> >> > bunch of security issues.
>>> >> >
>>> >> > Windows Messenger offers a lot of features to mke this possible,
>>> >> > but
>>> >> > depending on your configuration, by the time you enable all the
>>> > features,
>>> >> > you may as well tell the whole free world your boss' computer in on
>> the
>>> >> > net
>>> >> > for remote control by just about anyone.
>>> >> >
>>> >> > So in order to avoid a lengthy diatribe, lets start with the
>> following
>>> >> > questions:
>>> >> >
>>> >> > 1) Is your company network behind a firewall or does one computer
>>> >> > share
>>> >> > its
>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>> >> >
>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>> >> > from
>> at
>>> >> > home? Do you know if he has a fixed IP address? (This helps with
>>> >> > security,
>>> >> > if you have to open up features like remote control, you might be
>> able
>>> > to
>>> >> > open those features ONLY to his address if it doesn't change).
>>> >> >
>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>> start
>>> >> > using
>>> >> > it if he wants to use the built-in remote control features of XP.
>>> >> >
>>> >> > 4) Would he be willing to consider (purchase) a third party
>>> >> > program?
>>> >> >
>>> >> > 5) Are both systems updated to SP2?
>>> >> >
>>> >> > Lets start with those, and see what can be done to help you.
>>> >> >
>>> >> > Keith C. Jakobs, MCP
>>> >> >
>>> >> >
>>> >> >
>>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>>> >> >> Good Afternoon,
>>> >> >>
>>> >> >> I hope everyone is doing GREAT! today. We have a small office and
>> we
>>> > are
>>> >> >> running Win 2003 Server. My boss would like to access his office
>>> >> >> computer
>>> >> >> from his house. The office computer is running Windows XP Pro,
>>> >> >> and
>>> >> >> his
>>> >> > home
>>> >> >> computer is running XP Pro also.
>>> >> >>
>>> >> >> We currently use Terminal Services to access the network, ie
>>> >> >> Outlook
>>> > Web
>>> >> >> Access primarily. But as you know that appears to be limited to
>>> >> >> programs/applications on the server.
>>> >> >>
>>> >> >> Is there a way I can set up access to my boss' workstation here in
>> the
>>> >> >> office for remote access? I'm not sure if this is a smallbiz
>> question
>>> > or
>>> >> >> a
>>> >> >> windows xp. We have high speed access here at the office.
>>> >> >> XP has that remote desktop feature that will allow you to control
>>> >> >> a
>>> >> > computer
>>> >> >> but I'm not sure if I can use this inside of a office network,
>> because
>>> >> > when
>>> >> >> I try the IP address I get the server instead of a workstation.
>>> >> >>
>>> >> >> Please advise, thanks!
>>> >> >>
>>> >> >> Sincerely,
>>> >> >> Anthony Smith
>>> >> >> In God We Trust!
>>> >> >>
>>> >> >>
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >
>>> >
>>>
>>>
>>
>>
>
>
Anonymous
August 11, 2005 8:41:25 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Anthony,

A word of cauton.

Make sure your boss ends his TS session by start/logoff...otherwise the
session remains and you will exhaust the supply of administrative sessions.

HTH

RickD
"Anthony Smith" <anthony@peconet.com> wrote in message
news:uV8mtGnnFHA.3660@TK2MSFTNGP10.phx.gbl...
> Thanks for your help. Guess what, thank the Lord, we figured it out. We
> have SBS2003. And I logged in to Terminal Server as usual from a remote
> location. Then I log into Remote Desktop that is located ON THE SERVER and
> then I choose my boss' computer and whoop there it is.
>
> So I can still have access to terminal server and my boss can also. Once
he
> logs into the network and access the server, because Remote Desktop is on
> the server he can then open that application and log into his computer.
>
> Thanks for your help, glad we could find a workaround without really
> changing any settings on the server. Just clicked the Allow Remote
Desktop
> on my boss' pc was the only real change I had to do.
>
> Have a blessed day!
> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
> > Hi Anthony,
> >
> > I am with neither group... just an independent consultant that was
looking
> > for help with some XP issues, and try to contribute back to the
newsgroups
> > when I am using them. So, I have been replying from the XP newsgroup.
> >
> > Yes, with only one IP address, you re only going to be able to expose
one
> > 'Terminal Server'.
> >
> > You may be able to try to initiate a connection with the ISA server
using
> > another port #, and use the difference in port numbers to determine
which
> > server/PC to forward the request to, but you will still need to forward
it
> > to the box you intend to remote control over the same 3389 port. I am
not
> > sure if ISA 2004 supports that.
> >
> > A VPN my be another way to go, but I know they can be complicated to
> > set-up,
> > (though I have heard it is easier with ISA 2004... I still use ISA
2000),
> > and that would be outside of my expertise.
> >
> > If you still want to try to do it without VPN and see if you can use
> > different ports on the same IP to determine the destination, I may be
able
> > to still help.
> >
> > Good Luck.
> >
> > Keith C. Jakobs, MCP
> >
> >
> > "Anthony Smith" <anthony@peconet.com> wrote in message
> > news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
> >> We have the 3389 open because we use Terminal Server. I actually
> > sometimes
> >> do some admin stuff while I'm on the road so I'd like to continue to
have
> >> access to the server instead of forwarding everything to my boss'
> >> machine.
> >> Is there another way? Maybe setting up a VPN or something.
> >>
> >> So I know who I'm talking to, are you with the SBS group or the XP
group?
> >>
> >> Thanks!
> >>
> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> >> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
> >> > Hi Anthony....
> >> >
> >> > Looks like you are in a good position to set this up with a
reasonable
> >> > amount of security in place, and without having to resort to those
> >> > drinking
> >> > parties (hic) ;-)
> >> >
> >> > First. make sure you can get Remote Connection running before
> > establishing
> >> > a
> >> > connection from outside the network. Make sure it has been
enabled....
