Microsoft

Windows XP Professional Remote Desktop lets you connect to your computer from any Windows computer

The Windows Remote Desktop allows for system administrators to connect from anywhere within the LAN. But why limit yourself? Thomas Shinder shows you how to use that same tool from anywhere with a network connection.


Windows XP's Remote Desktop feature is great for SOHOs and small businesses. It acts as a mini Terminal Server, allowing a single terminal services connection to a Windows XP computer. Through Remote Desktop, you can connect to your computer from another computer on the same LAN or from any computer in the world, as long as that computer is running Windows. You need only install the Web Access Remote Connection, publish the Web Access Remote Connection to the Internet, and then publish the Remote Desktop connection to the Internet.

The beauty of this solution is that you don't need to install a Terminal Services client on the computer you use to connect to remotely connect to your desktop. The Web Access Remote connection will automatically install the required software for you.

In this article I’ll explain how to do the following:
  • Configure the Windows XP Remote Desktop
  • Install and configure the Windows XP Remote Desktop Web Connection
  • Configure ISA Server publishing rules to publish the Remote Desktop connections to the Internet

Configuring the Windows XP Remote Desktop
When you install Windows XP, the Remote Desktop feature is installed by default, so you don't need to install anything further. However, you will need to enable it and assign user accounts for anyone who will need to remotely access the computer. You must be a member of the local machine’s Administrator’s group to configure your computer’s Remote Desktop features.

Need that CD
Before you begin, make sure you have your Windows XP CD handy.

To enable and configure the Windows XP Remote Desktop, follow these steps:
  1. Click Start | Control Panel.
  2. In Control Panel, click System.
  3. Open the System Properties dialog box and then click on the Remote tab.
  4. In the Remote Desktop frame (Figure A), place a checkmark in the Allow Users To Connect Remotely To This Computer checkbox to enable Remote Desktop Connections.

Figure A

  1. Click the Select Remote Users button.

Figure B

  1. The Remote Desktop Users dialog box (Figure B) will open, and in it, you will see a list of users who are allowed to access the computer through a Remote Desktop connection. If you need to add more users to the list, just click Add. If the computer is a member of a workgroup, you will only be able to add users who are contained in the local computer accounts database. However, if the machine is a member of a domain, you can add accounts from the domain’s user accounts database. After adding users, click OK to close the dialog box.
  2. Click Apply and then click OK in the System Properties dialog box.

At this point, the computer is ready to accept remote desktop connections from other computers. But the client computer must be running the Remote Desktop Connections. Also, because Terminal Services and the Remote Desktop Connection software are interchangeable, you can access the Remote Desktop with the Terminal Services client software. Next, you'll need to install and configure the Remote Desktop Web Connection.

Installing and configuring the Remote Desktop Web Connection
The client software to connect to the Remote Desktop is called Remote Desktop Connection. It's generally a revved-up version of the Terminal Services client software; however, the Remote Desktop Connection gives you more options.

It allows you to connect to your desktop with an Internet Explorer 4.0 or above Web browser. When you use the browser to connect to a Remote Desktop, a small ActiveX control is installed on the client machine. Then, the Remote Desktop Connection will appear within the Web browser.

The Remote Desktop Web Connection is actually a Web application that runs on Internet Information Server (IIS). The Web application installs the client ActiveX control and some .asp files used to log on to the Remote Desktop.

To install and configure the Remote Desktop Web Connection, follow these steps:
  1. Click Start | Control Panel.
  2. In Control Panel, click Add/Remove Programs.
  3. In the Add/Remove Programs window, click the Add/Remove Windows Components button.
  4. In the Windows Components Wizard dialog box, scroll through the list and click on Internet Information Services. Then, click the Details button.
  5. In the resulting Internet Information Services (IIS) dialog box, click on the World Wide Web Service entry and then click the Details button.
  6. In the resulting World Wide Web Service dialog box (Figure C), select the check boxes for Remote Desktop Web Connection and World Wide Web Service. Note that if you select the Remote Desktop Web Connection first, the World Wide Web Service will be automatically selected. Click OK.

Figure C

  1. Click OK in the Internet Information Services (IIS) dialog box.
  2. Click Next in the Windows Components Wizard dialog box. You may be asked for the Windows XP Professional CD so be sure to have it ready. When the Completing The Windows Components Wizard page appears, click the Finish button.

After IIS is installed, you need to confirm that the virtual directory containing the Remote Desktop Web Connection software allows Anonymous authentication. To check on the security configuration for the Remote Desktop Web Connection virtual folder, follow these steps:
  1. Click Start | Control Panel.
  2. In Control Panel, click Administrative Tools.
  3. Double-click on Internet Information Services.
  4. In the left pane of the Internet Information Services console, expand your server name. Expand the Web Sites node and then expand the Default Web Site node. Right-click the Tsweb node and click Properties.
  5. In the Tsweb Properties dialog box, click on the Directory Security tab. Click on the Edit button in the Anonymous Access And Authentication Control frame.
  6. In the Authentication Methods dialog box (Figure D), confirm that the Anonymous Access check box is selected. The default user name is IUSR_<server_name> (where server_name is the actual URL or IP address of your server), and the Allow IIS To Control Password option is selected by default. Accept these settings and click OK.

