Microsoft Remote Desktop access from another network...advice?

my bad, thought i was on tech board. move please.

You have to open up the 3389 port for that machine in your router. Then you target your WAN IP address and port number. Depending on your router you can setup a ddns that your router automatically updates or you can use the windows app for the ddns service you use to update the IP.

DDNS is really convenient because you won't lose access when your ISP changes your IP.

I use no-ip.com

You may consider changing the rdp port. People are going to relentlessly try to hack your shite if you leave it on 3389 on a public ip.

TeamViewer ftw

quote:

---

PhilipMarlowe

---

1. set up your home computer with a static IP address in your router. trust me, you will want to do this to avoid problems in the future if your router reshuffles IP addresses.

2. open the port as directed above.

3. go to freedns.afraid.org and set up a free domain to map to your local IP

4. go home and type whatsmyipaddress into google and copy that address

5. open up router software, map that IP to the domain you set up in #3 and you're done.

this is good advice whether you're running a webcam or need RDS or anything else. you set this up one time (AND ITS ALL FREE) and you're set for life.


eta if you tell me what router you're using i can probably help with how to set up the domain stuff but its usually pretty self-explanatory.

quote:

---

Look into google chrome remote desktop. Put out by google and completely free. Very easy.

---

I second this. I've used the Remote Desktop option before with an IP address and opening ports, but the Chrome option is so much simpler, especially if you just need to pop in and do minor tasks.

Remote Desktop is probably a better option of longer uses cases.

true story: set up my parents PC when visiting one time with VNC and 123456 as the password and drove 8 hours home and was planning to change the password to something more secure (i was lazy and didn't want to forget the password).

when i got home and logged in, their PC was already COMPLETELY compromised; it was actually running a PORN SERVER complete with 100s of images and all kinds of crazy shite.

EIGHT.
HOURS.

I told them to pull it out of the wall and remove every cord from the back.

Next time I visited I nuked the computer and even flashed the bios. I'm still a little leery of that PC even today.

Moral to the story: VNC is shite and never take a chance with a weak password ever.

Just to reiterate, and this is for others who may read this thread, do not open 3389 and forward to your internal network unless you get your works public IP and in the firewall rule specify a single static as a source address. You will eventually get hacked.

So if you use a single public IP as source it only opens it up to that IP. Any other subnet will not see 3389 open.

Other stuff like Teamviewer is great but also as vulnerabilities and had been hacked.

The absolutely cleanest way is to buy a router that has VPN and use their vpn client.

quote:

---

Just to reiterate, and this is for others who may read this thread, do not open 3389 and forward to your internal network unless you get your works public IP and in the firewall rule specify a single static as a source address. You will eventually get hacked.

---

great advice!

yes you will need your work IP address and possibly your mobile device as well.

i use microsoft remote desktop on my android phone all the time and you'd actually be REALLY surprised how well it works.

quote:

---

look for the DDNS interface (not sure what software you are running) and hopefully it supports afraid.org

---

If it doesn't support afraid.org, I recommend dnsomatic. It will update multiple DDNS services for you, including afraid.org. I use it to update a custom domain name and also my opendns account.