> >> > that
> >> > it can accept incoming requests without an invitation from the host,
> >> > and
> >> > make sure that if Windows Firewall has been enabled, that you have
> > allowed
> >> > exceptions for Remote Connections. Also, you may want to limit those
> > who
> >> > can strt remote control sessions to just you and your boss. Then be
> > sure
> >> > you can actually connect to the box from another computer inside the
> >> > ISA
> >> > Firewall before you proceed to the next step.
> >> >
> >> > The next thing is you will need to publish a rule in ISA Server that
> >> > allows
> >> > your boss' work computer to be available on the Internet for remote
> >> > control.
> >> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
> >> > [Remote
> >> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address that
> > your
> >> > boss uses at home to even connect to this 'published' service. What
> > your
> >> > boss uses to connect to will be dependent on how many public IP
> > addresses
> >> > you have available to you. If there is only one on your ISA Server,
> > then
> >> > you will likely only be able to enable one box for remote
connectivity.
> >> > In
> >> > that case, if your boss tries to connect to the server they way he
has
> >> > been,
> >> > and your ISA publishing rule tells it to redirect all requests for
Port
> >> > 3389
> >> > on that IP address to his internal work computer, then it should
> >> > connect
> >> > him
> >> > to his office XP system.
> >> >
> >> > Hope that helps get you started.
> >> >
> >> > Good Luck.
> >> >
> >> > Keith C. Jakobs, MCP
> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
> >> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
> >> >> Thanks for the reply, let's see if we can answer these questions:
> >> >>
> >> >> > 1) Is your company network behind a firewall or does one computer
> >> >> > share
> >> >> > its
> >> >> > Internet access with all computers (i.e., NAT enabled)?
> >> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
> > server
> >> >> has 2 NIC, 1 is the internal network, the other is for our high
speed
> >> >> access. The high speed goes through the firewall, then connects to
> >> >> the
> >> >> server.
> >> >>
> >> >> >
> >> >> > 2) What kind of connectivity does your boss hve to the Internet
from
> > at
> >> >> > home? Do you know if he has a fixed IP address? (This helps with
> >> >> > security,
> >> >> > if you have to open up features like remote control, you might be
> > able
> >> > to
> >> >> > open those features ONLY to his address if it doesn't change).
> >> >> He has high speed cable connection and to the best of my knowledge
it
> > has
> >> > a
> >> >> fixed IP address.
> >> >>
> >> >> >
> >> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
> > start
> >> >> > using
> >> >> > it if he wants to use the built-in remote control features of XP.
> >> >> No he doesn't use Windows/MSN Messenger but we can.
> >> >>
> >> >> >
> >> >> > 4) Would he be willing to consider (purchase) a third party
program?
> >> >>
> >> >> We'd prefer not to. We're you thinking about PC Anywhere. I was
hoping
> > we
> >> >> could use what we have without purchasing any 3rd parties...people
> > often
> >> > get
> >> >> drunk at parties, and I'm not that type of drinker! (smile)
> >> >> >
> >> >> > 5) Are both systems updated to SP2?
> >> >>
> >> >> Yes we have SP2 running, if he doesn't at home I'll make sure he
does.
> > He
> >> >> has 2 computers for home use, a company laptop which he uses often
and
> > a
> >> >> desktop. I know the laptop has SP2 installed. All we're interested
> >> >> in
> >> >> is
> >> >> getting the laptop to connect remotely to his office computer, we
> >> >> don't
> >> > have
> >> >> to worry about the other one at his home.
> >> >>
> >> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
> >> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
> >> >> > Hi Anthony:
> >> >> >
> >> >> > Yes, this can be done, and can be done quite easily under certain
> >> >> > conditions, but doing so also introduces a whole bunch of
potential
> >> >> > security
> >> >> > issues, and would very much depend on the specific configuration
of
> >> >> > your
> >> >> > Internet Access.
> >> >> >
> >> >> > First, if you are behind firewall or gateway (or are sharing your
> >> >> > internet
> >> >> > connection through one single computer), you will first have to
> >> >> > solve
> >> > the
> >> >> > connection issue. In this case, your boss wont be able to find
the
> >> > office
> >> >> > computer on the Internet on its own. His office computer will
need
> > to
> >> >> > establish an outside connection first, and again this can
introduce
> >> >> > a
> >> >> > whole
> >> >> > bunch of security issues.
> >> >> >
> >> >> > Windows Messenger offers a lot of features to mke this possible,
but
> >> >> > depending on your configuration, by the time you enable all the
> >> > features,
> >> >> > you may as well tell the whole free world your boss' computer in
on
> > the
> >> >> > net
> >> >> > for remote control by just about anyone.
> >> >> >
> >> >> > So in order to avoid a lengthy diatribe, lets start with the
> > following
> >> >> > questions:
> >> >> >
> >> >> > 1) Is your company network behind a firewall or does one computer
> >> >> > share
> >> >> > its
> >> >> > Internet access with all computers (i.e., NAT enabled)?
> >> >> >
> >> >> > 2) What kind of connectivity does your boss hve to the Internet
from
> > at
> >> >> > home? Do you know if he has a fixed IP address? (This helps with
> >> >> > security,
> >> >> > if you have to open up features like remote control, you might be
> > able
> >> > to
> >> >> > open those features ONLY to his address if it doesn't change).
> >> >> >
> >> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
> > start
> >> >> > using
> >> >> > it if he wants to use the built-in remote control features of XP.
> >> >> >
> >> >> > 4) Would he be willing to consider (purchase) a third party
program?
> >> >> >
> >> >> > 5) Are both systems updated to SP2?
> >> >> >
> >> >> > Lets start with those, and see what can be done to help you.
> >> >> >
> >> >> > Keith C. Jakobs, MCP
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
> >> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
> >> >> >> Good Afternoon,
> >> >> >>
> >> >> >> I hope everyone is doing GREAT! today. We have a small office
and
> > we
> >> > are
> >> >> >> running Win 2003 Server. My boss would like to access his office
> >> >> >> computer
> >> >> >> from his house. The office computer is running Windows XP Pro,
and
> >> >> >> his
> >> >> > home
> >> >> >> computer is running XP Pro also.
