SEE DESCRIPTION - How to secure remote desktop to safely access your computer from outside your LAN
Вставка
- Опубліковано 11 жов 2024
- THERE IS A MORE UPDATED AND COMPLETE VERSION OF THIS VIDEO HERE:
• The Ultimate Guide to ...
In a previous video I show you how to set up your router to allow remote desktop access to your computer from outside your network. In this video, I show you how to configure and enable 128-bit encryption on those remote desktop connections so you can safely and securely access your computer from outside your network. So for example, you could access your computer at home from your work computer with nothing but Remote Desktop and no other special software and take advantage of the awesome built in features of remote desktop like multiple monitors, shared resources, printing, etc.
Find me here:
Website: jerryboutot.com/
UA-cam: / jerryboutotofficial
Facebook: / jerryboutot
Twitter: / jerryboutot
LinkedIn: / jerryboutot
ReverbNation: www.reverbnati...
Amazon Music: www.amazon.com...
Instagram: / jerryboutot
TikTok: / jerryboutot
OnlyFans: onlyfans.com/j...
Patreon: www.patreon.co...
Twitch: / jboutot
#independentartist #music #newmusic #indiemusic #musicians #musicbiz #indieartist
I spent a few hours between Microsoft's instructions and various other sites with setup instructions. I wish I found your less than 20 min video when I started this process. VERY CLEAR AND CONCISE instructions and I was able to get this to work with the Microsoft RDP Android app via LAN and WAN.Thank you, Thank you, Thank you for taking the time to put this video together! It is very much appreciated.
Thanks Tim! I really appreciate the comment. I'm working on a new one that combines this one and the "previous video" which shows you how to set up your router so the info is combined into one set of instructions. Have a great day!
For anyone still having issues not being able to connect over internet but being able to connect within the network, when port forwarding, your external start/end port is the IP of the machine from ip4.me. The internal is the computers IP you can find from ipconfig in cmd, or whatever you set your static IP address of the computer to be. I spent hours figuring out why and this finally fixed it and it makes sense, the external IP it is watching should be the publicly available IP address
Good stuff. Just upgraded to Windows 10 Pro today specifically for remote desktop, but I'm not turning it on until I understand the security. This has helped quite a bit. Thumbs up.
Thanks!
thanks for the tutorial, this is the only one that actually helped me to set up the wan connection.
Sorry I missed your comment on this video - you should SECURE your remote access to prevent unauthorized access to your network. Here's an updated video - ua-cam.com/video/sax55mrOX54/v-deo.html - I produced with all the steps, including what's in this video, but updated for Windows 10. Thanks!
Very good video, I would suggest adding a task to send an email once a session has been logged on, and enable lockout policies on the account after every 5 times for 15 mins or so
Great suggestion
Oh thank you many times over. Awesome video and perfect English.
You're welcome!
Thanks, excellent guide!
You should SECURE your remote access to prevent unauthorized access to your network. Here's an updated video - ua-cam.com/video/sax55mrOX54/v-deo.html - I produced with all the steps, including what's in this video, but updated for Windows 10. Thanks!
wow this very Helpfully , So thank you ver much jerry 👍
Great tutorial! Thanks for putting it out there.
If i just untick the remote access box, is that enough protection? As i dont want to access away from my computer anyway. this and the Wifi Password? Also if are always on a VPN, does this make it harder to get access anyway? or not?
Wouldn't it be safer to set up VPN then connect to your private network that way and from there connect to your machine? That would eliminate having to port forward. Also set up dynamic DNS so you don't have to have a static IP. Would you agree with this method as a more secure method?
There are a ton of different ways to do this. TeamViewer, Google Remote Desktop, etc., but many of them (if not all of them) are blocked by many companies IT departments. Where I work, it's that way. I can't use any kind of remoting software or VPN that isn't specifically authorized by me. When I did the video, I had a commercial office and while I could use any software, I wanted to make this work without any special extra layer but with an obfusticated port number. Once I got my job where I work now, I was forced to use port 3389 and subsequently had to secure it at home so that my machine can't be reached by anyone but me.
Dynamic DNS - I actually use Dyn but didn't want to overcomplicate the tutorial with another layer of abstraction. Good point, and since this is a popular video I may add another video on how to do that.
the problem with doing that, is that you give an outside user access to everything else on the network, not idea in all cases if you just want them to connect to a terminal server & not a file server, printer or DVR for example, also risk of virus from user outside network to cross onto main network through VPN, that's not possible with just remote desktop. There are easier ways to secure remote desktop.
Thanks a lot. Great tutorial, everything works as its showed. I had one problem anyway, when i changed the PortNumber value in registers, that port was not avaible to connect even in LAN. Tried to restart RDP services, but didnt help.
