home Interesting RDP clients for Windows: installation and configuration. Windows RDP client. Making a remote connection to a computer

RDP clients for Windows: installation and configuration. Windows RDP client. Making a remote connection to a computer

We have: Inside a small corporate network there is Windows 2003 Server with 1C: Accounting.
Task: set up a connection to this server from the Internet so that accountants from anywhere in the world where there is Internet can work with it.
Since there is little sensible material on this issue and many nuances had to be “googled” bit by bit, this post was written.

1. Solving the problem of dynamic IP address

Since providers in most cases provide a static IP address for some money, there are several solutions to this problem:

Pay extra to the provider for providing static ip address. This method is the most reliable since we do not depend on any third-party services (see next point).
Dynamic DNS(Dynamic DNS, Static DNS for Your Dynamic IP) - using this service we assign a permanent domain name to our device with a dynamic IP address (in this case, a router).
Learn somehow the currently valid IP address. The problematic nature of this method depends on how difficult it is to recognize it and how often it changes.

For ourselves, we chose the second method - with dynamic DNS. Fortunately, there are still enough services that provide such a service for free:

1. Register on the website no-ip.com and click the “Add a Host” button

2. Come up with a name, select a free domain and click the “Create Host” button

2. Linking to a dynamic DNS router

We're lucky; our D-Link DIR-615 router has built-in support for dynamic DNS. Go to the corresponding page “Tools” - “DYNAMIC DNS”.

Setting up dynamic DNS binding to the D-link DIR-615 router

Enable dynamic DNS- put a tick

Server address— the address of the server that provided dynamic DNS (in our case it is “ dynupdate.no-ip.com»)

Host Name— the domain name we chose for ourselves

Username or Key— the username that we chose for ourselves when registering on the No-IP.com website

Password or Key— the password we chose for ourselves when registering on the No-IP.com website

Verify Password or Key- repeat password

Timeout— leave it as is (576)

15-20 minutes after registration Status will change to Connected, which means that the binding was successful!

We set up a dynamic DNS binding to the TP-LINK router: Select our service provider (No-IP) from the list, enter the username, password and domain name received during its registration

3. Open access to the server from the Internet

Now we need to redirect people connecting to the server from the router to the server itself. To do this, you need to forward port 3389 on the router (it is the one used for RDP connections) to the server. Go to the router “ADVANCED” - “Virtual Server”:

Name- any

Public Port — 3389

Protocol- Both (both)

Schedule- Always (always)

IP Address— 192.168.0.102 (IP address of the terminal server on the network)

Private Port— 3389

Inbound Filter- Allow All (allow everything)

Important! To successfully apply this operation, you must RESTART the router. Simply clicking the “Save Settings” button does not give any result.

The same for TP-LINK routers: Forwarding - Virtual servers - Add new...

Preferably Register your own IP address settings on the server so that the next time you reboot it does not change and port forwarding does not “go to waste”:

Conclusion

If everything is done correctly, then trying to connect to a remote desktop from anywhere in the world:

will complete successfully:

P.S.

Useful link: how to install and configure a combination of Windows 2003 Server + Terminal Server + 1C Enterprise 7.7.
If you have increased requirements to stability and security of operation, round-the-clock support by technical specialists, you can order the placement of servers in a data center. In this case, many of the above questions will disappear by themselves.

This protocol, widely used in modern computer networks, is known to any system administrator. Using it, you can connect to a remote machine running a Microsoft operating system. You will have access to the desktop, file system, etc. Thus, it will be possible to carry out the bulk of settings and preventive measures, without the need for a physical presence behind the screen of a remote PC.

This is why the RDP protocol is one of the main components in the arsenal of technical specialists. Without leaving your workplace, you can manage all available computers on the network and troubleshoot any problems that may arise.

History of appearance

The Remote Desktop Protocol, which is what the abbreviation RDP stands for, appeared back in 1998. This proprietary application-level protocol, at that time part of the Windows NT 4.0 Terminal Server OS, made it possible to implement the idea of remote operation of client-server applications. As you understand, it is not always possible to provide all workplaces with powerful computers, and even in those early years, productivity left much to be desired.

The solution to this problem is the following design: a powerful server (or a cluster of servers) carries out the bulk of computing operations, and low-power client computers/applications connect to it using the RDP protocol and carry out their tasks. Thus, on end user nodes it became possible to work with complex applications and programs, even with limited resources - after all, the main load fell on the server, and the client PC received only the main result of the operation on the monitor.

Description of the RDP protocol

By default, TCP port 3389 is used for connection
As mentioned above, when connecting, you are given the opportunity to work with files on a remote machine
To ensure security, encryption is implemented with 56 and 128 bit keys
Also for security functions, the capabilities of TLS protocols are used
Shared clipboard - you can copy data from a remote machine and paste it to your local PC.
The ability to connect local resources to a remote PC has been implemented.
The RDP protocol provides access to local computer ports (serial and parallel)

Principle of operation

The RDP protocol is based on the functions of the TCP protocol stack. First of all, a connection is established between the client and the server at the transport level. Then the RDP session is initiated - at this stage the main parameters are agreed upon: encryption, connected devices, graphics settings, etc.

Once everything is configured, the RDP session is completely ready to go. The client PC receives from the server a graphic image (the result of operations) that occur as a result of sending commands from the keyboard or mouse.

Authentication

If RDP security is configured, authentication occurs as follows:

When a connection is initialized, a pair of RSA keys is formed
Next, a special public key certificate is created
The operating system carries out the process of signing the certificate with an RSA key
Next, the client connects to the server, receives a certificate from it, and if it passes verification, a remote control session is initialized

How to start

In operating systems such as Windows XP, Vista, Seven, Remote Desktop Connection client software is enabled by default. To launch it you need to press the keyboard shortcut Win+R, dial mstsc and press Enter.

Imagine a situation where you are on a business trip or on vacation and just at this time you need to watch or do something on your home computer. For ordinary users, such a need arises infrequently, which cannot be said about IT industry workers, businessmen and managers. When creating Windows, Microsoft developers foresaw this, so they built into the system such a feature as remote desktop control.

Windows 7/10 Remote Desktop, or RDP, is a feature that allows you to control one computer from another via a local or global network. To be honest, its implementation in Windows is somewhat lame, so special programs like TeamViewer, AeroAdmin or Ammyy Admin are more often used for remote access.

The disadvantage of third-party tools is the requirement to confirm access on the side of the remote host, however, TeamViewer also has the ability to connect without confirmation. Other disadvantages of such software include slower operating speed than when using the standard RDP function, and limitation of simultaneous parallel access to the remote computer. Third-party programs can be very convenient when it comes to remote maintenance and support, while Windows 7/10's built-in remote desktop access is more suitable for everyday work.

Setting up a remote desktop using Windows

For computers to communicate, they must be configured correctly. Technically, the task does not seem too difficult, although there are some nuances here, especially in the case of control via the Internet. So, let's see how to set up a remote desktop using system tools. Firstly, the PC that will be accessed must have at least a Pro version of Windows installed, but you can also manage it from the home version. The second and very important condition is the need to have a static IP address on the remote PC.

Of course, you can try to configure it manually, but there is a problem. The fact is that the internal IP is given to the PC by the DHCP server of the Internet center for a certain period, after which the computer will need to request a new IP. It may be the same, but it may also change, in which case you will not be able to use the RDP protocol. This happens with gray, dynamic addresses, and, I must say, these are the addresses that most providers allocate to their clients. Therefore, the most correct thing would be to contact your provider’s support service with a request to allocate a static address to your computer.

If we don’t want to pay for a white IP (the service is provided for an additional fee), we try to configure the connection manually. Team control /name Microsoft.NetworkAndSharingCenter open the “Network and Sharing Center”, click on your connection and click the “Details” button in the window that opens.

Make a note of the IPv4, subnet mask, default gateway, and DNS server information.

You can get the same data by running the command in the CMD or PowerShell console ipconfig /all. Close the details window and open properties in the status window.

Select IPv4 from the list, go to its properties and enter the received data in the appropriate fields. Save your settings.

You have a static address, now you need to enable connection access permission. Open with command systempropertiesremote"Remote Access" tab in system properties and turn on the "Allow remote connections to this computer" radio button.

If necessary, we add users to whom we want to provide the ability to connect remotely.

In Windows 10 1709, you can access all of these settings from the Remote Desktop subsection of the Settings app.

If you are using a third-party firewall, open TCP port 3389 in it. At this point, the general configuration of the remote desktop is completed.

If the connection is made on a local network, you can start working immediately. Run with command mstsc built-in RDP application, enter the IP address or remote host name in the window that opens, select a user and click “Connect”.

We ignore it, disable connection requests (uncheck the box) and click “Yes”. If the connection is successful, you will see the desktop of the remote host.

Setting up a remote desktop over the Internet is more difficult, since here you will have to forward port 3389 to the IP address of your PC, and then connect to the external IP of the router, which can become a real headache for the user, since you will have to delve into the settings of the router. Finding out your public IP is not difficult, just go to the website 2ip.ua/ru or similar resource.

In case with, you need to go to the section Forwarding – Virtual Servers, click “Add” and enter 3389 in the “Server Port” and “Internal Port” fields, in the “IP Address” field indicate the IP used by the computer, in the “Protocol” and “Status” fields “All” and “Enabled” should be set " respectively. Save your settings.

Now you can try to connect to the remote desktop from the main PC. Run the RDP program with the mstsc command and enter the previously obtained external IP address with the port number separated by a colon in the “Computer” field, for example, 141.105.70.253:3389. Further, everything is exactly the same as in the example with a local network connection.

Ensuring connection security and setting up user access

RDP has fairly good security, however, checking and enabling additional parameters would not hurt. First, make sure encryption is enabled on the remote host. In the Local Group Policy Editor, go to the section Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Security. On the right will be the setting “Require the use of a special security level for remote connections using the RDP method.” Enable this policy and set the security level to Negotiate or High.

In the same section, enable the policies “Require a secure RPC connection” and “Require user authentication for remote connections using network level authentication.”

Paranoid people can enable the maximum level of encryption by going to the section Windows Configuration - Security Settings - Local Policies - Security Settings, finding the “System cryptography: Use FIPS-compliant algorithms...” setting on the right and activating it.

As an additional measure, you can change the default port 3389. To do this, expand the registry branch HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp, on the right find the parameter PortNumber and change its value to yours (your port number), not forgetting to then open it in the firewall.

At the stage of providing remote access, check the list of users who can connect via RDP. By default, all users in the Administrators group can connect to a remote desktop in Windows 7/10. You can change this. Using the command secpol.msc go to local security policies, and then go to the section Local Policies - Assigning User Rights. On the right we find the “Allow logon through Remote Desktop Service” policy, open it and delete the “Administrators” entry.

Here you can allow access to a specific admin. There are other ways to ensure RDP security, such as restricting access by IP address.

Common errors when connecting to a remote desktop

Above, we outlined how to connect to a remote desktop in Windows 7/10 via the Internet and local network. Unfortunately, errors that arise in this case are not uncommon. So, at the moment of connection, the system gives a refusal and asks you to repeat the action. The reasons may vary. If everything was configured correctly, the problem may be the use of a VPN or too high security requirements (see encryption above).

On Windows 8.1 and 10 PCs, you may encounter a session disconnected error where the user receives a message that the Remote Desktop CAL has been changed or is missing. In this case, it is recommended to delete the contents of the subdirectory MSLicensing in the registry branch HKEY_LOCAL_MACHINE/Software/Microsoft, and then run the RDP program with administrator rights.

You can try to deal with other licensing errors in a similar way.

Errors with different codes often appear after installing cumulative updates. The problem is resolved by uninstalling updates, but in general you need to look at the error code and its description. For example, the appearance of error 720 is accompanied by a notification about the possible need to change network settings. There are many problems with RDP and each one must be solved individually.

RDP (Remote Desktop Protocol)- a protocol that allows you to work remotely with the server.

All rented VDS on Windows OS have an RDP connection available.

If you have a VDS with OS Linux, use an SSH connection.

Server access

To connect, you will need to specify the IP address and server administrator access.

The necessary information is saved in your personal account in the “Products” - “Virtual Servers” section - “Instructions” button.

A page with the necessary information will open in a new tab.

If you are connecting to a server using Windows OS

Press the Win+R key combination and in the window that opens, type mstsc.exe and click “OK”.

In the window that opens, specify the VDS IP address and click the “Connect” button.

Then enter the username and password from the instructions and click “OK”.

When connecting to the server, the application will show a notification about an untrusted certificate.

The notification indicates that the server is encrypting the transmitted data with a self-signed SSL certificate.

Check the "Don't prompt me for connections to this computer again" box and click Yes.

The server desktop will open in a new window.

Connecting via RDP from Ubuntu

Microsoft does not release clients for RDP connections on Linux.

If the application is not installed, open the console and enter the commands as root:

Sudo apt-add-repository ppa:remmina-ppa-team/remmina-next sudo apt-get update sudo apt-get install remmina remmina-plugin-rdp libfreerdp-plugins-standard

After rebooting, the application will become available in the Ubuntu application menu.

In the application window, select the RDP connection type and enter the server IP address.

Then click the “Connect” button and specify the username and password from the instructions.

When you connect for the first time, Remmina will check the information about the untrusted security certificate. Click "Accept" and you will see the server desktop.

Android and iOS

You can also connect to the server from mobile devices.

Microsoft has released the official Microsoft Remote Desktop application. The application is available for download on Google Play and AppStore.

To connect from a smartphone, create a new connection in the application.

In the window that opens, enter the IP address. In the “User name” field, select “Add user account”.

Then enter the administrator username and password. To save, click the “Save” button.

The connection will be available in the main menu of the application.