> >> >> >>
> >> >> >> We currently use Terminal Services to access the network, ie
> >> >> >> Outlook
> >> > Web
> >> >> >> Access primarily. But as you know that appears to be limited to
> >> >> >> programs/applications on the server.
> >> >> >>
> >> >> >> Is there a way I can set up access to my boss' workstation here
in
> > the
> >> >> >> office for remote access? I'm not sure if this is a smallbiz
> > question
> >> > or
> >> >> >> a
> >> >> >> windows xp. We have high speed access here at the office.
> >> >> >> XP has that remote desktop feature that will allow you to control
a
> >> >> > computer
> >> >> >> but I'm not sure if I can use this inside of a office network,
> > because
> >> >> > when
> >> >> >> I try the IP address I get the server instead of a workstation.
> >> >> >>
> >> >> >> Please advise, thanks!
> >> >> >>
> >> >> >> Sincerely,
> >> >> >> Anthony Smith
> >> >> >> In God We Trust!
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
Anonymous
August 12, 2005 2:51:26 AM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

you are not operating in an optimal manner. Your solution allows only one
person at a time TS access and unnecessarily exposes port 3389 to the
internet. Investigate RWW.

"Anthony Smith" <anthony@peconet.com> wrote in message
news:edzTAHnnFHA.3312@tk2msftngp13.phx.gbl...
> Thanks for the help! See my other post that I posted today for the
> solution.
> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> news:%23kAvpQfnFHA.3120@TK2MSFTNGP09.phx.gbl...
>> I've gotta ask, is this server an SBS 2003 or just a plain W2003Server?
>>
>> You mention ISA and Exchange and have posted to the SBS4.x newsgroup, so
>> I gotta wonder.
>>
>> If it is SBS2003 you need to investigate Remote Web Workplace (RWW) which
>> will allow users to connect to any PC behind the SBS and additionally
>> allow administrators to connect to the server desktops using a process
>> known as RDP proxy. You log in to RWW using HTTPS and the RDP Proxy will
>> accept multiple connections in port 4125 and redirect them to the
>> desktops (or TS's) port 3389.
>>
>> SBS public Newsgroups:
>>
>> SBS 4.x: microsoft.public.backoffice.smallbiz
>> SBS 2000: microsoft.public.backoffice.smallbiz2000
>> SBS 2003: microsoft.public.windows.server.sbs
>>
>>
>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
>>> Hi Anthony,
>>>
>>> I am with neither group... just an independent consultant that was
>>> looking
>>> for help with some XP issues, and try to contribute back to the
>>> newsgroups
>>> when I am using them. So, I have been replying from the XP newsgroup.
>>>
>>> Yes, with only one IP address, you re only going to be able to expose
>>> one
>>> 'Terminal Server'.
>>>
>>> You may be able to try to initiate a connection with the ISA server
>>> using
>>> another port #, and use the difference in port numbers to determine
>>> which
>>> server/PC to forward the request to, but you will still need to forward
>>> it
>>> to the box you intend to remote control over the same 3389 port. I am
>>> not
>>> sure if ISA 2004 supports that.
>>>
>>> A VPN my be another way to go, but I know they can be complicated to
>>> set-up,
>>> (though I have heard it is easier with ISA 2004... I still use ISA
>>> 2000),
>>> and that would be outside of my expertise.
>>>
>>> If you still want to try to do it without VPN and see if you can use
>>> different ports on the same IP to determine the destination, I may be
>>> able
>>> to still help.
>>>
>>> Good Luck.
>>>
>>> Keith C. Jakobs, MCP
>>>
>>>
>>> "Anthony Smith" <anthony@peconet.com> wrote in message
>>> news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>>>> We have the 3389 open because we use Terminal Server. I actually
>>> sometimes
>>>> do some admin stuff while I'm on the road so I'd like to continue to
>>>> have
>>>> access to the server instead of forwarding everything to my boss'
>>>> machine.
>>>> Is there another way? Maybe setting up a VPN or something.
>>>>
>>>> So I know who I'm talking to, are you with the SBS group or the XP
>>>> group?
>>>>
>>>> Thanks!
>>>>
>>>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>>> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>>>> > Hi Anthony....
>>>> >
>>>> > Looks like you are in a good position to set this up with a
>>>> > reasonable
>>>> > amount of security in place, and without having to resort to those
>>>> > drinking
>>>> > parties (hic) ;-)
>>>> >
>>>> > First. make sure you can get Remote Connection running before
>>> establishing
>>>> > a
>>>> > connection from outside the network. Make sure it has been
>>>> > enabled....
>>>> > that
>>>> > it can accept incoming requests without an invitation from the host,
>>>> > and
>>>> > make sure that if Windows Firewall has been enabled, that you have
>>> allowed
>>>> > exceptions for Remote Connections. Also, you may want to limit those
>>> who
>>>> > can strt remote control sessions to just you and your boss. Then be
>>> sure
>>>> > you can actually connect to the box from another computer inside the
>>>> > ISA
>>>> > Firewall before you proceed to the next step.
>>>> >
>>>> > The next thing is you will need to publish a rule in ISA Server that
>>>> > allows
>>>> > your boss' work computer to be available on the Internet for remote
>>>> > control.
>>>> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>>>> > [Remote
>>>> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address that
>>> your
>>>> > boss uses at home to even connect to this 'published' service. What
>>> your
>>>> > boss uses to connect to will be dependent on how many public IP
>>> addresses
>>>> > you have available to you. If there is only one on your ISA Server,
>>> then
>>>> > you will likely only be able to enable one box for remote
>>>> > connectivity.
>>>> > In
>>>> > that case, if your boss tries to connect to the server they way he
>>>> > has
>>>> > been,
>>>> > and your ISA publishing rule tells it to redirect all requests for
>>>> > Port
>>>> > 3389
>>>> > on that IP address to his internal work computer, then it should
>>>> > connect
>>>> > him
>>>> > to his office XP system.
>>>> >
>>>> > Hope that helps get you started.
