A while back I did a video that’s gotten a lot of attention. It’s been pretty popular with over 200,000 views as of this writing. Many of you might have seen it. It’s about setting up your router to allow you to access your computer at home through the firewall, through the router, using remote desktop. One of the problems with that particular video is that it doesn’t really address the issue of security. And so in this video I’m going to show you how to set it up so that you are actually using encrypted communications. So this is really about how to enable and secure remote desktop in Windows.

The steps that you need to perform to accomplish this are:

  • Obtain the external IP Address (public facing) of your broadband router
  • Obtain the internal IP address (inside your network) of the PC you are going to set up to connect to from outside your network
  • Set up your PC or Router so that you have a fixed IP address on the PC you will be accessing from outside your network
  • Set up the PC that you want to connect to to allow Remote Desktop connections only with Network Level Authentication (NLA)
  • Specify the User or Group accounts that should have Remote Access to the PC you will be connecting to
  • Remove the default Administrator accounts from Remote Desktop Users
  • Ensure that the User account you will use to sign on to the PC you want to connect to with Remote Desktop has a STRONG password (8 or more characters with Uppercase, lowercase, numbers, and optionally one or more special characters
  • Open Local Security Policy and:
    • Edit Local Policies -> User Rights Assignments -> Allow log on through Remote Desktop Services
    • Remove built-in groups Administrators and Remote Desktop Users
    • Add the user that you want to be able to log in with from outside your network
  • Open Group Policy Editor
    • In the LEFT pane expand:
      Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
    • Open Set client connection encryption level and set it to Enabled with Encryption Level set to High Level
    • Open  Require secure RPC communication and set it to Enabled
    • Open Require use of specific security layer for remote (RDP) connections and set it to Enabled; set Security Layer to SSL
    • Open Require user authentication for remote connections by using Network Level Authentication and set it to Enabled
  • Open regedit
    • Browse to:
      Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    • Open the Port Number setting, change the Base to Decimal
      • If you are using default port 3389 to connect, verify that the value 3389 is set here
      • If you are using an obscure port instead of 3389, enter it here and write it down for later use.
  • Open Windows Firewall Advanced Settings
    • Create a new rule for Port
    • Set the protocol to TCP and the local port to 3389 (or the obscure number you previously set in the registry)
    • Accept the default values on the Action tab and Profile tab
    • Give the rule a name like “Custom RDP Port” or whatever you want to use
  • Verify that you can connect to this computer from another computer on your network by using Remote Desktop and the computer-name:port or computer-IP-address:port
  • Set up your Router forward the remote desktop port to the IP address of the PC you configured to allow secure remote desktop connections
  • Verify that you can connect to the computer from another computer OUTSIDE your network by using Remote Desktop and router-public-ip-address:port
    • For example, if you configured your home PC to allow remote connections, then try and connect from work or school or a friend’s house

 

That’s it! I hope you enjoy my video and it is helpful to you. Have a Totally Awesome Day 🙂

 

The following two tabs change content below.
Jerry Boutot is a Microsoft Certified Application Developer (MCAD) and Microsoft Certified Professional (MCP). He owns AppDataWorks, LLC, which develops custom solutions for Desktop Software, Web Applications, Database Systems, and Online Marketing Solutions.

Pin It on Pinterest

Share This

Share This

Share this post with your friends!