Monday, November 01, 2010

How to use Remote Desktop Connection (RDC)

If your home computer has Windows XP Pro (or Media Center Edition) installed, you can access it from any other computer running Windows from anywhere in the world using Remote Desktop Connection. Some versions of Windows, like 98, Me, 2000 and require software available from Microsoft.com:
http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx
There are a few steps required to configure your home network to accept connections from outside computers and additional security measures required to keep your PC safe from people who might be scanning for computers with RDC installed.

Set A Complex Password

Remote Desktop relies on Windows XP passwords for login. If you don't currently have a password configured for your account, or if your password is something simple, change it. At minimum, your password should be 10-12 characters long, with a combination of numbers, letters and special characters. This password is no longer just designed to keep out your roommate or family members, it's going to keep the entire Internet from accessing your computer.
Change the password for your Windows user account from the Users section of the Control Panel.

Enable Remote Desktop Connections

The first thing to do is enable Remote Desktop on the machine you want to connect to. Open System Properties either by right clicking the My Computer icon in the Start menu and choosing properties or Windows Key + Pause/Break on your keyboard. Click the Remote tab in System Properties and check the box next to Allow users to connect remotely to this computer.

You can verify RDC is working by connecting from any other computer on your local network.

Configure Your Router

If your router still has the factory default password, change it. While it's unlikely anyone will find your router on the Internet, not changing the password is asking to have it hacked. A strong password of 10-16 characters is advised.
The next step in the procedure is to configure your router to allow inbound connections to Remote Desktop on your local computer. This requires mapping a port on your router to a port on your local computer. The process for forwarding a port varies depending on who made your router, but in general there are a similar series of steps. Linksys refers to the port forwarding page as Applications & Gaming, most other routers refer to port forwarding options as Virtual Servers. To forward a router port your need to configure the following details:
Application or Description field: RDC
Port Range Start: 3389
Port Range End: 3389
Protocol Type: Both (or TCP if a both option isn't available)
IP Address of your PC: Type ipconfig at the command line if you don't know this
Enable: check a box to enable the port forward
Router configuration screen
For security reasons, if you don't travel often, disable this router port when you return from your trip.

Change the Remote Desktop Listening Port

For added security of your RDC setup, you can change the default port Remote Desktop Connection listens on from the host computer. This prevents detection by anyone doing a routine scan for RDC. This is also convenient if you want to connect to more than one RDC computer remotely. For instance, I have 3 computers that never leave home. By default, RDC watches the same port on all computers, which means I'll either get a conflict of some kind or I won't be able to connect at all. An alternative is to redirect RDC traffic to each computer.
You can read more about the process in Microsoft Knowledge Base article 306759
To change the listening port, you need to modify the Windows Registry. Locate the appropriate Registry key using Regedit.exe:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
From the Edit menu, click Modify and then click Decimal. Choose a new port number. In general, choosing a number between 49152 and 65535 will avoid conflict with any other apps on your system, but you could theoretically use any port on the system. Once you set the port number you also need to configure your router to pass the specified port to your computer.
To access your computer remotely, instead of typing just the IP address, you need to type the IP address followed by the port number like this: 192.168.1.1:50001

Test Your Connection

The real trick is you need to leave home to test your configuration, so you don't really know it works until you are in the field. You need to know the IP address provided by your ISP to make the connection (Find your IP address). Visit a local coffee shop with WiFi to test the connection. Launch the Remote Desktop Connection client from Start > All Programs > Accessories > Communications.
RDC Launch screen
Enter your home IP address and cross your fingers. If all went well, you'll see the Windows Login screen

No comments:

Post a Comment