>>>> >
>>>> > Good Luck.
>>>> >
>>>> > Keith C. Jakobs, MCP
>>>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>>> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>>>> >> Thanks for the reply, let's see if we can answer these questions:
>>>> >>
>>>> >> > 1) Is your company network behind a firewall or does one computer
>>>> >> > share
>>>> >> > its
>>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>>> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
>>> server
>>>> >> has 2 NIC, 1 is the internal network, the other is for our high
>>>> >> speed
>>>> >> access. The high speed goes through the firewall, then connects to
>>>> >> the
>>>> >> server.
>>>> >>
>>>> >> >
>>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>>> >> > from
>>> at
>>>> >> > home? Do you know if he has a fixed IP address? (This helps with
>>>> >> > security,
>>>> >> > if you have to open up features like remote control, you might be
>>> able
>>>> > to
>>>> >> > open those features ONLY to his address if it doesn't change).
>>>> >> He has high speed cable connection and to the best of my knowledge
>>>> >> it
>>> has
>>>> > a
>>>> >> fixed IP address.
>>>> >>
>>>> >> >
>>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>>> start
>>>> >> > using
>>>> >> > it if he wants to use the built-in remote control features of XP.
>>>> >> No he doesn't use Windows/MSN Messenger but we can.
>>>> >>
>>>> >> >
>>>> >> > 4) Would he be willing to consider (purchase) a third party
>>>> >> > program?
>>>> >>
>>>> >> We'd prefer not to. We're you thinking about PC Anywhere. I was
>>>> >> hoping
>>> we
>>>> >> could use what we have without purchasing any 3rd parties...people
>>> often
>>>> > get
>>>> >> drunk at parties, and I'm not that type of drinker! (smile)
>>>> >> >
>>>> >> > 5) Are both systems updated to SP2?
>>>> >>
>>>> >> Yes we have SP2 running, if he doesn't at home I'll make sure he
>>>> >> does.
>>> He
>>>> >> has 2 computers for home use, a company laptop which he uses often
>>>> >> and
>>> a
>>>> >> desktop. I know the laptop has SP2 installed. All we're interested
>>>> >> in
>>>> >> is
>>>> >> getting the laptop to connect remotely to his office computer, we
>>>> >> don't
>>>> > have
>>>> >> to worry about the other one at his home.
>>>> >>
>>>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>>> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>>>> >> > Hi Anthony:
>>>> >> >
>>>> >> > Yes, this can be done, and can be done quite easily under certain
>>>> >> > conditions, but doing so also introduces a whole bunch of
>>>> >> > potential
>>>> >> > security
>>>> >> > issues, and would very much depend on the specific configuration
>>>> >> > of
>>>> >> > your
>>>> >> > Internet Access.
>>>> >> >
>>>> >> > First, if you are behind firewall or gateway (or are sharing your
>>>> >> > internet
>>>> >> > connection through one single computer), you will first have to
>>>> >> > solve
>>>> > the
>>>> >> > connection issue. In this case, your boss wont be able to find
>>>> >> > the
>>>> > office
>>>> >> > computer on the Internet on its own. His office computer will
>>>> >> > need
>>> to
>>>> >> > establish an outside connection first, and again this can
>>>> >> > introduce a
>>>> >> > whole
>>>> >> > bunch of security issues.
>>>> >> >
>>>> >> > Windows Messenger offers a lot of features to mke this possible,
>>>> >> > but
>>>> >> > depending on your configuration, by the time you enable all the
>>>> > features,
>>>> >> > you may as well tell the whole free world your boss' computer in
>>>> >> > on
>>> the
>>>> >> > net
>>>> >> > for remote control by just about anyone.
>>>> >> >
>>>> >> > So in order to avoid a lengthy diatribe, lets start with the
>>> following
>>>> >> > questions:
>>>> >> >
>>>> >> > 1) Is your company network behind a firewall or does one computer
>>>> >> > share
>>>> >> > its
>>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>>> >> >
>>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>>> >> > from
>>> at
>>>> >> > home? Do you know if he has a fixed IP address? (This helps with
>>>> >> > security,
>>>> >> > if you have to open up features like remote control, you might be
>>> able
>>>> > to
>>>> >> > open those features ONLY to his address if it doesn't change).
>>>> >> >
>>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>>> start
>>>> >> > using
>>>> >> > it if he wants to use the built-in remote control features of XP.
>>>> >> >
>>>> >> > 4) Would he be willing to consider (purchase) a third party
>>>> >> > program?
>>>> >> >
>>>> >> > 5) Are both systems updated to SP2?
>>>> >> >
>>>> >> > Lets start with those, and see what can be done to help you.
>>>> >> >
>>>> >> > Keith C. Jakobs, MCP
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>>> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>>>> >> >> Good Afternoon,
>>>> >> >>
>>>> >> >> I hope everyone is doing GREAT! today. We have a small office
>>>> >> >> and
>>> we
>>>> > are
>>>> >> >> running Win 2003 Server. My boss would like to access his office
>>>> >> >> computer
>>>> >> >> from his house. The office computer is running Windows XP Pro,
>>>> >> >> and
>>>> >> >> his
>>>> >> > home
>>>> >> >> computer is running XP Pro also.
>>>> >> >>
>>>> >> >> We currently use Terminal Services to access the network, ie
>>>> >> >> Outlook
>>>> > Web
>>>> >> >> Access primarily. But as you know that appears to be limited to
>>>> >> >> programs/applications on the server.
>>>> >> >>
>>>> >> >> Is there a way I can set up access to my boss' workstation here
>>>> >> >> in
>>> the
>>>> >> >> office for remote access? I'm not sure if this is a smallbiz
>>> question
>>>> > or
>>>> >> >> a
>>>> >> >> windows xp. We have high speed access here at the office.
>>>> >> >> XP has that remote desktop feature that will allow you to control
>>>> >> >> a
>>>> >> > computer
>>>> >> >> but I'm not sure if I can use this inside of a office network,
>>> because
>>>> >> > when
>>>> >> >> I try the IP address I get the server instead of a workstation.