Did you open the port to your modem pointing to your Server's ip?
Thanks for more information
I am trying to Remote Desktop into my mobile computer, it is using T-mobile 4G/LTE for internet connection. And i would like to remote desktop into that from any computer? T-mobile do not allow changing any port or RD. do you think is there any other SECURE way of connecting to my mobile windows pc, from my home/office computer?
Excellent!
Not working. 12:48 Local IPv4 without the - : - and custom port works, but not with it typed behind the ip. The ip with :3389 behind works though, when trying to connect from another computer on the same network. Also when trying to connect remotely from another network, with router ip : port it does not work to connect to the computer set up for remote desktop. What to do? Ive done all steps perfectly the same way as you, even went back and double-tripple checked and redid it.
Edit: Got it to work! You should mention one have to restart the pc after making the custom port in Regedit. First after the reset the port change actually come into effect. Thanks though, good guide!
same here
Just use Chrome remote desktop. Its safe and get the job done. Very quick and easy to setup. This way is sure a hassle
Also reserve the computer IP inside the dhcp server inside your router. You don't need to use :3389 after the IP unless you have changed it inside the registery editor . You need also to allow the port inside your antivirus firewall . Also you can test if the port is open using canyouseeme.org
so for the EXTERNAL PORT you put 3389 (as this is what you have on your other pc) and for the INTERNAL PORT you have to set 54655 (or whatever port you have setup on your main PC) ?
The EXTERNAL port is the port number you'd use from the remote PC when initiating the RDP session. i.e.
can anyone ans me plz.my bos detective my pc via remote desktop.. i want that he cant access and cant able to see what i doing.. any solution.? sorry bad english
Is a Sonic wall good for Remote Desktop?
Will this work to use your pc on a macbook?
I have followed the exactly same procedure to take remote of my home pc from my work pc but it never worked. Do I need to configure my router with DHCP reservation?
yes you have to allow that port thru your router firewall (port forwarding) if you want it to directly connect that way via the internet.
As long as your Router's Port Forwarding is set up to forward the EXTERNAL port to the INTERNAL port and LAN IP of the Target PC, it should work. HOWEVER, your IT team at work might be blocking all ports except those specifically open. In that case, you either have to ask them to open your non-standard RDP port (EXTERNAL port on the Router) or just use 3389 as the external port. Just keep in mind you may see lots of hack attempts in the router log, but that doesn't mean they're getting in. If you secure the connection and only allow specific users and that user account has a very strong password, they can try all they want but it's not likely they'll ever get in to the PC.
What is the reasoning for using a five digit alternate RDP port as opposed to a four digit number??
It is a little bit more secure. My recommendation is to use ports greater than 10,000 because most bots scan lower ports
Did you mean to set the RDP port to custom but then NOT set the Router to open THAT port? You used 54665 as an example of the custom port, but then you set the router to open port 3389 (default). Should that have been the matching custom port number? Perhaps using 3389 and then logging into ip with the :54665 remedies that?
I have mine set up to use 3389 on the router forwarded to 3389 on my PC because my workplace will not open any ports. I do say "for the sake of argument, you should use a 5 digit number" but explain that I have to use 3389. I show you where to change it if you need to change it. If I had it my way, I would use a 5 digit number for the port on the router and forward it to a different 5 digit number set up on the PC. That's the most secure because it would prevent any other computers on your internal network from using RDP to gain access to your computer (especially useful if you have WiFi). All of this is just unnecessary, anyway, if you use something like TeamViewer or Google Remote Desktop. My workplace doesn't allow any of them, so I'm stuck using 3389 on the router.
Thank you for your video and prompt reply. You do not note at all that this setting should match what is set as the custom port on the computer. You just say set it to 3389. Didn't make sense to me, so I was just confirming that it should match the changed port, if that was done. Very clear directions. I connected today from an off-site location and feel good about the security. Great video and much appreciated step-by-step settings instructions! Happy to not be paying a 3rd party service to remote into my own computer.
Thanks Jer. If I set the IP address on my computer to static, it only works a couple of days then I can't connect and the internet goes down. Is there a way to set the static IP? Thanks.
I learned this one the hard way. Make sure when you set a computer to have a static IP address, that you set the IP outside of the automatic range of the DHCP. For example, if the DHCP is set to deal out IP addresses in the range of 192.168.1.50 through 192.168.1.150, make sure you static IP is outside of that range. Otherwise when devices need an IP address, or renew their IP lease. The router, not knowing that the IP is already taken, will assign it to another device. This causes a conflict. Hope this help someone although it is likely late for you
Reserve an IP inside your router dhcp server and not on the actual pc
perfect video!
