Archived from groups: microsoft.public.windowsxp.general,microsoft.public.backoffice.smallbiz (
More info?)
Ok, I will have to investigate RWW. I've heard a little bit about it.
Thanks! Have a blessed day!
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:%23htQkNnnFHA.3256@TK2MSFTNGP12.phx.gbl...
> you are not operating in an optimal manner. Your solution allows only one
> person at a time TS access and unnecessarily exposes port 3389 to the
> internet. Investigate RWW.
>
> "Anthony Smith" <anthony@peconet.com> wrote in message
> news:edzTAHnnFHA.3312@tk2msftngp13.phx.gbl...
>> Thanks for the help! See my other post that I posted today for the
>> solution.
>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
>> news:%23kAvpQfnFHA.3120@TK2MSFTNGP09.phx.gbl...
>>> I've gotta ask, is this server an SBS 2003 or just a plain W2003Server?
>>>
>>> You mention ISA and Exchange and have posted to the SBS4.x newsgroup, so
>>> I gotta wonder.
>>>
>>> If it is SBS2003 you need to investigate Remote Web Workplace (RWW)
>>> which will allow users to connect to any PC behind the SBS and
>>> additionally allow administrators to connect to the server desktops
>>> using a process known as RDP proxy. You log in to RWW using HTTPS and
>>> the RDP Proxy will accept multiple connections in port 4125 and redirect
>>> them to the desktops (or TS's) port 3389.
>>>
>>> SBS public Newsgroups:
>>>
>>> SBS 4.x: microsoft.public.backoffice.smallbiz
>>> SBS 2000: microsoft.public.backoffice.smallbiz2000
>>> SBS 2003: microsoft.public.windows.server.sbs
>>>
>>>
>>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>> news:Ob2QP8enFHA.3552@TK2MSFTNGP10.phx.gbl...
>>>> Hi Anthony,
>>>>
>>>> I am with neither group... just an independent consultant that was
>>>> looking
>>>> for help with some XP issues, and try to contribute back to the
>>>> newsgroups
>>>> when I am using them. So, I have been replying from the XP newsgroup.
>>>>
>>>> Yes, with only one IP address, you re only going to be able to expose
>>>> one
>>>> 'Terminal Server'.
>>>>
>>>> You may be able to try to initiate a connection with the ISA server
>>>> using
>>>> another port #, and use the difference in port numbers to determine
>>>> which
>>>> server/PC to forward the request to, but you will still need to forward
>>>> it
>>>> to the box you intend to remote control over the same 3389 port. I am
>>>> not
>>>> sure if ISA 2004 supports that.
>>>>
>>>> A VPN my be another way to go, but I know they can be complicated to
>>>> set-up,
>>>> (though I have heard it is easier with ISA 2004... I still use ISA
>>>> 2000),
>>>> and that would be outside of my expertise.
>>>>
>>>> If you still want to try to do it without VPN and see if you can use
>>>> different ports on the same IP to determine the destination, I may be
>>>> able
>>>> to still help.
>>>>
>>>> Good Luck.
>>>>
>>>> Keith C. Jakobs, MCP
>>>>
>>>>
>>>> "Anthony Smith" <anthony@peconet.com> wrote in message
>>>> news:uNFD4zenFHA.708@TK2MSFTNGP09.phx.gbl...
>>>>> We have the 3389 open because we use Terminal Server. I actually
>>>> sometimes
>>>>> do some admin stuff while I'm on the road so I'd like to continue to
>>>>> have
>>>>> access to the server instead of forwarding everything to my boss'
>>>>> machine.
>>>>> Is there another way? Maybe setting up a VPN or something.
>>>>>
>>>>> So I know who I'm talking to, are you with the SBS group or the XP
>>>>> group?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>>>> news:uyPb4KenFHA.3304@tk2msftngp13.phx.gbl...
>>>>> > Hi Anthony....
>>>>> >
>>>>> > Looks like you are in a good position to set this up with a
>>>>> > reasonable
>>>>> > amount of security in place, and without having to resort to those
>>>>> > drinking
>>>>> > parties (hic) ;-)
>>>>> >
>>>>> > First. make sure you can get Remote Connection running before
>>>> establishing
>>>>> > a
>>>>> > connection from outside the network. Make sure it has been
>>>>> > enabled....
>>>>> > that
>>>>> > it can accept incoming requests without an invitation from the host,
>>>>> > and
>>>>> > make sure that if Windows Firewall has been enabled, that you have
>>>> allowed
>>>>> > exceptions for Remote Connections. Also, you may want to limit
>>>>> > those
>>>> who
>>>>> > can strt remote control sessions to just you and your boss. Then be
>>>> sure
>>>>> > you can actually connect to the box from another computer inside the
>>>>> > ISA
>>>>> > Firewall before you proceed to the next step.
