Providing a user-friendly, secure and reliable remote shared data access solution is an essential IT service that will effect the day-to-day productivity and satisfaction of your staff. Whether you have a need to support one remote account or 10 thousand, one such solution that facilitates a user-friendly experience while minimizing complexity for Systems Administrators is Microsoft’s Remote Desktop Connection. This method allows personnel to log-in to their own personalized desktop from any remote location just as if they were sitting at their own PC in the office. As a type of “thin-client”, the remote PC only relays the keyboard, mouse and screen display while the work of processing application software and managing shared file storage remain with the corporate server. All that is required by the telecommuter is a basic PC and a high-speed Internet connection.

Every Microsoft Windows operating system includes the RDC client software and every Windows PC (except the Windows “Home” version) is capable of hosting at least one Remote Desktop connection. This means that even if your company does not have a full Microsoft sever it is still possible to implement a basic RDC solution with no additional software costs.
The underpinnings to RDC are provided by Microsoft’s Terminal Services. Entry-level Microsoft server operating systems allow for a maximum of two simultaneous connections beyond which additional Terminal Services licenses are required.

  1. Remote personnel are provided with the same, familiar desktop and applications that they see while working from within the office
  2. A single-point of administration for security, user privileges and application software reduces cost and complexity for Systems Administrators.
  3. The office PC can be accessed from anywhere that an Internet connection is available.

    The most difficult aspect involves configuring the corporate network appliance such as an Internet router or firewall. A rule must be created that will forward inbound requests received on the public Internet Protocol (IP) address to the appropriate internal, private IP address of the Terminal Server or dedicated workstation.
    RDC utilizes IP port number 3389 by default. For example, if the private IP address of the Terminal Server or dedicate workstation you want to connect to is, and the public IP address of the office is, then the following firewall/router rule is required: TCP Inbound -->
    This type of rule is commonly assigned under the “Port Forwarding” or “Applications” section of Internet firewalls.

    TESTING Ensure Terminal Services is running and accessible from within the office by opening a Remote Desktop Connection on an available PC and enter the PRIVATE IP address of the Terminal Server in the “Computer” field and click “Connect”.
    To test remotely, the forwarding rule must be in place. Open Remote Desktop Connection on the remote client PC and enter the PUBLIC IP address of the office in the “Computer” field and click “Connect”.
    Sometimes port 3389 can be blocked by Internet Service Providers. An alternative is to use Terminal Services Web (see TSWeb note 4) or a Virtual Private Network (see VPN note 5 ). A VPN solution in conjunction with a firewall provides more robust security and protection against denial-of-service and other attacks.
  1. To determine the public IP of the office:
    1. from the office, visit
  2. To display the private IP of the Terminal Server/Workstation:
    1. Click Start-->Run
    2. Type cmd [ press enter]
    3. Type ipconfig [press enter].
  3. To enable Remote Desktop on a Windows workstation (unavailable on MS Windows “Home” versions):
    1. Right-click “My Computer”
    2. Click “Properties”
    3. Click “Remote” tab
    4. Place a check in the “Allow Remote Connections” box
    5. Click “OK”
  4. TSWeb is an Active-X plug in for Internet Explorer that acts as a gateway to Terminal Services. This allows RDC to be carried over HTTP on port 80 rather than port 3389 (which can sometimes be blocked by ISPs). With a TSWeb solution, all the client requires is Internet Explorer rather than the Remote Desktop Connection client.
  5. When connecting over a VPN, the private IP of the Terminal Server/Workstation should be used in the “Computer” field when starting Remote Desktop Connection.
  6. IP addresses on the office side should be statically assigned so that they never change.
  7. In order for remote users to see the same desktop as they do when they log in locally, each user account must have the Terminal Services user profile path set in Active Directory to the same UNC path as their local profile.  
  8. RDC client software is also available for non-Windows clients such as Linux/Mac



Dynamic Page QR Code

Popular Posts

My LinkedIn PingTag

View My Stats