Networking

Configure Windows Small Business Server 2003 R2 Remote Access

Windows Small Business Server possesses powerful remote administration features. Follow these step-by-step procedures to get remote administration installed and configured in your enterprise.

Windows Small Business Server possesses powerful remote administration features. Follow these step-by-step procedures to get remote administration installed and configured in your enterprise.

-------------------------------------------------------------------------------------------------------------------

The ability to remotely administer Windows Small Business Server can prove priceless. Adding new users, resetting account lockouts and passwords, reviewing event logs and troubleshooting numerous other common issues needn't require an in-person visit to the office on weekends or remote facilities, even, on weekdays.

Windows Small Business Server possesses powerful remote administration features. They're so important to productivity and the OS' maintenance, in fact, that the SBS To Do List (activated at installation) dedicates its third configuration step specifically to configuring remote access and VPN connections. (Figure A)

Figure A

Figure A

Running the Remote Access Wizard

Real world experience quickly teaches administrators to leverage the numerous Windows Small Business Server 2003 R2 wizards; trying shortcuts or manually configuring SBS 2003 R2 settings is a recipe for disaster. Don't do it. Use the wizards.

SBS 2003 R2 (like SBS 2003) includes a wizard dedicating to configuring remote connections. To access the Remote Access Wizard:

1. Click Start.

2. Open the Server Management console.

3. Highlight the To Do List.

4. Click the Start link for Configure Remote Access (the third step) within Network Tasks.

The Remote Access Wizard, in addition to configuring remote connections for the SBS box, also provides an opportunity to set secure password policies. Here's how it works:

1. Upon executing the Remote Access Wizard, the first page administrators see is the Welcome To The Remote Access Wizard screen. Click Next to continue.
2. The next page (Figure B) permits enabling remote access, including VPN access and dial-up connections (if a dial-up modem is present). Specify the connections you wish to create and click Next.

Figure B

Figure A

3. The Client Addressing page appears next (Figure C). The screen permits specifying the IP address of the DHCP server that should be used by remote systems; alternatively you can specify a range of static IP addresses remote clients can utilize instead, should no DHCP server be available. Once you've configured IP address assignment information, click Next.

Figure C

Figure A

4. The VPN Server Name page appears next (Figure D). Enter the domain name for the VPN server. For example, you should specify the full Internet domain name clients will enter to access the VPN server (such as vpn.yourserver.com). Then, click Next.

Figure D

Figure A

5. The Completing the Remote Access Wizard page appears next (Figure E). The remote access configuration information you specified can be printed, saved or e-mailed using the link on this page. Click Finish to actually configure remote access for the SBS 2003 R2 box.

6. A status box will appear displaying remote access configuration progress. When the process completes, a confirmation message will appear indicating the remote access configuration completed properly. Click Close to close the dialog box.

Figure E

Figure A

The wizard will appear to have finished its work. But right when you believe the task is complete, another dialog box will appear (Figure F). The Remote Access Wizard presents the opportunity to enable password policies, which is highly recommended.

1. To set password policies, click Yes.

Figure F

Figure A

2. The Configure Password Policies menu box appears. Set the requirements as you prefer (the three options are password length, complexity and change requirements).

3. Specify when the password policies should take effect (the default setting is three days).

4. Click OK.

Remote access, necessitating usernames with the password requirements you specified, are now enabled. Before remote systems can connect, of course, you must ensure your firewall is configured to forward the appropriate port traffic. Most administrators will wish to open several ports with a standard SBS install, including:

* 25 (for SMTP e-mail)

* 443 (for HTTP SSL for Remote Web Workplace and OWA)

* 4125 (required for Remote Web Workplace)

* 1701 (for LT2P), 1723 (for VPN PPTP)

* 4125 and 3389 (for Remote Desktop administration and terminal services connections)

Making the Connection

Once remote administration is enabled on the Small Business Server 2003 R2 system, you're ready to remotely connect to the server:

1. Click Start.

2. Click All Programs.

3. Click Accessories.

4. Click Communications.

5. Click Remote Desktop Connection. The Remote Desktop Connection box appears (Figure G).

Figure G

Figure A

6. Specify the IP address or enter the full Internet address (such as server1.yourcompany.com) of the server you wish to create a remote connection to within the Computer field.
7. Click the Options box to display additional configuration settings (Figure H).

Figure H

Figure A

8. Enter a username and password for an account possessing remote access permissions.

9. Specify the domain name.

10. Click the Save My Password box if you wish to log in automatically each time you open the Remote Desktop Connection (recommended only for systems placed in physically secure locations, if even then).

11. Click Save As to create an icon and shortcut for the Remote Desktop Connection, or click Connect to connect to the remote system.

About

Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.

2 comments
daffoml
daffoml

Um, this is a very bad security policy. You setup the VPN for a reason, don't forward RDP through the firewall. You're giving every single person on the internet nearly physical access to your server. All they have to do is keep hacking on it 24/7.

shackdaddy
shackdaddy

Wow, what a magic show. Show someone how to configure a server to accept VPN connections and then yank open the velvet curtain and send them in on a Remote Desktop Connection! How did you do that? Awesome! Dave Shackelford