>>>> >> >>
>>>> >> >> Please advise, thanks!
>>>> >> >>
>>>> >> >> Sincerely,
>>>> >> >> Anthony Smith
>>>> >> >> In God We Trust!
>>>> >> >>
>>>> >> >>
>>>> >> >
>>>> >> >
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
August 12, 2005 2:51:27 AM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Ok, I will have to investigate RWW. I've heard a little bit about it.
Thanks! Have a blessed day!
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:%23htQkNnnFHA.3256@TK2MSFTNGP12.phx.gbl...
> you are not operating in an optimal manner. Your solution allows only one
> person at a time TS access and unnecessarily exposes port 3389 to the
> internet. Investigate RWW.
>
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:edzTAHnnFHA.3312@tk2msftngp13.phx.gbl...
>> Thanks for the help! See my other post that I posted today for the
>> solution.
>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
>> news:%23kAvpQfnFHA.3120@TK2MSFTNGP09.phx.gbl...
>>> I've gotta ask, is this server an SBS 2003 or just a plain W2003Server?
>>>
>>> You mention ISA and Exchange and have posted to the SBS4.x newsgroup, so
>>> I gotta wonder.
>>>
>>> If it is SBS2003 you need to investigate Remote Web Workplace (RWW)
>>> which will allow users to connect to any PC behind the SBS and
>>> additionally allow administrators to connect to the server desktops
>>> using a process known as RDP proxy. You log in to RWW using HTTPS and
>>> the RDP Proxy will accept multiple connections in port 4125 and redirect
>>> them to the desktops (or TS's) port 3389.
>>>
>>> SBS public Newsgroups:
>>>
>>> SBS 4.x: microsoft.public.backoffice.smallbiz
>>> SBS 2000: microsoft.public.backoffice.smallbiz2000
>>> SBS 2003: microsoft.public.windows.server.sbs
>>>
>>>
>>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>> news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
>>>> Hi Anthony,
>>>>
>>>> I am with neither group... just an independent consultant that was
>>>> looking
>>>> for help with some XP issues, and try to contribute back to the
>>>> newsgroups
>>>> when I am using them. So, I have been replying from the XP newsgroup.
>>>>
>>>> Yes, with only one IP address, you re only going to be able to expose
>>>> one
>>>> 'Terminal Server'.
>>>>
>>>> You may be able to try to initiate a connection with the ISA server
>>>> using
>>>> another port #, and use the difference in port numbers to determine
>>>> which
>>>> server/PC to forward the request to, but you will still need to forward
>>>> it
>>>> to the box you intend to remote control over the same 3389 port. I am
>>>> not
>>>> sure if ISA 2004 supports that.
>>>>
>>>> A VPN my be another way to go, but I know they can be complicated to
>>>> set-up,
>>>> (though I have heard it is easier with ISA 2004... I still use ISA
>>>> 2000),
>>>> and that would be outside of my expertise.
>>>>
>>>> If you still want to try to do it without VPN and see if you can use
>>>> different ports on the same IP to determine the destination, I may be
>>>> able
>>>> to still help.
>>>>
>>>> Good Luck.
>>>>
>>>> Keith C. Jakobs, MCP
>>>>
>>>>
>>>> "Anthony Smith" <anthony@peconet.com> wrote in message
>>>> news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>>>>> We have the 3389 open because we use Terminal Server. I actually
>>>> sometimes
>>>>> do some admin stuff while I'm on the road so I'd like to continue to
>>>>> have
>>>>> access to the server instead of forwarding everything to my boss'
>>>>> machine.
>>>>> Is there another way? Maybe setting up a VPN or something.
>>>>>
>>>>> So I know who I'm talking to, are you with the SBS group or the XP
>>>>> group?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>>>> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>>>>> > Hi Anthony....
>>>>> >
>>>>> > Looks like you are in a good position to set this up with a
>>>>> > reasonable
>>>>> > amount of security in place, and without having to resort to those
>>>>> > drinking
>>>>> > parties (hic) ;-)
>>>>> >
>>>>> > First. make sure you can get Remote Connection running before
>>>> establishing
>>>>> > a
>>>>> > connection from outside the network. Make sure it has been
>>>>> > enabled....
>>>>> > that
>>>>> > it can accept incoming requests without an invitation from the host,
>>>>> > and
>>>>> > make sure that if Windows Firewall has been enabled, that you have
>>>> allowed
>>>>> > exceptions for Remote Connections. Also, you may want to limit
>>>>> > those
>>>> who
>>>>> > can strt remote control sessions to just you and your boss. Then be
>>>> sure
>>>>> > you can actually connect to the box from another computer inside the
>>>>> > ISA
>>>>> > Firewall before you proceed to the next step.
>>>>> >
>>>>> > The next thing is you will need to publish a rule in ISA Server that
>>>>> > allows
>>>>> > your boss' work computer to be available on the Internet for remote
>>>>> > control.
>>>>> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>>>>> > [Remote
>>>>> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address
>>>>> > that
>>>> your
>>>>> > boss uses at home to even connect to this 'published' service. What
>>>> your
>>>>> > boss uses to connect to will be dependent on how many public IP
>>>> addresses
>>>>> > you have available to you. If there is only one on your ISA Server,
>>>> then
>>>>> > you will likely only be able to enable one box for remote
>>>>> > connectivity.
>>>>> > In
>>>>> > that case, if your boss tries to connect to the server they way he
>>>>> > has
>>>>> > been,
>>>>> > and your ISA publishing rule tells it to redirect all requests for
>>>>> > Port
>>>>> > 3389
>>>>> > on that IP address to his internal work computer, then it should
>>>>> > connect
>>>>> > him
>>>>> > to his office XP system.
>>>>> >
>>>>> > Hope that helps get you started.
>>>>> >
>>>>> > Good Luck.
