• Patch Lady – remoting into a desktop without VPN

    If you are a small or medium business – or an IT consultant who helps small or medium businesses here’s a thought of a way to temporarily allow folks to remote into their desktops at the office without introducing more risk.  Many IT consultants are setting up Virtual Private Network connections from potentially insecure home pcs that are not secure to the firm network and may introduce more risk.  Especially if you have an unpatched Windows 7, this could introduce MORE risk to the network.

    Here’s an alternative:

    First off you’ll need either a spare server or spare room in a HyperV server.  You’ll need a domain with workstations joined to that domain.   Next download a trial version of either Windows Server 2016 or 2019.  Download an ISO to that hyperV Server.  Then follow these instructions (*)to set up a RDServer on that trial version.  That trial version – and the Remote desktop cals – will work for 180 days.

    Now from a home pc – even a Mac computer – launch the remote desktop connection program.  In the computer name section put in the name of the computer you want to remote into.  Click on show options.  Click on the advanced tab.  Click on the connect from anywhere settings box.  Click on use these RDgateway settings and put in the url of the server name you’ve created from the instructions above.

    Now click on “Use my RDGateway credentials for the remote computer.  Click on the experience tab and change the performance setting to modem (this will thin down the remote connection so that you get the best experience).

    Back on the first tab

    Back on the first tab you put in the actual workstation/computer name you want to get to and for the user name you put in DOMAINNAME\user name.  The remote user can now get to his or her exact workstation and remotely print.

    Note to anyone using SBS 2011, SBS 2008, Essentials Server 2012, Essential Server 2016 those servers all have RDgateway set up by default and you can use the same process above to bypass the RWA portal and go directly to the workstations.  Note this also works for Mac workstations as long as you download the new RDP client

    PC name would be the PC you’ll want to remote into.  In the Gateway setting, you’ll click on that blue icon on the right and put in the rdgateway url just like you do for the Windows machines.

    Again, this will work to let workers remote straight into the exact desktop they use, so it’s best for office workers and those have have a single computer assigned to them.

    Note if you have excess server computing power on that HyperV you can also use this to set up RDweb apps.  Put the date on your calendar as this will only work for 180 days or be prepared to license it before then.  But bottom line – this temporary solution can give your smaller clients a secure way to remote back into their offices with the Work from Home orders.

    Also remember if you are like me where you are suddenly putting an ancient Windows 7 back into remote service, you can still buy ESUs from Amy.

    (*) Huge thanks to Richard Kokoski for allowing me to post his step by step instructions.

    Note that this only works with “normal” GUI server 2019 not Essentials 2019.  Microsoft removed the RDgateway bits from Essentials 2019 so do not attempt to do this with that version.

    If you need a good VPN solution check out using OPENVPN.