>>>>> >
>>>>> > The next thing is you will need to publish a rule in ISA Server that
>>>>> > allows
>>>>> > your boss' work computer to be available on the Internet for remote
>>>>> > control.
>>>>> > You will want to open ONLY port 3389 within this rule (Microsoft RDP
>>>>> > [Remote
>>>>> > Desktop Protocol]), and ideally, allow ONLY the fixed IP address
>>>>> > that
>>>> your
>>>>> > boss uses at home to even connect to this 'published' service. What
>>>> your
>>>>> > boss uses to connect to will be dependent on how many public IP
>>>> addresses
>>>>> > you have available to you. If there is only one on your ISA Server,
>>>> then
>>>>> > you will likely only be able to enable one box for remote
>>>>> > connectivity.
>>>>> > In
>>>>> > that case, if your boss tries to connect to the server they way he
>>>>> > has
>>>>> > been,
>>>>> > and your ISA publishing rule tells it to redirect all requests for
>>>>> > Port
>>>>> > 3389
>>>>> > on that IP address to his internal work computer, then it should
>>>>> > connect
>>>>> > him
>>>>> > to his office XP system.
>>>>> >
>>>>> > Hope that helps get you started.
>>>>> >
>>>>> > Good Luck.
>>>>> >
>>>>> > Keith C. Jakobs, MCP
>>>>> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>>>> > news:u2cpDudnFHA.3316@TK2MSFTNGP14.phx.gbl...
>>>>> >> Thanks for the reply, let's see if we can answer these questions:
>>>>> >>
>>>>> >> > 1) Is your company network behind a firewall or does one
>>>>> >> > computer
>>>>> >> > share
>>>>> >> > its
>>>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>>>> >> Yes we have firewall hardware and use the Win2003 server ISA. Our
>>>> server
>>>>> >> has 2 NIC, 1 is the internal network, the other is for our high
>>>>> >> speed
>>>>> >> access. The high speed goes through the firewall, then connects to
>>>>> >> the
>>>>> >> server.
>>>>> >>
>>>>> >> >
>>>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>>>> >> > from
>>>> at
>>>>> >> > home? Do you know if he has a fixed IP address? (This helps
>>>>> >> > with
>>>>> >> > security,
>>>>> >> > if you have to open up features like remote control, you might be
>>>> able
>>>>> > to
>>>>> >> > open those features ONLY to his address if it doesn't change).
>>>>> >> He has high speed cable connection and to the best of my knowledge
>>>>> >> it
>>>> has
>>>>> > a
>>>>> >> fixed IP address.
>>>>> >>
>>>>> >> >
>>>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>>>> start
>>>>> >> > using
>>>>> >> > it if he wants to use the built-in remote control features of XP.
>>>>> >> No he doesn't use Windows/MSN Messenger but we can.
>>>>> >>
>>>>> >> >
>>>>> >> > 4) Would he be willing to consider (purchase) a third party
>>>>> >> > program?
>>>>> >>
>>>>> >> We'd prefer not to. We're you thinking about PC Anywhere. I was
>>>>> >> hoping
>>>> we
>>>>> >> could use what we have without purchasing any 3rd parties...people
>>>> often
>>>>> > get
>>>>> >> drunk at parties, and I'm not that type of drinker! (smile)
>>>>> >> >
>>>>> >> > 5) Are both systems updated to SP2?
>>>>> >>
>>>>> >> Yes we have SP2 running, if he doesn't at home I'll make sure he
>>>>> >> does.
>>>> He
>>>>> >> has 2 computers for home use, a company laptop which he uses often
>>>>> >> and
>>>> a
>>>>> >> desktop. I know the laptop has SP2 installed. All we're
>>>>> >> interested in
>>>>> >> is
>>>>> >> getting the laptop to connect remotely to his office computer, we
>>>>> >> don't
>>>>> > have
>>>>> >> to worry about the other one at his home.
>>>>> >>
>>>>> >> "Keith Jakobs, MCP" <elohir@NOSPAM.hotmail.com> wrote in message
>>>>> >> news:u8KrwKdnFHA.320@TK2MSFTNGP09.phx.gbl...
>>>>> >> > Hi Anthony:
>>>>> >> >
>>>>> >> > Yes, this can be done, and can be done quite easily under certain
>>>>> >> > conditions, but doing so also introduces a whole bunch of
>>>>> >> > potential
>>>>> >> > security
>>>>> >> > issues, and would very much depend on the specific configuration
>>>>> >> > of
>>>>> >> > your
>>>>> >> > Internet Access.
