xset

DIY Terminal Server

// August 23rd, 2004 // Personal

For those of you who don’t know what a terminal server is a bit of background will be required. The idea is the you have a powerful server running all the applications you need (word, IE, Photoshop, whatever) and then you have cheap, low powered workstations that simply act as a monitor and a keyboard for the server. The server runs loads of different instances of the same programs.

The benefits of this are easy to work out but the main one is that you can access the apps on the server from anywhere in the world across the internet!!!

Now, here’s the cool bit. If you have DSL or better and are running Windows XP Professional (I’m still trying to see if this works with the home edition) then you can configure your computer to accept Remote Desktop Connections (RDC) from the internet.

Before I go into detail regarding how to go about it you should consider the security implications of enabling this feature. Make sure the system to be accessed is fully patched and has an uptodate virus scanner. You should also have a firewall installed, preferably both software and hardware firewalls (having your system behind a router / firewall has other benefits I’ll get to in a moment).

Finally it is very important that your user accounts are secure. You need to ensure that any accounts with administrative access to the computer have very strong passwords! You should also set up a dedicated user account for remote access. This way if anyone did manage to compromise all of the other security they will find it difficult to break the system.

Assuming your system is secure we can now look at the nity gritty of getting RDC to work over the net. The first thing you need to do is ensure that RDC is enabled on the computer you wish to access. You can do this by right clicking My Computer, selecting the properties menu option and then clicking the Remote Tab. Ensure the “Allow Users to Connect Remotely to this computer” checkbox is ticked.

The next step is dependent on your internet connection setup. If you have a software firewall the you will need to ensure that port 3389 is open for 2 way traffic. If you have a hardware firewall on your router then you will also need to open this port or (and this is preferable from a security point of view) forward a different HTTP port to port 3389. This means simply scanning your wan IP for a response on the RDC port won’t reveal anything.

Finally, if you have a dynamic IP DSL service (most home ones will be) then you’ll need to get a dynamic IP URL service. The best on I’ve found is offered by NO-IP.com This will give you a URL that automatically updates to point at your dynamic IP address and can be accessed from anywhere.

Finally you can test it out. You’ll have to do this from a PC that is not on your existing network or behind your internet router. From the client PC simply bring up the RDC connection (under start/All Programs/Accessories/Communications/Remote Desktop Connection) and enter the URL or IP address of your home system in the box WITHOUT the http prefix followed by the port number.

So if you have an IP address and left the port unchanged then it would be something like:

213.133.219.238:3389

If you are using a dynamic IP and have used port forwarding to change the default port then it would be something like this:

test.no-ip.com:1234

Enter your username and password when prompted and that’s all there is to it. You know have access to your desktop from any PC in the world! Cool huh?

Things to bear in mind

• Some programs won’t run under RDC as it is against their licence (Power DVD for one but I can’t imagine wanting to watch DVD’s over a remote connection!)
• There are a number of different quality settings in the RDC connection box. If you don’t see them click the more button. These can be tweaked to make you connection faster or less bandwidth grabby. Ideal if you are connecting over dial up.
• If you install Windows XP service pack 2 then you will need to configure the Windows FireWall to allow RDC. Simply go the the Windows FireWall config screen (through control panel) and hit the Exceptions tab. Check the box next to Remote Desktop and everything should now work as planned
• This tutorial is provided as is. Robert is not responsible for any damage to systems, intentional or otherwise resulting from following this tutorial. If you are not confident that your system can be made secure enough then please DO NOT attempt this.

Enjoy.