>>>>> >
>>>>> > Keith C. Jakobs, MCP
>>>>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>>>> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>>>>> >> Thanks for the reply, let's see if we can answer these questions:
>>>>> >>
>>>>> >> > 1) Is your company network behind a firewall or does one
>>>>> >> > computer
>>>>> >> > share
>>>>> >> > its
>>>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>>>> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
>>>> server
>>>>> >> has 2 NIC, 1 is the internal network, the other is for our high
>>>>> >> speed
>>>>> >> access. The high speed goes through the firewall, then connects to
>>>>> >> the
>>>>> >> server.
>>>>> >>
>>>>> >> >
>>>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>>>> >> > from
>>>> at
>>>>> >> > home? Do you know if he has a fixed IP address? (This helps
>>>>> >> > with
>>>>> >> > security,
>>>>> >> > if you have to open up features like remote control, you might be
>>>> able
>>>>> > to
>>>>> >> > open those features ONLY to his address if it doesn't change).
>>>>> >> He has high speed cable connection and to the best of my knowledge
>>>>> >> it
>>>> has
>>>>> > a
>>>>> >> fixed IP address.
>>>>> >>
>>>>> >> >
>>>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>>>> start
>>>>> >> > using
>>>>> >> > it if he wants to use the built-in remote control features of XP.
>>>>> >> No he doesn't use Windows/MSN Messenger but we can.
>>>>> >>
>>>>> >> >
>>>>> >> > 4) Would he be willing to consider (purchase) a third party
>>>>> >> > program?
>>>>> >>
>>>>> >> We'd prefer not to. We're you thinking about PC Anywhere. I was
>>>>> >> hoping
>>>> we
>>>>> >> could use what we have without purchasing any 3rd parties...people
>>>> often
>>>>> > get
>>>>> >> drunk at parties, and I'm not that type of drinker! (smile)
>>>>> >> >
>>>>> >> > 5) Are both systems updated to SP2?
>>>>> >>
>>>>> >> Yes we have SP2 running, if he doesn't at home I'll make sure he
>>>>> >> does.
>>>> He
>>>>> >> has 2 computers for home use, a company laptop which he uses often
>>>>> >> and
>>>> a
>>>>> >> desktop. I know the laptop has SP2 installed. All we're
>>>>> >> interested in
>>>>> >> is
>>>>> >> getting the laptop to connect remotely to his office computer, we
>>>>> >> don't
>>>>> > have
>>>>> >> to worry about the other one at his home.
>>>>> >>
>>>>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>>>> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>>>>> >> > Hi Anthony:
>>>>> >> >
>>>>> >> > Yes, this can be done, and can be done quite easily under certain
>>>>> >> > conditions, but doing so also introduces a whole bunch of
>>>>> >> > potential
>>>>> >> > security
>>>>> >> > issues, and would very much depend on the specific configuration
>>>>> >> > of
>>>>> >> > your
>>>>> >> > Internet Access.
>>>>> >> >
>>>>> >> > First, if you are behind firewall or gateway (or are sharing
>>>>> >> > your
>>>>> >> > internet
>>>>> >> > connection through one single computer), you will first have to
>>>>> >> > solve
>>>>> > the
>>>>> >> > connection issue. In this case, your boss wont be able to find
>>>>> >> > the
>>>>> > office
>>>>> >> > computer on the Internet on its own. His office computer will
>>>>> >> > need
>>>> to
>>>>> >> > establish an outside connection first, and again this can
>>>>> >> > introduce a
>>>>> >> > whole
>>>>> >> > bunch of security issues.
>>>>> >> >
>>>>> >> > Windows Messenger offers a lot of features to mke this possible,
>>>>> >> > but
>>>>> >> > depending on your configuration, by the time you enable all the
>>>>> > features,
>>>>> >> > you may as well tell the whole free world your boss' computer in
>>>>> >> > on
>>>> the
>>>>> >> > net
>>>>> >> > for remote control by just about anyone.
>>>>> >> >
>>>>> >> > So in order to avoid a lengthy diatribe, lets start with the
>>>> following
>>>>> >> > questions:
>>>>> >> >
>>>>> >> > 1) Is your company network behind a firewall or does one
>>>>> >> > computer
>>>>> >> > share
>>>>> >> > its
>>>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>>>> >> >
>>>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>>>> >> > from
>>>> at
>>>>> >> > home? Do you know if he has a fixed IP address? (This helps
>>>>> >> > with
>>>>> >> > security,
>>>>> >> > if you have to open up features like remote control, you might be
>>>> able
>>>>> > to
>>>>> >> > open those features ONLY to his address if it doesn't change).
>>>>> >> >
>>>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>>>> start
>>>>> >> > using
>>>>> >> > it if he wants to use the built-in remote control features of XP.
>>>>> >> >
>>>>> >> > 4) Would he be willing to consider (purchase) a third party
>>>>> >> > program?
>>>>> >> >
>>>>> >> > 5) Are both systems updated to SP2?
>>>>> >> >
>>>>> >> > Lets start with those, and see what can be done to help you.
>>>>> >> >
>>>>> >> > Keith C. Jakobs, MCP
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>>>> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>>>>> >> >> Good Afternoon,
>>>>> >> >>
>>>>> >> >> I hope everyone is doing GREAT! today. We have a small office
>>>>> >> >> and
>>>> we
>>>>> > are
>>>>> >> >> running Win 2003 Server. My boss would like to access his
>>>>> >> >> office
>>>>> >> >> computer
>>>>> >> >> from his house. The office computer is running Windows XP Pro,
>>>>> >> >> and
>>>>> >> >> his
>>>>> >> > home
>>>>> >> >> computer is running XP Pro also.
>>>>> >> >>
>>>>> >> >> We currently use Terminal Services to access the network, ie
>>>>> >> >> Outlook
>>>>> > Web
>>>>> >> >> Access primarily. But as you know that appears to be limited to
>>>>> >> >> programs/applications on the server.
>>>>> >> >>
>>>>> >> >> Is there a way I can set up access to my boss' workstation here
>>>>> >> >> in
>>>> the
>>>>> >> >> office for remote access? I'm not sure if this is a smallbiz
>>>> question
>>>>> > or
>>>>> >> >> a
>>>>> >> >> windows xp. We have high speed access here at the office.
