Saturday, June 7, 2008

Windows Vista Administer via Remote

Remote Desktop, which was introduced in Windows XP, is a powerful administration tool. It allows administrators to perform everyday admin jobs while sitting at their desks. In Windows Vista, Remote Desktop is available only in the Business, Ultimate, and Enterprise editions. You can configure Vista Home Basic and Home Premium computers for outgoing Remote Desktop connections only. In this section, we will explain how to set up Windows Vista computers for incoming and outgoing Remote Desktop connections.

Configuring the Remote Desktop Host

The host computer is the one which will allow remote computers to connect to it using the Remote Desktop connection. You must configure this computer appropriately in order to accept incoming connections. The procedure is as follows:

1. Open the Control Panel utility and click the System and Maintenance link.

2. Under the System group, click the Allow Remote Desktop link. UAC will prompt you to confirm your action. Click Continue.

3. The Remote tab of the System Properties window appears.

4. Click one of the options from the Remote Desktop portion of the window, as explained shortly.

The three settings in the Remote Desktop portion of this window are as follows:

Don’t allow connections to this computer This option will block all incoming connection attempts.

Allow connections from computers running any version of Remote Desktop (less secure) If you are working in a mixed Windows Vista and Windows XP environment, this is the option to select.

Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) select this option if the computer trying to connect supports Network Level Authentication.

By default, a Windows Vista computer is configured not to allow any Remote Desktop connections. Once you make a selection, click the Select Users button to specify the users who will be allowed to connect to this computer using Remote Desktop.

To add users, click the Select Users button. The Remote Desktop Users dialog box appears. Click the Add button to add users or the Remove button to remove any user who has been previously granted Remote Desktop access. You use the User Accounts link to add any users who do not already exist on the computer.

Configuring the Remote Desktop Client

Once you have configured the Remote Desktop host to accept incoming connections, the client computer must connect to the host using the Remote Desktop Connection dialog box.You can open this dialog box using the following methods:

■ Click Start | All Programs | Accessories | Remote Desktop Connection.

■ Click Start and type Remote in the search box. Click the Remote Desktop connection from the list that appears. The Remote Desktop Connection window appears.

Type the name of the remote computer and click Connect. You can click the little down arrow at the end of the name box and click Browse for More to determine which one is the remote computer. The computer name is either the Fully Qualified Domain Name (FQDN) or the IP address of the remote host.

To view other options available for configuring the Remote Desktop connection, click the

Options button. Various tabs in this window allow you to completely configure the connection settings, as summarized in the following list:

General You can configure the outgoing connection and save your settings by using the Save or Save As button. Click the Open button to open a previously saved connection setting’s RDP file.

Display The Display tab contains options for setting the size for the remote desktop and setting the number of colors to display. By default, the Display the Connection Bar When in Full Screen Mode option is checked.

Local Resources Settings in this tab allow you to configure sound from the remote computer and whether special keyboard commands (such as Alt + Tab and Ctrl + Alt +

Del) will be executed on the local computer or the remote computer. The Local Devices and Resources section allows you to configure which devices on the remote computer can be used.

Programs You can specify a particular application to execute when the connection is established.

Experience This tab contains settings that you can configure for the entire Remote

Desktop session. These depend on the connection speed, and they include desktop background, font smoothing, desktop composition, menus and window animation, and themes, among others.

Advanced You can use the settings in this tab to configure how the computer behaves if the authentication fails. You can also configure settings for a Terminal Services Gateway server. By default, the Remote Desktop connection is configured to Warn Me If

Authentication Fails. You can set it to Always Connect Even If Authentication Fails or Do Not Connect If Authentication Fails. The Settings button in the Connect From Anywhere section opens the Terminal Services Gateway Settings window.

Firewall Settings for Remote Desktop Connection

Remote Desktop uses TCP port number 3389 by default. Because Windows Firewall in Windows XP and Windows Vista blocks this port, you will need to configure Windows Firewall in order to allow Remote Desktop connections. Here is the procedure to configure Firewall settings:

1. Click Start | Control Panel.

2. Click the Allow a Program Through Windows Firewall link under the Security group.

3. Click Continue in the User Account Control dialog box to confirm your action.

4. The Windows Firewall Settings page appears.

5. Click the Remote Desktop checkbox and click OK.

6. Close the Control Panel.

Another way to access the Windows Firewall Settings page is to right-click the Security Center icon on the taskbar and select Open Security Center. Click Windows Firewall in the left-hand panel to open the Windows Firewall page. Click Allow a Program Through Windows Firewall.

Because Remote Desktop and Remote Assistance both rely on Terminal Services, it is necessary to open port 3389 on Windows Firewall on both the Remote Desktop host and client to allow incoming and outgoing connections. If the computers are located behind routers, you will need to configure the routers at both ends to open this port. Refer to the documentation of the router for changing these settings.

*.* Source of Information : Syngress How to Cheat at Microsoft Vista Administration

No comments: