+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, Safe to allow RDP access from External in Technical; Hi All, So after receiving all our ees documentation and the additional CALS etc we successfully set up and configured ...
  1. #1

    Join Date
    Jul 2012
    Location
    Swindon
    Posts
    33
    Thank Post
    11
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Safe to allow RDP access from External

    Hi All,
    So after receiving all our ees documentation and the additional CALS etc we successfully set up and configured a RDS server for users to connect to. This all works great internally, Id like to open this up for external access, now doing a quick search Ive logged a change request with the SWGFL to allow traffic on port 3389 and assign us an external ip pointing to our internal static ip

    Is there anything else I should take in to consideration? The server itself is fully patched with the latest A/V and users are locked down via GPOs

    Any guidance or a pointer in the right direction would be great

    Thanks

    Mike

  2. #2
    MicrosoftTechy's Avatar
    Join Date
    Apr 2010
    Posts
    78
    Thank Post
    1
    Thanked 6 Times in 6 Posts
    Rep Power
    11
    I would not suggest doing this, maybe Remote Gateway or somthing? or VPN? Only last week i had to deal with a problem where someone was brute forcing a RDP session ( Port mapped 3389 to server ) and managed to get it !!!!

    Remote Desktop gateway over 443 or VPN is much more secure!!

  3. Thanks to MicrosoftTechy from:

    SWICT (26th September 2012)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,225
    Thank Post
    875
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    I'd look into the RDS role on Server 2008 and look into how much CALs cost.

  5. #4

    Join Date
    Jul 2012
    Location
    Swindon
    Posts
    33
    Thank Post
    11
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ok sounds like a much better plan, this our first attempt at setting up anything for remote access since our manager went off long term sick

    Ill have a google of the Remote Desktop Gateway, vpn we already use SSL Explorer which works great other than it doesnt support macs via RDP

  6. #5

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,065
    Thank Post
    6
    Thanked 208 Times in 188 Posts
    Rep Power
    53
    Use RD gateway, then it all goes over 443 as well which means you defo won't need more ports opening up.

  7. #6

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,177
    Thank Post
    217
    Thanked 1,291 Times in 801 Posts
    Blog Entries
    4
    Rep Power
    512
    Quote Originally Posted by SWICT View Post
    SSL Explorer which works great other than it doesnt support macs via RDP
    Do you mean macs RDPing to a windows machine on the network?

    The microsoft rdp client for mac doesn't currently support remote desktop gateway - there are other alternatives (iTAP) that do, but most have a cost associated

  8. Thanks to Domino from:

    SWICT (26th September 2012)

  9. #7

    Join Date
    Jul 2012
    Location
    Swindon
    Posts
    33
    Thank Post
    11
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Good to know, if the RDP client for Mac doesnt support it might not be much point , We also use irdesktop on ipads to connect to the RDS server allowing teachers to fill in sims on their ipad

  10. #8
    ijk
    ijk is offline

    Join Date
    Sep 2009
    Location
    M11/A11/A1307
    Posts
    47
    Thank Post
    9
    Thanked 8 Times in 6 Posts
    Rep Power
    12
    We do the following:

    Bitvise SSH server running on a non-standard port.
    Single SSH user allowed to connect (multiple concurrent sessions allowed) but no shell.
    RDS server accepting connections, again on a non-standard port.

    Users are provided with a copy of Bitvise Tunnelier and a pre-configured config file, which they can use to launch the client. (We have a few Mac users who like to connect and I teach them how to create the tunnel on the terminal.) This makes the connection, asks them for a password and then launches the RDP client preconfigured to connect to the RDS server through the tunnel. They log into the RDS server with their usual credentials.

    It seems to work okay, but we're a very small institution with few users and I don't know how it would scale up.

SHARE:
+ Post New Thread

Similar Threads

  1. Can access from client machines but not servers or externally...
    By mrforgetful in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 13th August 2008, 09:59 AM
  2. Vbscript to export query results from MS Access
    By RabbieBurns in forum Scripts
    Replies: 2
    Last Post: 24th June 2008, 11:09 AM
  3. Allowing RDP access to ISA Server
    By adamf in forum Windows
    Replies: 6
    Last Post: 4th January 2008, 03:06 PM
  4. Replies: 2
    Last Post: 7th September 2007, 02:13 PM
  5. Profile to allow just MS Word and MS Access
    By mattpant in forum Windows
    Replies: 17
    Last Post: 12th October 2006, 03:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •