Configure Remote Desktop - XP

[bigdogchris]

I'm interested in getting a user in remotely.

My first question is, is there a benefit to doing remote desktop web connection, over just a standard remote desktop? Or what about using VNC Free?

The user will be connecting a Vista laptop to a XP Pro workstation. DSL to 900k/900k business connection.

Also, just going off what I know. In order to configure standard remote desktop....

1. Enable port forwarding on gateway
2. Forward port (whatever I choose) to port 3389 w/TCP on the workstation(ip) that we will be connecting to
3. Enable remote users on desktop and add the user name of that user (has password)
4. Ensure Firewall exception is added
5. Open remote desktop on Laptop, connect to http://wanip:portichose

Am I missing anything?

 

[YeOldeStonecat]

Your steps are correct...only thing not mentioned, have a DHCP reservation for the LAN IP of the PC host, you don't want to port forward to a moving target.
You could use old VNC if you wanted, but it's slower than RDP, and (depending on which flavor you use) potentially more insecure.
Advantage of the web based remote access like LogMeIn or GTM..it's just easier to setup, no worry about WAN IP, no worry about LAN IP and port forwarding and firewall rules. User experience is almost as good as direct RDP in most cases.

 

[swatbat]

Only thing wrong is that you don't need http:// in the remote desktop client. I agree with yeold that you really need to either assign a static ip for the machine or do a DHCP reservation so the machine always get the same ip address.

 

[bigdogchris]

The machine I'm connecting to has a static IP and the wan IP is also static.

So, Microsoft RDP is probably the best solution? I tested it at home and it was pretty easy to set up. I just am not sure if something else may give a better connection.

I don't know if QOS profile will make much of a difference on the DSL users end though?

Another problem I want to add. See, I think my boss is going to tell me to use VNC because that's what they used before, "just because", but I want to use RDP. But I'm going to be the one that has to configure it anyways and that's what kinda pisses me off about it. If I get the "RDP is less secure than VNC because if someone finds out the port # and desktop password they are in" what can I say to defend that?

Also, for NLA, can I connect from a Vista machine (using TSG RDP) to an XP SP3 machine with NLA active? I thought I read that you can only enable on NLA to connect from on XP to Vista/Server2008. I want to connect from Vista to XP with secure RDP. Possible? I don't have XP Pro at home to test this though.

 

[swatbat]

VNC is less secure the rdp and slower. With both though you have the ability for someone to get in if they know the port and username/password.

To my knowledge rdp has never been cracked in the real world. They had some man in the middle attacks that have been done in labs but thats about it. Also the nice thing about rdp is pretty much any machine past xp has a client on it.

 

[YeOldeStonecat]

The machine I'm connecting to has a static IP and the wan IP is also static.

So, Microsoft RDP is probably the best solution? I tested it at home and it was pretty easy to set up. I just am not sure if something else may give a better connection.

I don't know if QOS profile will make much of a difference on the DSL users end though?

Another problem I want to add. See, I think my boss is going to tell me to use VNC because that's what they used before, "just because", but I want to use RDP. But I'm going to be the one that has to configure it anyways and that's what kinda pisses me off about it. If I get the "RDP is less secure than VNC because if someone finds out the port # and desktop password they are in" what can I say to defend that?

First...don't listen to the hype that RDP isn't secure. There was a documented "man in the middle" attack against the OLD version, and it was actually an attack against it which was created in a lab environement, and realistically quite difficult to implement in the real world.. The newer version of RDP fixed that.
You can also set the RDP host to "stop answering" after XXX amount of failed login attempts.
Security wise,there's no reason to change the port. Go head if it gives you some false warm and fuzzy feeling, it won't hurt anything. Someone says "well standard ports are scanned and found easily"...So what? I can drive by my bank and stare at the vault door all I want, doesn't mean I'm getting in.

VNC and PcAnywhere and Carbon Copy and TimBukTu...if your boss insists on those because that's what he used in the past..well, did he use Windows 3.1 in the past? Is he still using it now?

Setup all 3...setup LogMeIn (nice and easy and quick and secure and ZERO support needed from you), setup RDP, and setup VNC. Let him "test drive" all 3. I bet he'll get tired of the VNC slideshow, and start using one of the other 2 all the time.

 

[scottatwittenberg]

i think LMI is terrible.
it will work for a few minutes, then get so slow that it is unusable. i will have to reconnect, switch browsers etc, and usually just use a different method. this does not seem to have anything to do with slow connection speeds.. i am not sure if it is the software, or that logmein doesn't have sufficient bandwidth.

 

[YeOldeStonecat]

i think LMI is terrible.
it will work for a few minutes, then get so slow that it is unusable. i will have to reconnect, switch browsers etc, and usually just use a different method. this does not seem to have anything to do with slow connection speeds.. i am not sure if it is the software, or that logmein doesn't have sufficient bandwidth.

The newer version had some hiccups, especially if you did an "upgrade" over the previous version. A clean install...and the latest version...it seemed to get back to where the old version was performance wise. I used it again last week at a client, for their PIPS fireman software support company to do some database upgrades, was pretty average in performance, quicker than VNC for me, almost as quick as RDP.