>>>>> >> >> XP has that remote desktop feature that will allow you to
>>>>> >> >> control a
>>>>> >> > computer
>>>>> >> >> but I'm not sure if I can use this inside of a office network,
>>>> because
>>>>> >> > when
>>>>> >> >> I try the IP address I get the server instead of a workstation.
>>>>> >> >>
>>>>> >> >> Please advise, thanks!
>>>>> >> >>
>>>>> >> >> Sincerely,
>>>>> >> >> Anthony Smith
>>>>> >> >> In God We Trust!
>>>>> >> >>
>>>>> >> >>
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
August 12, 2005 6:41:10 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (More info?)

Thanks...I think I remember him telling me he closes by hitting the x at the
top.
I know I usually Log off when I go into TS. I'll let him know. Thanks
again, have a blessed weekend.
"Rick Dilley" <rdilley@tesslerweiss.com> wrote in message
news:o PgshSrnFHA.3448@TK2MSFTNGP12.phx.gbl...
> Anthony,
>
> A word of cauton.
>
> Make sure your boss ends his TS session by start/logoff...otherwise the
> session remains and you will exhaust the supply of administrative
> sessions.
>
> HTH
>
> RickD
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:uV8mtGnnFHA.3660@TK2MSFTNGP10.phx.gbl...
>> Thanks for your help. Guess what, thank the Lord, we figured it out. We
>> have SBS2003. And I logged in to Terminal Server as usual from a remote
>> location. Then I log into Remote Desktop that is located ON THE SERVER
>> and
>> then I choose my boss' computer and whoop there it is.
>>
>> So I can still have access to terminal server and my boss can also. Once
> he
>> logs into the network and access the server, because Remote Desktop is on
>> the server he can then open that application and log into his computer.
>>
>> Thanks for your help, glad we could find a workaround without really
>> changing any settings on the server. Just clicked the Allow Remote
> Desktop
>> on my boss' pc was the only real change I had to do.
>>
>> Have a blessed day!
>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> news:o b2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
>> > Hi Anthony,
>> >
>> > I am with neither group... just an independent consultant that was
> looking
>> > for help with some XP issues, and try to contribute back to the
> newsgroups
>> > when I am using them. So, I have been replying from the XP newsgroup.
>> >
>> > Yes, with only one IP address, you re only going to be able to expose
> one
>> > 'Terminal Server'.
>> >
>> > You may be able to try to initiate a connection with the ISA server
> using
>> > another port #, and use the difference in port numbers to determine
> which
>> > server/PC to forward the request to, but you will still need to forward
> it
>> > to the box you intend to remote control over the same 3389 port. I am
> not
>> > sure if ISA 2004 supports that.
>> >
>> > A VPN my be another way to go, but I know they can be complicated to
>> > set-up,
>> > (though I have heard it is easier with ISA 2004... I still use ISA
> 2000),
>> > and that would be outside of my expertise.
>> >
>> > If you still want to try to do it without VPN and see if you can use
>> > different ports on the same IP to determine the destination, I may be
> able
>> > to still help.
>> >
>> > Good Luck.
>> >
>> > Keith C. Jakobs, MCP
>> >
>> >
>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> > news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>> >> We have the 3389 open because we use Terminal Server. I actually
>> > sometimes
>> >> do some admin stuff while I'm on the road so I'd like to continue to
> have
>> >> access to the server instead of forwarding everything to my boss'
>> >> machine.
>> >> Is there another way? Maybe setting up a VPN or something.
>> >>
>> >> So I know who I'm talking to, are you with the SBS group or the XP
> group?
>> >>
>> >> Thanks!
>> >>
>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> >> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>> >> > Hi Anthony....
>> >> >
>> >> > Looks like you are in a good position to set this up with a
> reasonable
>> >> > amount of security in place, and without having to resort to those
>> >> > drinking
>> >> > parties (hic) ;-)
>> >> >
>> >> > First. make sure you can get Remote Connection running before
>> > establishing
>> >> > a
>> >> > connection from outside the network. Make sure it has been
> enabled....
>> >> > that
>> >> > it can accept incoming requests without an invitation from the host,
>> >> > and
>> >> > make sure that if Windows Firewall has been enabled, that you have
>> > allowed
>> >> > exceptions for Remote Connections. Also, you may want to limit
>> >> > those
>> > who
>> >> > can strt remote control sessions to just you and your boss. Then be
>> > sure
>> >> > you can actually connect to the box from another computer inside the
>> >> > ISA
>> >> > Firewall before you proceed to the next step.
>> >> >
>> >> > The next thing is you will need to publish a rule in ISA Server that
>> >> > allows
>> >> > your boss' work computer to be available on the Internet for remote
>> >> > control.
>> >> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>> >> > [Remote
>> >> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address
>> >> > that
>> > your
>> >> > boss uses at home to even connect to this 'published' service. What
>> > your
>> >> > boss uses to connect to will be dependent on how many public IP
>> > addresses
>> >> > you have available to you. If there is only one on your ISA Server,
>> > then
>> >> > you will likely only be able to enable one box for remote
> connectivity.
>> >> > In
>> >> > that case, if your boss tries to connect to the server they way he
> has
>> >> > been,
>> >> > and your ISA publishing rule tells it to redirect all requests for
> Port
>> >> > 3389
>> >> > on that IP address to his internal work computer, then it should
>> >> > connect
>> >> > him
>> >> > to his office XP system.
>> >> >
>> >> > Hope that helps get you started.
>> >> >
>> >> > Good Luck.
>> >> >
>> >> > Keith C. Jakobs, MCP
>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> >> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>> >> >> Thanks for the reply, let's see if we can answer these questions:
>> >> >>
>> >> >> > 1) Is your company network behind a firewall or does one
>> >> >> > computer
>> >> >> > share
>> >> >> > its
>> >> >> > Internet access with all computers (i.e., NAT enabled)?