Hi Jerry, May i know how do i find out what is the allowed port for my office network so that i can connect to my PC at home ?
3389 is the default port. As long as you secure the PC this way using 3389 isn't as dangerous. Although you will see lots of external access attempts in the router log because hackers always try to get in on the known ports. Ask your IT Manager if there is an open port number you can use other than 3389. You can use any port number as long as it's not used by something else on your home network router. Then set up the router to forward that port to 3389.
the last sentence should have read "then set up the home router to forward the obscure port you want to use to your pc's IP address and port 3389 (unless you used a custom port on the PC itself, then forward the router to that custom port).
The pc i want to connect remotely from my home and when am configurong it, do that office pc must have a router or should not?. Please some body help me.
For me remote desktop does't show up on sysdm.cpl, only remote assistances.
like having remote access multisession windows 7 sp1
I followed everything on both videos, and I still can't connect from outside of my network (inside the home network is fine)
I finally figured out my problem. When port forwarding I used my home IP for both external and internal start/end ports like in the video... I had to change it so that the external start/end port was the ip given by ip4.me
@@MrComicallyBad thanks, I'll take a look.
Why are you enabling Remote Assistance Invitations?
Good question. I'm not specifically enabling it for this particular tutorial. It just happened to be enabled already when I started taking the video.
Why doesn’t windows 10 lockout
RDP after 5 or 10 try’s of incorrect
Passwords
I think you have to set up a policy for that. I'm working on a new version of this video and I'll include setting up the policy. Thanks for the tip.
How many people can log into the machine at once?
+XhellscreamX I'm pretty sure only one person can log on to remote desktop on a windows machine. On a server, it can be two. Unless you get the Terminal Services licenses for a server which allow you to have more than two, but you pay $$$ for each license.
RDC is on my PC, but i have none of these settings. secpol.msc etc.....could someone explain why
if you are using the "home" version of Windows it will restrict you from accessing many of the "pro" settings. Or if you are not a local admin, that might hide certain settings. These instructions are geared towards local admins on Windows Pro. However if you are using Windows Pro and you ARE a local admin on the machine, then check the Programs and Features and click "Turn Windows Features on or off" on the left side. From there, you will want to review the settings for Windows to see if anything is not "turned on" that should be. I'm not sure which settings that would be so maybe you might want to do a search for "recommended settings for secure rdp".
Thank you so much, i will try it. subscribed!
One more question. if i turn on a VPN on my PC then connect the RDC. would this help in decreasing IP leakage because my host PC is running a VPN. please advise
Changing default RDP listening port to custom, and then forwarding default RDP port on router to the custom port doesn't make any sense
Yes it does. On the target PC, changing the port would prevent any RDP connections from remote computers. On the router you have to map 3389 to your modified port number, otherwise you'll never be able to connect to that PC.
I followed some instructions from Microsoft's KB to make this video, and I think the custom port on the PC itself is to prevent anyone on your network from gaining access to RDP without turning it off completely. They would have to know the port. This is especially important if you have WiFi. But you can leave the PC at 3389 and the port forward an obscure port number to your PC's IP address and port 3389. In the video I'm just showing you where to go to set configure a custom port number for RDP if you want to.
@@jerryboutot there are automated scanners that scan for RDP listeners.
This is not very safe. What you want to do is set up a VPN to your home network. You can run it either on a router or on a nas or plenty of other devices. Once you are in your network you can use RDP. Another thing you can do is set up a firewall rule to lock out certain IPs . But this on its own is not safe
Still waiting for your reply.
Try AEROADMIN as well. It's free and secure
Do not do this! This is easily exploited.
SEE DESCRIPTION - there's a new version. UA-cam doesn't allow editing existing videos so I can't put a callout over the video.
FYI it's not easily exploited - this is straight out of Microsoft's KB on best practices for securing RDP.
Frankly i don't see anything special here.. was expecting something more substantial.. like two factor authentication or some new trick. but this is standard run of the mill stuff with some specific enforcements.
Joe you are so right - for anyone with networking skills and experience this is run-of-the-mill stuff. However, for most "mere mortals" that don't work in IT it's just one of many ways to solve the problem of secure connections. Since I'm not a networking guy I had to search for the solution for myself, and I made the video for others like myself, not for experienced IT professionals. Personally, I would prefer to use TeamViewer and forgo all this manual intervention, but my IT department at work doesn't allow TeamViewer on any PC or Server so a manually configured secure remote desktop connection is a simple solution.
If your IT department (I assume that you are not in that department, since you talk about them in the 3rd person) doesn't allow TeamViewer, then why would you act to make changes to your computer without their approval. If they won't allow TV, then they surely don't like RDP/SSH over the public internet.