Now being in the IT business there is always a need to be able to control multiple computers remotely. I have found that Remote Desktop built into Windows XP is by far the best way to accomplish this act. The other issue is that when working behind a firewall all the desktops use the same port, 3389, for RDP and is not a configurable option. This poses a question,
How do we manage multiple workstations behind a firewall with RDP?
Sure we could setup one of the workstation with RDP and then connect to that one and hop to the next one, but now you are 1. Tying up two machines and 2. The connection speed is very slow when hoping like that.
We could also use less secure, and less functional options like PC anywhere or VNC, which are not out of the question, but for ease of use and overall performance RDP is the way to go. Be aware opening your PC's to the outside world involves a certain amount of risk. Please research and weigh those risks out yourself.
I will cover the steps to take to setup RDP on mupltiple computers through a firewall.
I assume that you are familar with your router and how it handles port management and so on.... if you dont, come back soon and I will post another tutorial on how that is done with poplular routers on the market.
Step 1 - The first thing that I usually do is setup a free dnsdyn.com account for the public IP address of the network I'm working on. This allows me to easily remember the DNS name I setup as opposed to the IP address. Go to http://dyndns.com and setup a DNS account to point to your Public IP address. If you do not know your public address you can surf to the following web address on any of the computers on this network: Http://whatismyip.com .
For this tutorial I will use company.dyndns.com for the DNS name you will setup with them
Step 2 - Lets assume the network we are working on has 4 workstations and 1 server. Leave the server alone and turn on remote desktop. This server will now listen on port 3389 for RDP connections. When we launch our remote desktop connection and put in 'company.dyndns.com' it will connect to the server.
Now how do we directly connect to the 4 internal workstations without doing the hop technique?? What we will need to do is set each of those workstaions with an static ip address so they do not change when rebooted, or loss of power etc.. (Below is an example setup)
Server1 - 192.168.1.100
WS1 - 192.168.1.101
WS2 - 192.168.1.102
WS3 - 192.168.1.103
WS4 - 192.168.1.104
Step 3 - Now that we have static IP addresses setup on each machine we need to get them all to listen to 4 different ports for RDP traffic and then tell the router to forward that traffic to each one of these machines on there respected ports.
We are going to need to edit the registry on each of the machines.
If you have never edited the registry before, please be advised it can be very dangerous to the machine if done incorrectly. We are not responsible for any issues that may be caused if done incorrectly.Go to each machine and prefrom the following steps:
1. Start > run > type "regedit" and hit enter. (Figure 1)
This will bring up the registry editor. (Figure 2)
(Figure 1)
(Figure 2)
Click here for Figure 2 image.At this time I would highly suggest backing up your registry.
Highlight the my computer entry like in Figure 2 and then click File > Export
Save it to your desktop. Now we are ready to edit.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
In the right window pane you should see the following entry (Figure 3):
(Figure 3)
Click here for figure 3 image.You can now see the Hex value of the key and the number 3389. This is what needs to be changed on each machine to a different port number.
Step 4 - Double click that key and you will get a small window that pops up, click the radio button next to decimal as shown in (Figure 4) and then click ok and close the registry editor
(Figure 4)
For each machine this port will be different. Lets use my example workstations as follows, change the registry entry for all workstations to different ports and restart them all.
WS1 - 192.168.1.101 - Port 3390
WS2 - 192.168.1.102 - Port 3391
WS3 - 192.168.1.103 - Port 3392
WS4 - 192.168.1.104 - Port 3393
Now keep track of which port goes to what machine. Make sure you restart all your computers for it to take effect, and also make sure RDP is active on the machines and the Windows firewall is not blocking it.
Step 5 - Login into your router and setup port forwarding to match the above list (or however you set it up).
Now test. When you go to connect to workstation 1 you will use your new dyndns:port. Example in (Figure 5) will connect to WS1:
(Figure 5)
Now you should be all set!!
I hope this helps some of you out there!
NEPCW
