Subscribe to Our Newsletter

On the Web:

  • FaceBook
  • Google Plus
  • Twitter
  • YouTube
  • RSS
  • Pinterest
Select your country
Country: United States

Join TechSoup

TechSoup.org The place for nonprofits, charities, and libraries

Search section

Search
Search
Home » Community » Hardware, Networks, and Telecommunications » Discuss remote administration for Windows Server

Discuss remote administration for Windows Server

New here?

  • If you'd like to participate, join us.
  • If you're already a member, log in.
  • Subscribe to RSS
  • New Post
Details
Rate This
  • 33 Replies
  • 0 Subscribers
  • Postedover 9 years ago

Discuss remote administration for Windows Server

  • Tamaralka
    Posted by
    on 2 Nov 2006 8:54 PM
    My experience is that putting a Windows 2000 or 2003 terminal server on the Internet without a firewall is an invitation for disaster. One tool that was not mentioned is a VPN (Virtual Private network). Smoothwall http://sourceforge.net/projects/smoothwall is a very easy to configure open source (free) program that will run on an old, inexpensive computer. It may require some technical expertise to set up, but the extra security is well worth the effort. Otherwise your data could be my data whenever I want it.

    Rick Aldred, MCSE+Security
  • shipley.c
    Posted by
    on 3 Nov 2006 6:44 AM
    If you implement SSH, you can easily manage more than 1 box without having to fudge around with the ports that Remote Desktop is running on. For example:

    Client 2 Server Port Forwards:
    127.0.0.1:9051 --> 10.9.0.51:3389
    127.0.0.1:9050 --> 10.9.0.50:3389
    127.0.0.1:9011 --> 10.9.0.11:3389

    Granted, you can just Remote Desktop into one box, then Remote Desktop to another once you're inside the network, but have you ever used double/tripe remote desktop in full screen mode? I find it confusing.

    So you only open 1 port on your firewall to get access to virtually unlimited IPs and ports on your private IP subnet. And SSH is little overhead compared to PPTP and LPTP traffic.

    Not to mention, most SSH servers come with SFTP - so now you can upload/download files securely without exposing a typical, unsecured FTP server.

    For my home systems, I use OpenSSH (a bit of a bear to install and configure if you aren't techy - and its open source) and for professional installations I use BitVise WinSSHD.

    The real gems for remote (and local) administration of a Windows Server / Network, however, are in my mind are LogMeIn and Dameware Utilities. At a typical client's, I'll install my own small workstation with LogMeIn Free. On that box will be Dameware Utilities. I love the pricing structure for Dameware, you only pay per administrator, not per computer/server you are administering.

    Chris Shipley
    Nutmeg Consulting
  • ZacMutrux
    Posted by
    on 5 Nov 2006 11:52 AM
    Ah, yes, that makes sense. Most of my clients only have one server, so I rarely have the need to remotely control more than one box per site.

    As for exposing RDP to the public Internet, I have over a dozen organizations that are set up this way and I've never had any trouble with intrusions. My impression is that the biggest risk is from brute force attacks on the password. So as long as you have a nice strong password on the administrator account, you haven't much to fear from the bad guys.

     

    Zac Mutrux
    President, Sarai LLC
    http://www.sarai.org/
    zac@sarai.org
    415-359-3791
  • shipley.c
    Posted by
    on 6 Nov 2006 6:53 AM
    I agree with that. Its better, in my opinion, than exposing something like VNC. You should really SSH port forward or VPN tunnel for VNC connections.

    Chris Shipley
    Nutmeg Consulting