When connecting, the app will also ask you to confirm your security certificate.

After confirming the certificate, you will see the server desktop.

desktopwidth:i
The desktop width selected on the Display tab of the Remote Desktop Connection Options window.

desktopheight:i
The desktop height selected on the Display tab of the Remote Desktop Connection Options window.

session bpp:i
The color depth selected in the Color Palette group on the Display tab of the Remote Desktop Connection Options window.

winpoststr:i
The window position selected on the Display tab of the Remote Desktop Connection Options window.

full address:s
The computer you want to connect to. The value for this setting corresponds to the entry in the Computer field on the General tab of the Remote Desktop Connection Options window.

compression:i
Determines whether data compression is used when transferred to the client computer.
0 Use data compression.
1 Do not use data compression.

keyboardhook:i
Determines where Windows keyboard shortcuts are applied. The value of this setting corresponds to the entry in the Keyboard field on the Local Resources tab of the Remote Desktop Connection Options window.
0 On the local computer.
1 On a remote computer.
2 Only in full screen mode.

audiomode:i
Determines where the sound is played. The value of this setting corresponds to the entry in the Sound on the remote computer field on the Local Resources tab of the Remote Desktop Connection Options window.
0 On the client computer.
1 On the host computer.
2 Mute.

redirectdrives:i
Automatic connection of disks when logging into a remote computer. The value of this setting corresponds to the state of the Disk drives check box on the Local Resources tab of the Remote Desktop Connection Options window.
0 Do not use automatic disk mounting.
1 Use automatic disk mounting.

redirectprinters:i
Automatic connection of printers when logging into a remote computer. The value of this setting corresponds to the state of the Printers check box on the Local Resources tab of the Remote Desktop Connection Options window.
0 Do not use automatic printer connection.
1 Use automatic printer connection.

redirectcomports:i
Automatic connection of COM ports when logging into a remote computer. The value of this setting corresponds to the Serial Ports check box on the Local Resources tab of the Remote Desktop Connection Options window.
0 Do not use automatic connection of COM ports.
1 Use automatic connection of COM ports.

displayconnectionbar:i
Display the connection panel when logging into a remote computer in full screen mode. This setting corresponds to the state of the Show connections panel when running in full screen check box on the Display tab of the Remote Desktop Connection Options window.
0 Do not display the connection panel.
1 Display the connection panel.

username:s
Username displayed in RDP. The value of this setting corresponds to the entry in the Username field on the General tab of the Remote Desktop Connection Options window.

domain:s
The username that appears in the Remote Desktop Connection dialog box. The value for this setting corresponds to the entry in the Domain field on the General tab of the Remote Desktop Connection Options window.

alternate shell:s
Automatic launch of the program when connecting via RDP. The value of this setting corresponds to the entry in the Program Path and File Name field on the Programs tab of the Remote Desktop Connection Options window.

shell working directory:s
The folder location of the application that automatically starts when connecting via RDP. The value of this setting corresponds to the entry in the Program Path and File Name field on the Programs tab of the Remote Desktop Connection Options window.

disable wallpaper:i
Display the wallpaper when you log on to a remote computer. The value of this setting corresponds to the state of the Desktop Wallpaper check box on the Advanced tab of the Remote Desktop Connection Options window.
0 Display background image.
1 Do not display wallpaper.

disable full window drag:i
Displays the contents of a folder when you drag a folder to a new location. The value of this setting corresponds to the state of the Show window contents when dragging check box on the Advanced tab of the Remote Desktop Connection Options window.
0 Show folder contents when dragging.
1 Do not display folder contents when dragging.

disable menu animations:i
Animation of menus and windows when logging into a remote computer. The value of this setting corresponds to the state of the Visual effects when displaying menus and windows check box on the Advanced tab of the Remote Desktop Connection Options window.
0 Use animation when displaying menus and windows.
1 Do not use animation when displaying menus and windows.

disable themes:i
Use themes when logging into a remote computer. The value of this setting corresponds to the Themes check box on the Advanced tab of the Remote Desktop Connection Options window.
0 Use themes.
1 Don't use themes.

bitmapcachepersistentable:i
Caching graphics on the local computer. This setting corresponds to the setting of the Graphics Caching check box on the Advanced tab of the Remote Desktop Connection Options window.
0 Do not use caching.
1 Use caching.

autoreconnection enabled:i
Determines whether the client computer should automatically try to re-establish a connection after the connection has been interrupted.
0 The client computer does not attempt to reestablish the connection.
1 The client computer is trying to reestablish the connection.

connect to console:i:1
Adding this line will result in a connection to the remote computer's console.

Just something complicated. Programs. Iron. Internet. Windows