>> >> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
>> > server
>> >> >> has 2 NIC, 1 is the internal network, the other is for our high
> speed
>> >> >> access. The high speed goes through the firewall, then connects to
>> >> >> the
>> >> >> server.
>> >> >>
>> >> >> >
>> >> >> > 2) What kind of connectivity does your boss hve to the Internet
> from
>> > at
>> >> >> > home? Do you know if he has a fixed IP address? (This helps
>> >> >> > with
>> >> >> > security,
>> >> >> > if you have to open up features like remote control, you might be
>> > able
>> >> > to
>> >> >> > open those features ONLY to his address if it doesn't change).
>> >> >> He has high speed cable connection and to the best of my knowledge
> it
>> > has
>> >> > a
>> >> >> fixed IP address.
>> >> >>
>> >> >> >
>> >> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>> > start
>> >> >> > using
>> >> >> > it if he wants to use the built-in remote control features of XP.
>> >> >> No he doesn't use Windows/MSN Messenger but we can.
>> >> >>
>> >> >> >
>> >> >> > 4) Would he be willing to consider (purchase) a third party
> program?
>> >> >>
>> >> >> We'd prefer not to. We're you thinking about PC Anywhere. I was
> hoping
>> > we
>> >> >> could use what we have without purchasing any 3rd parties...people
>> > often
>> >> > get
>> >> >> drunk at parties, and I'm not that type of drinker! (smile)
>> >> >> >
>> >> >> > 5) Are both systems updated to SP2?
>> >> >>
>> >> >> Yes we have SP2 running, if he doesn't at home I'll make sure he
> does.
>> > He
>> >> >> has 2 computers for home use, a company laptop which he uses often
> and
>> > a
>> >> >> desktop. I know the laptop has SP2 installed. All we're
>> >> >> interested
>> >> >> in
>> >> >> is
>> >> >> getting the laptop to connect remotely to his office computer, we
>> >> >> don't
>> >> > have
>> >> >> to worry about the other one at his home.
>> >> >>
>> >> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>> >> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>> >> >> > Hi Anthony:
>> >> >> >
>> >> >> > Yes, this can be done, and can be done quite easily under certain
>> >> >> > conditions, but doing so also introduces a whole bunch of
> potential
>> >> >> > security
>> >> >> > issues, and would very much depend on the specific configuration
> of
>> >> >> > your
>> >> >> > Internet Access.
>> >> >> >
>> >> >> > First, if you are behind firewall or gateway (or are sharing
>> >> >> > your
>> >> >> > internet
>> >> >> > connection through one single computer), you will first have to
>> >> >> > solve
>> >> > the
>> >> >> > connection issue. In this case, your boss wont be able to find
> the
>> >> > office
>> >> >> > computer on the Internet on its own. His office computer will
> need
>> > to
>> >> >> > establish an outside connection first, and again this can
> introduce
>> >> >> > a
>> >> >> > whole
>> >> >> > bunch of security issues.
>> >> >> >
>> >> >> > Windows Messenger offers a lot of features to mke this possible,
> but
>> >> >> > depending on your configuration, by the time you enable all the
>> >> > features,
>> >> >> > you may as well tell the whole free world your boss' computer in
> on
>> > the
>> >> >> > net
>> >> >> > for remote control by just about anyone.
>> >> >> >
>> >> >> > So in order to avoid a lengthy diatribe, lets start with the
>> > following
>> >> >> > questions:
>> >> >> >
>> >> >> > 1) Is your company network behind a firewall or does one
>> >> >> > computer
>> >> >> > share
>> >> >> > its
>> >> >> > Internet access with all computers (i.e., NAT enabled)?
>> >> >> >
>> >> >> > 2) What kind of connectivity does your boss hve to the Internet
> from
>> > at
>> >> >> > home? Do you know if he has a fixed IP address? (This helps
>> >> >> > with
>> >> >> > security,
>> >> >> > if you have to open up features like remote control, you might be
>> > able
>> >> > to
>> >> >> > open those features ONLY to his address if it doesn't change).
>> >> >> >
>> >> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>> > start
>> >> >> > using
>> >> >> > it if he wants to use the built-in remote control features of XP.
>> >> >> >
>> >> >> > 4) Would he be willing to consider (purchase) a third party
> program?
>> >> >> >
>> >> >> > 5) Are both systems updated to SP2?
>> >> >> >
>> >> >> > Lets start with those, and see what can be done to help you.
>> >> >> >
>> >> >> > Keith C. Jakobs, MCP
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>> >> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>> >> >> >> Good Afternoon,
>> >> >> >>
>> >> >> >> I hope everyone is doing GREAT! today. We have a small office
> and
>> > we
>> >> > are
>> >> >> >> running Win 2003 Server. My boss would like to access his
>> >> >> >> office
>> >> >> >> computer
>> >> >> >> from his house. The office computer is running Windows XP Pro,
> and
>> >> >> >> his
>> >> >> > home
>> >> >> >> computer is running XP Pro also.
>> >> >> >>
>> >> >> >> We currently use Terminal Services to access the network, ie
>> >> >> >> Outlook
>> >> > Web
>> >> >> >> Access primarily. But as you know that appears to be limited to
>> >> >> >> programs/applications on the server.
>> >> >> >>
>> >> >> >> Is there a way I can set up access to my boss' workstation here
> in
>> > the
>> >> >> >> office for remote access? I'm not sure if this is a smallbiz
>> > question
>> >> > or
>> >> >> >> a
>> >> >> >> windows xp. We have high speed access here at the office.
>> >> >> >> XP has that remote desktop feature that will allow you to
>> >> >> >> control
> a
>> >> >> > computer
>> >> >> >> but I'm not sure if I can use this inside of a office network,
>> > because
>> >> >> > when
>> >> >> >> I try the IP address I get the server instead of a workstation.
>> >> >> >>
>> >> >> >> Please advise, thanks!
>> >> >> >>
>> >> >> >> Sincerely,
>> >> >> >> Anthony Smith
>> >> >> >> In God We Trust!
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
!