Connecting to a Remote Desktop host over your network
is easy to set up and fast, but your local area network might not
always be so local. If you’re traveling, what do you do if you want to
connect to your desktop or to the desktop of some computer on your
network? This is possible, but it requires some care to ensure that you
don’t open up your computer or your network to Internet-based hackers.
Caution
Besides
the security precautions I present in this section, you should also set
up your accounts with robust passwords. Using Remote Desktop over the Internet
means that you open up a small window on your network that is at least
visible to others on the Net. To ensure that other Internet users cannot
exploit this hole, a strong password is a must.
To configure your system
to allow Remote Desktop connections via the Internet, you need to
perform these general steps. (I explain each step in more detail in the
sections that follow.)
1. | Configure Remote Desktop to use a listening port other than the default port.
|
2. | Configure Windows Firewall to allow TCP connections through the port you specified in step 1.
|
3. | Determine the IP address of the Remote Desktop host or your network’s router.
|
4. | Configure
your network router (if you have one) to forward data sent to the port
specified in step 1 to the Remote Desktop host computer.
|
5. | Use the IP address from step 3 and the port number from step 1 to connect to the Remote Desktop host via the Internet.
|
Changing the Listening Port
Your first task
is to modify the Remote Desktop software on the host computer to use a
listening port other than 3389, which is the default port. This is a
good idea because there are hackers on the Internet who use port
scanners to examine Internet connections (particularly broadband
connections) for open ports. If the hackers see that port 3389 is open,
they could assume that it’s for a Remote Desktop connection, so they try
to make a Remote Desktop connection to the host. They still have to log
on with an authorized username and password, but knowing the connection
type means they’ve cleared a very large hurdle.
To change the Remote Desktop listening port, follow these steps:
1. | Select Start, type regedit, and then press Enter. The User Account Control dialog box appears.
|
2. | Enter your UAC credentials to continue. Windows 7 opens the Registry Editor.
Caution
I would be remiss if I
didn’t remind you the Windows 7’s Registry contains settings that are
vitally important for both Windows 7 and your installed programs.
Therefore, when you’re working with the Registry Editor, don’t make
changes to any keys or settings other than the ones I describe in this
section, and make a backup of the Registry before you make any changes.
|
3. | Open the following branch:
HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp
|
4. | Double-click the PortNumber setting to open the Edit DWORD (32-bit) Value dialog box.
|
5. | Select the Decimal option.
|
6. | Replace the existing value (3389) with some other number between 1024 and 65536, as shown in Figure 1.
|
7. | Click OK.
|
8. | Reboot the computer to put the new port setting into effect.
|
Configuring Windows Firewall
Now you have to configure
Windows Firewall to allow data to pass through the port you specified
in the previous section. Here are the steps to follow:
1. | Select Start, type wf.msc, and then press Enter. The Windows Firewall with Advanced Security window appears.
|
2. | Click Inbound Rules.
|
3. | In the Actions pane, click New Rule to launch the New Inbound Rule Wizard.
|
4. | Click Port and then click Next. The Protocol and Ports dialog box appears.
|
5. | Make sure the TCP is selected.
|
6. | Activate the Specific Local Ports option and use the text box to type the port number you specified in the previous section.
|
7. | Click Next. The Action dialog box appears.
|
8. | Click Allow the Connection and then click Next. The Profile dialog box appears.
|
9. | Activate
the check box beside each profile you use (Domain, Private, or Public),
and then click Next. The Name dialog box appears.
|
10. | Use
the Name text box to make up a name for this exception. This is the
name that appears in the Exceptions tab, so make it reasonably
descriptive (for example, Remote Desktop Alternate).
|
11. | Click Finish to put the exception into effect.
|
Determining the Host IP Address
To connect to a remote desktop via the Internet, you need to specify an IP address rather than a computer name. The IP address you use depends on your Internet setup:
If the Remote
Desktop host computer connects directly to the Internet and your
Internet service provider (ISP) supplied you with a static IP address,
connect using that address.
If
the host computer connects directly to the Internet but your ISP
supplies you with a dynamic IP address each time you connect, use the
IPCONFIG utility to determine your current IP address. (That is, select
Start, type command, and then select Command Prompt to get to the command line, type ipconfig, and press Enter.) Make note of the IPv4 Address
value returned by IPCONFIG (you might need to scroll the output up to
see it) and use that address to connect to the Remote Desktop host.
If
your network uses a router, determine that router’s external IP address
by examining the router’s status page. When you set up your Remote
Desktop connection, you connect to the router, which will then forward
your connection (thanks to your efforts in the next section) to the
Remote Desktop host.
Tip
Another way to
determine your router’s external IP address is to navigate to any of the
free services for determining your current IP. Here are two:
WhatISMyIP (www.whatismyip.com)
DynDNS (http://checkip.dyndns.org)
Setting Up Port Forwarding
If your network uses a
router, you need to configure it to forward data sent to the port
specified in step 1 to the Remote Desktop host computer. This is port forwarding, and the steps you follow depend on the device.
Figure 2
shows the Port Forwarding screen of the router on my system. In this
case, the firewall forwards data that comes in to port 12345 to the
computer at the address 192.168.0.56, which is the Remote Desktop host.
Consult your device documentation to learn how to set up port
forwarding.
Connecting Using the IP Address and New Port
You’re now ready to make the connection to the Remote Desktop host via the Internet. Here are the steps to follow:
1. | Connect to the Internet.
|
2. | Select Start, type remote, and then select Remote Desktop Connection in the search results.
|
3. | In
the Computer text box, type the external IP address of the router or
remote computer and the alternative port you specified in step 1,
separated by a colon. Figure 3 shows an example.
|
4. | Set
up your other Remote Desktop options as needed. For example, click
Options, display the Experience tab, and then select the appropriate
connection speed, such as Modem (28.8Kbps), Modem (56Kbps), or Broadband
(128Kbps–1.5Mbps).
|
5. | Click Connect. |