Question Set up remote desktop connection in workgroup

[miha2]

TL;DR: I need to have my laptop be able to connect to my desktop while not on the same network; both of them are in the same workgroup.

Hi everyone,

First things first. Given: a laptop and a desktop. I (actually, my relative, but that's not the point; I'll be doing a majority of the tech stuff) need to connect a laptop to a desktop by means of RDP. The two computers are on the same workgroup (I know Windows Server would be an ultimate solution, but... come on, it's just two computers; why have so much hassle for only 2 computers, right?) The desktop has a MS account, the laptop has a local account. I enabled the remote session on the desktop, but...
1. How do I sign into the desktop from a laptop in RDP? At least, to test it first, whether the remote session would work. Remember that the desktop has a MS account
2. What do I need to do to enable the remote session while the laptop is outside the local network? The more secure the remote session would be the better... (Although I realize the ultimate solution is just to unplug the computer from Internet and not use external storage media at all. But still...)

I'm pretty good with computers, but not good with setting up remote sessions outside of the domains just yet. So any help would be appreciated.

P.S. I did a Google search, but found only "not so safe" ways to do it. Is there a more secure way to connect the two computers?

 

[Secret-Squirrel]

...................2. What do I need to do to enable the remote session while the laptop is outside the local network?........................

If you need to access the desktop computer via the WAN then the desktop PC will need a Pro version of Windows and a fixed public IP address. You'll also need to open some ports in the router. Doing that will expose the desktop to everyone on the Internet so it's not recommended at all.

Other remote-control options are available though. TeamViewer is one and it's free for personal use. You can access the desktop directly via its private IP address. For that to work you need to allow "incoming LAN connections" on both TeamViewers. If the desktop is not on the same LAN then you can access it over the WAN using its ID.

 

[Secret-Squirrel]

.........................PS: I forgot to say that if you decide on TeamViewer then your laptop will need the full version while the desktop will just need the simple "QuickSupport" version.

 

[miha2]

...fixed public IP address. You'll also need to open some ports in the router. Doing that will expose the desktop to everyone on the Internet so it's not recommended at all.

So Remote Desktop is not an option at all in that case? So how do the large companies have remote desktop then? Just out of curiosity; no pun intended.

TeamViewer is a bit on a more expensive side; this is why I was thinking about RDP in the first place. I understand everybody wants their piece of a pie, but hey, both the laptop and the desktop have Windows Pro on them, so... MS already has their piece, why share it with anybody else? Does it make sense?

Chrome Remote Desktop is not an option either, because it's prompting for a PIN for each session. So if there are any better (and free/really cheap) options, I might consider those; but paying $13.90/mo here, $x there, $y somewhere else... I'm not complaining, I'm just saying that Teamviewer isn't worth it for one computer; for large organizations - sure, why not; for one computer/one user - def no. I'm sorry, I just had to say it. It's too expensive.

 

[lantis3]

Anydesk, no MS or AnyDesk account required.

Install and set a password. Of course you have to write down and remember the 10 digit ID

No port forwarding required.

Another way is setup a VPN (ZeroTier or Tailscale) and use RDP, also no port forwarding required. Just use given virtual IP or computer name.

All of the above shouldn't matter with domain/workgroup, I guess. Haven't deal with domain for a long time, however.

RDP in a domain does need a RDP server license though.

 

[miha2]

OK.... Here's another question. NordVPN has a feature called MeshNet. Will that work as sort of port forwarding/will it help with setting up the remote session?

Anydesk is again, not free/cheap. From what I could find. Please correct me if I'm wrong.

 

[lantis3]

Anydesk is Free for personal use. It even works behind double NAT.

I have used it for over 4 years, easy, no hassle, again no port forwarding required.

OK , NordVPN MeshNet is free too. But I haven't investigate yet.

 

[miha2]

They claim MeshNet is for free...

But either way, $55/year is about $4.58/mo, which is cheaper than $13.90 for TeamViewer and $14.something for Anydesk. Technically, my relative needs it for work, access the desktop to work for business. So it's not going to be the free version. Sorry I didn't mention it sooner. Which yet again returns us to RDP and MeshNet? Or are there still other options?

 

[lantis3]

MeshNet is a VPN, like ZeroTier or Tailscale. All of the VPNs have nothing to do with remote control. They just join all devices into one virtual network.

Remote control is just another service running on top of the VPN network if you want.

MeshNet is like ZeroTier and Tailscale, does not need to use or support port forwarding since all connected devices/PCs are in the same network (same virtual IP range) once it's setup.

I don't judge license issues, you make the decision.

NordVPN is completely different from NordVPN Meshnet.

Port forwarding: Setup, types, risks, and relation to VPNs

What is port forwarding? Can it boost your internet speeds? Or will it open your router up to hackers and data thieves? Find out today.

nordvpn.com

NordVPN or most other VPN providers provide an exit point/location for your device, you can't join other VPN users into a group . Yet NordVPN/ZeroTier/Tailscale let you create and join a virtual network/group of you own.

 

[miha2]

"To control a device remotely, you’ll need a remote access app. While it should come preinstalled (like Remote Desktop on Windows 10 and 11), in some cases you may need to download a free remote access app (for example, Remmina for Linux or VNC for macOS.)

After you enable remote access on the target device, use NordVPN’s free Meshnet feature to create a private network. Not only does it not require a NordVPN subscription but it will also help you keep your devices safe and prevent common connectivity issues you’d experience if you weren’t using Meshnet." - from FAQ on their website, https://nordvpn.com/meshnet/remote-access/

"Remote access is a method allowing you to access your device from afar. But to avoid punching holes in your network security, you must make sure your remote access method is secure. The easiest way to do that is with Meshnet. With a click of a button, the app creates a private network only invited devices can access."

 

[miha2]

I've heard of ZeroTier. So... once I have a "private network" both computers will be thinking they're on the same network, and so RDP will be possible? (Also, please read the comment above)

 

[lantis3]

I've heard of ZeroTier. So... once I have a "private network" both computers will be thinking they're on the same network, and so RDP will be possible?

Yep. Same is Tailscale. My experience is Tailscale is faster.

Again, I have no experience with NordVPN's MeshNet.

View: https://www.youtube.com/watch?v=eCXl09h7lqo

 

[miha2]

OK, so I'll consider using the VPN (as in ZeroTier or MeshNet, or Tailscale) in that case. Thank you.

Now the question is how do I sign into the RDP with a MS account? That is, example@contoso.com for example. From what I understand, the "@contoso.com" part is seen the same way as contoso.com\example (example in this case being a local account and contoso.com as... domain... simply saying) and so it's looking for the computer on the "contoso.com" network, and not in a workgroup... Am I right?

 

[lantis3]

If domain name is apex.local or apex.com and user name is tomcruise then remote user should use tomcruise@apex.local or tomcruise@apex.com as username and password while using RDP

workgroup in a virtual thing, it exist just because PCs are always broadcasting their existence. It's not stored anywhere (well, maybe host names cache) or any database even if there is a server running on a Workgorup network.

A domain instead has a database that registers a lot of objects on the network.