Figure D

  1. Click OK in the Tsweb Properties dialog box. Close the IIS console.

At this point, the Remote Desktop Web Connection is fully functional for clients located on the same LAN. All you need to do is open a Web browser and type http://computer_name/tsweb. This will bring up the Remote Desktop Web Connection page (Figure E).

Figure E


From this page, enter the name of your computer and select the screen resolution. You'll also have the option to enter your logon credentials on this page. After doing so, click Connect.

However, before you can access your Remote Desktop from the Internet, you will need to publish the Remote Desktop and the Remote Desktop Web Connection to the Internet.

Publishing the Remote Desktop and Remote Desktop Connection to the Internet
When you use the Remote Desktop Web Connection to connect to a computer’s Remote Desktop, you actually establish two connections. The first link is an HTTP connection made to TCP port 80, and the second link is an RDP connection made to TCP 3389. Only after the RDP connection is established do you actually have access to the Remote Desktop. Keep this in mind when you decide to publish the Remote Desktop Web Connection to the Internet.

There are several ways you can publish the Remote Desktop Web Connection to the Internet:
  • Windows 2000 or Windows XP Internet Connection Services (ICS)
  • Windows 2000 Routing and Remote Access (RRAS)
  • ISA Server 2000

Because ISA Server provides the most secure method for publishing internal network services to the Internet, I'll explain how to publish the Remote Desktop Web Connection to the Internet using ISA Server.

DNS requirements
When you establish a connection to the external interface of the ISA Server, you want to be able to connect using fully qualified domain names (FQDN). If you manage your own DNS server, make sure you have two Host (A) records: one to support the HTTP connection and the other to support the RDP connection.

For example, if your domain name is Domain.com, you can create a Host (A) record for WWW for the HTTP connection and a Host (A) record for RDP for the Terminal Services connection. These records should resolve to the external IP addresses on the ISA Server that will be used for the Web Publishing Rule (used for the HTTP connection) and the Server Publishing Rule (used for the RDP connection). You then type http://www.domain.com in a Web browser to connect to the Remote Desktop Web Connection Web page. In the Server text box on the Web page, type rdp.domain.com to create the RDP connection to your Remote Desktop on the internal network.

Creating the Web Publishing Rule
You need to create a Destination Set to support your Web Publishing Rule. To create the Destination Set, follow these steps:
  1. Open the ISA Management console, expand you server name, and then expand the Policy Elements node.
  2. Right-click the Destination Sets node, point to New, and click Set.
  3. Type in the name of the destination set. You might want to name it Remote Desktop Web Connection. In the Description text box, enter the FQDN that will resolve to the external IP address used by the Incoming Web Requests listener, and then click Add.
  4. Click the Destination option button, and the resulting window will look like Figure F. Enter the FQDN that resolves to the external IP address used by the Incoming Web Requests listener. Click OK and then click OK again.

Figure F


Next, you need to create the Web Publishing Rule.
  1. Expand the Publishing node in the left pane of the ISA Management console.
  2. Right-click the Web Publishing Rules node, point to New, and click Rule.
  3. On the Welcome page, type Remote Desktop Web Connection in the Web publishing rule name text box and click Next.
  4. On the Destination Sets page, select the Destination Set you created to support the rule. Click Next.
  5. On the Client Type page, select the Any Request option and click Next.
  6. On the Rule Action page (Figure G), select the Redirect The Request To This Internal Web Server (Name Or IP Address) option. Enter the IP address of the computer configured to accept Remote Desktop Web Connections. Click Next.

Figure G

  1. On the Completing the New Web Publishing Rule Wizard page, review your settings and click Finish.

At this point the ISA Server will forward the HTTP requests to your Remote Desktop Web Connection computer. However, it won’t be ready to actually connect to the Remote Desktop until you create the RDP Server Publishing Rule.

Creating the RDP Server Publishing Rule
You will need to first create a RDP Server Protocol Definition to support the Server Publishing Rule. Perform the following steps to create the RDP Server Protocol Definition:
  1. Expand the Policy Elements node and right-click Protocol Definitions. Select New and then Definition.
  2. On the Welcome page, type RDP Server in the Protocol Definition Name text box. Click Next.
  3. On the Primary Connection Information page (Figure H), type 3389 in the Port Number text box. Leave the Protocol type set to TCP. Change the Direction to Inbound. Click Next.
  4. On the Secondary Connections page, accept the default selection, which is No, and click Next.

Figure H

  1. On the New Protocol Definition Wizard page, review your selections and click Finish.

After the Protocol Definition is created, you are ready to create the RDP Server Publishing Rule. To do so:
  1. Right-click the Server Publishing Rules node in the left pane of the ISA Management console. Select New and then select Rule.
  2. On the Welcome page, click RDP Remote Desktop in the Server Publishing Rule Name text box. Click Next.
  3. On the Address Mapping page, enter the internal IP address of the server in the text box. Then, enter the external IP address on ISA Server and click Next.
  4. On the Protocol Settings page, select the RDP Server protocol (Figure I) and click Next.

Figure I

  1. On the Client Type page, select the Any Request option and click Next.
  2. On the Complete The New Server Publishing Rule Wizard page, review your settings and click Finish.

Conclusion
The Windows XP Remote Desktop expands your SOHO network flexibility to reach to the world outside, giving you the ability to more easily work on the go. So if you need to connect to your desktop both from within your LAN and remotely when you're on the road, the Windows XP Remote Desktop is what you need.

Editor's Picks

Free Newsletters, In your Inbox