Networking optimize

How do I... Configure Windows Small Business Server 2003 R2 Remote Access?

Windows Small Business Server possesses powerful remote administration features. Follow these step-by-step procedures to get remote administration installed and configured in your enterprise.

This article is also available as a TechRepublic download.

The ability to remotely administer Windows Small Business Server can prove priceless. Adding new users, resetting account lockouts and passwords, reviewing event logs and troubleshooting numerous other common issues needn't require an in-person visit to the office on weekends or remote facilities, even, on weekdays.

Windows Small Business Server possesses powerful remote administration features. They're so important to productivity and the OS' maintenance, in fact, that the SBS To Do List (activated at installation) dedicates its third configuration step specifically to configuring remote access and VPN connections. (Figure A)

Figure A

SBS 2003 R2's Server Management To Do List dedicates its third step to configuring remote access.

Running the Remote Access Wizard

Real world experience quickly teaches administrators to leverage the numerous Windows Small Business Server 2003 R2 wizards; trying shortcuts or manually configuring SBS 2003 R2 settings is a recipe for disaster. Don't do it. Use the wizards.

SBS 2003 R2 (like SBS 2003) includes a wizard dedicating to configuring remote connections. To access the Remote Access Wizard:

  1. Click Start.
  2. Open the Server Management console.
  3. Highlight the To Do List.
  4. Click the Start link for Configure Remote Access (the third step) within Network Tasks.

The Remote Access Wizard, in addition to configuring remote connections for the SBS box, also provides an opportunity to set secure password policies. Here's how it works:

  1. Upon executing the Remote Access Wizard, the first page administrators see is the Welcome To The Remote Access Wizard screen. Click Next to continue.
  2. The next page (Figure B) permits enabling remote access, including VPN access and dial-up connections (if a dial-up modem is present). Specify the connections you wish to create and click Next.

Figure B

Enable remote and VPN access using the Remote Access Wizard's Remote Access Page.
  1. The Client Addressing page appears next (Figure C). The screen permits specifying the IP address of the DHCP server that should be used by remote systems; alternatively you can specify a range of static IP addresses remote clients can utilize instead, should no DHCP server be available. Once you've configured IP address assignment information, click Next.

Figure C

Specify IP address assignment information using the Client Addressing page.
  1. The VPN Server Name page appears next (Figure D). Enter the domain name for the VPN server. For example, you should specify the full Internet domain name clients will enter to access the VPN server (such as vpn.yourserver.com). Then, click Next.

Figure D

Specify the full Internet domain name for the VPN server using the VPN Server Name page.
  1. The Completing the Remote Access Wizard page appears next (Figure E). The remote access configuration information you specified can be printed, saved or e-mailed using the link on this page. Click Finish to actually configure remote access for the SBS 2003 R2 box.
  2. A status box will appear displaying remote access configuration progress. When the process completes, a confirmation message will appear indicating the remote access configuration completed properly. Click Close to close the dialog box.

Figure E

You can print, save or e-mail the remote access configuration information using the provided link.

The wizard will appear to have finished its work. But right when you believe the task is complete, another dialog box will appear (Figure F). The Remote Access Wizard presents the opportunity to enable password policies, which is highly recommended.

  1. To set password policies, click Yes.

Figure F

Configure password policy requirements at the same time you configure remote access to ensure heightened security.
  1. The Configure Password Policies menu box appears. Set the requirements as you prefer (the three options are password length, complexity and change requirements).
  2. Specify when the password policies should take effect (the default setting is three days).
  3. Click OK.

Remote access, necessitating usernames with the password requirements you specified, are now enabled. Before remote systems can connect, of course, you must ensure your firewall is configured to forward the appropriate port traffic. Most administrators will wish to open several ports with a standard SBS install, including:

  • 25 (for SMTP e-mail)
  • 443 (for HTTP SSL for Remote Web Workplace and OWA)
  • 4125 (required for Remote Web Workplace)
  • 1701 (for LT2P), 1723 (for VPN PPTP)
  • 4125 and 3389 (for Remote Desktop administration and terminal services connections)

Making the Connection

Once remote administration is enabled on the Small Business Server 2003 R2 system, you're ready to remotely connect to the server:

  1. Click Start.
  2. Click All Programs.
  3. Click Accessories.
  4. Click Communications.
  5. Click Remote Desktop Connection. The Remote Desktop Connection box appears (Figure G).

Figure G

Enter the IP address or fully qualified domain name of the server you wish to configure remotely, or click the Options button to specify additional connection credentials.
  1. Specify the IP address or enter the full Internet address (such as server1.yourcompany.com) of the server you wish to create a remote connection to within the Computer field.
  2. Click the Options box to display additional configuration settings (Figure H).

Figure H

Complete the fields found within the General tab to specify required remote access information, including a username with remote access permissions, the password associated with the user account and the domain.
  1. Enter a username and password for an account possessing remote access permissions.
  2. Specify the domain name.
  3. Click the Save My Password box if you wish to log in automatically each time you open the Remote Desktop Connection (recommended only for systems placed in physically secure locations, if even then).
  4. Click Save As to create an icon and shortcut for the Remote Desktop Connection, or click Connect to connect to the remote system.
10 comments
cmbaez43
cmbaez43

I would like to connect from my Android tablet to the SBS server as a remote desktop any suggestions. Thanks,.

salinejy
salinejy

I have 5 client, before antivirus install my accounting software is everything OK. After antivirus install that software is sometime can't connect to that software server. If can connect to that server I can't see anything in my share folder of my server. so I was restart my computer and than i can use it. How can I do for this Err?

syra
syra

When circumstances require a small business needs to close, there are several tasks to be solved before we can finally close the doors. Some of these tasks to be done to comply with local and federal laws, while others are dictated by their business ethics. When closing a business is rarely an event that is hosted by the owners and ensure that all loose ends are tied can take some of the sting of the process. The vote to close the transaction, Dissolve your business with the government of Cancel permits, licenses and fictitious business names. Paying taxes and liabilities. Notify creditors, employees and customers. http://www.guidetoinvest.net/how-to-close-a-small-business.html

christian.ochei
christian.ochei

how do i add client computers to my small business server 2003 and log on to my server from client computer?

jo.vandale
jo.vandale

It helped me out. Things are working now. Thanks !!!!

wildpak_1999
wildpak_1999

Hi I am a newbie to sbs. I followed your steps above but am still unable to vpn into my network. When I am on the local network it is okay, but when I am on my home computer or different network I cant remote desktop or terminal in. Any suggestions?

brothertech
brothertech

It's early in the morning as I read this so I could be missing something. At first glance it looked like you were setting up the server to allow VPN access. You ended the discussion with a RDP session. I will assume using the wizard sets BOTH in the Domain Controller security policy. I will also assume (until I test it) that a clean install configured as described and the appropriate ports opened and directed to the server will allow VPN and RDP with no more configuration necessary. If I have confused this issue please let me know. Thanks.

mallick_b
mallick_b

This is really helpfull. Can i connect the same session of windows 2003 server by Windows XP through RDP? Please help me out. Currently i am using by VNC.

kaytonk
kaytonk

To take over the console (session already running on server) start remote desktop by going start, run, mstsc -console then log in as the same account thats logged in on the server. You can also go into terminal services manager, right click on the console session and click connect.