>>>>> >> >
>>>>> >> > First, if you are behind firewall or gateway (or are sharing
>>>>> >> > your
>>>>> >> > internet
>>>>> >> > connection through one single computer), you will first have to
>>>>> >> > solve
>>>>> > the
>>>>> >> > connection issue. In this case, your boss wont be able to find
>>>>> >> > the
>>>>> > office
>>>>> >> > computer on the Internet on its own. His office computer will
>>>>> >> > need
>>>> to
>>>>> >> > establish an outside connection first, and again this can
>>>>> >> > introduce a
>>>>> >> > whole
>>>>> >> > bunch of security issues.
>>>>> >> >
>>>>> >> > Windows Messenger offers a lot of features to mke this possible,
>>>>> >> > but
>>>>> >> > depending on your configuration, by the time you enable all the
>>>>> > features,
>>>>> >> > you may as well tell the whole free world your boss' computer in
>>>>> >> > on
>>>> the
>>>>> >> > net
>>>>> >> > for remote control by just about anyone.
>>>>> >> >
>>>>> >> > So in order to avoid a lengthy diatribe, lets start with the
>>>> following
>>>>> >> > questions:
>>>>> >> >
>>>>> >> > 1) Is your company network behind a firewall or does one
>>>>> >> > computer
>>>>> >> > share
>>>>> >> > its
>>>>> >> > Internet access with all computers (i.e., NAT enabled)?
>>>>> >> >
>>>>> >> > 2) What kind of connectivity does your boss hve to the Internet
>>>>> >> > from
>>>> at
>>>>> >> > home? Do you know if he has a fixed IP address? (This helps
>>>>> >> > with
>>>>> >> > security,
>>>>> >> > if you have to open up features like remote control, you might be
>>>> able
>>>>> > to
>>>>> >> > open those features ONLY to his address if it doesn't change).
>>>>> >> >
>>>>> >> > 3) Does he use Windows/MSN Messenger? He will probably have to
>>>> start
>>>>> >> > using
>>>>> >> > it if he wants to use the built-in remote control features of XP.
>>>>> >> >
>>>>> >> > 4) Would he be willing to consider (purchase) a third party
>>>>> >> > program?
>>>>> >> >
>>>>> >> > 5) Are both systems updated to SP2?
>>>>> >> >
>>>>> >> > Lets start with those, and see what can be done to help you.
>>>>> >> >
>>>>> >> > Keith C. Jakobs, MCP
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >> > "Anthony Smith" <anthony@peconet.com> wrote in message
>>>>> >> > news:%23FbCNmcnFHA.2904@tk2msftngp13.phx.gbl...
>>>>> >> >> Good Afternoon,
>>>>> >> >>
>>>>> >> >> I hope everyone is doing GREAT! today. We have a small office
>>>>> >> >> and
>>>> we
>>>>> > are
>>>>> >> >> running Win 2003 Server. My boss would like to access his
>>>>> >> >> office
>>>>> >> >> computer
>>>>> >> >> from his house. The office computer is running Windows XP Pro,
>>>>> >> >> and
>>>>> >> >> his
>>>>> >> > home
>>>>> >> >> computer is running XP Pro also.
>>>>> >> >>
>>>>> >> >> We currently use Terminal Services to access the network, ie
>>>>> >> >> Outlook
>>>>> > Web
>>>>> >> >> Access primarily. But as you know that appears to be limited to
>>>>> >> >> programs/applications on the server.
>>>>> >> >>
>>>>> >> >> Is there a way I can set up access to my boss' workstation here
>>>>> >> >> in
>>>> the
>>>>> >> >> office for remote access? I'm not sure if this is a smallbiz
>>>> question
>>>>> > or
>>>>> >> >> a
>>>>> >> >> windows xp. We have high speed access here at the office.
>>>>> >> >> XP has that remote desktop feature that will allow you to
>>>>> >> >> control a
>>>>> >> > computer
>>>>> >> >> but I'm not sure if I can use this inside of a office network,
>>>> because
>>>>> >> > when
>>>>> >> >> I try the IP address I get the server instead of a workstation.
>>>>> >> >>
>>>>> >> >> Please advise, thanks!
>>>>> >> >>
>>>>> >> >> Sincerely,
>>>>> >> >> Anthony Smith
>>>>> >> >> In God We Trust!
>>>>> >> >>
>>>>> >> >>
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Facebook
Twitter
Instagram