Hello I need some advice from the expert:

This is my LAN configuration is as follow:

1) Windows Server 2003 (SBS) configured as Domain controller with static IP
address.
2) The client machines all have installed Windows XP Professional and are
part of the domain. The entire network has static IP addresses.
3) All the computers have access to the internet directly trough a SonicWall
firewall. The firewall had port 3386 enabled pointing to the server’s IP
address.

I access the server via Remote Desktop.
My boss also access his office computer from a remote location by login in
the server using Remote Desktop and then using a second Remote Desktop
connection initiated from the server to log on to his office PC using the
computer name.

My question is: Is there a way for him to long in directly into his office
computer avoiding the log in to the server? Remember that I need to access to
server. If so what steps do I need to take. I really don’t like the idea of
him messing up with the server at all.

See this page for help opening additional ports on whatever firewall you
might be using.

http://theillustratednetwork.mvps.or...ple_PC_RD.html

IMO a better choice would be if you could connect to the office LAN via a
VPN tunnel of some sort you could then access any XP Pro PC via RDP. I do
that using SSH to access my home LAN and its two XP Pro desktops...

You might check the microsoft.public.windows.server.sbs news group for help
with a VPN and SBS.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Silvio" <Silvio@discussions.microsoft.com> wrote in message
news:C9D24300-8863-4518-9987-6FF1E894337C@microsoft.com...
> Hello I need some advice from the expert:
>
> This is my LAN configuration is as follow:
>
> 1) Windows Server 2003 (SBS) configured as Domain controller with static
> IP
> address.
> 2) The client machines all have installed Windows XP Professional and are
> part of the domain. The entire network has static IP addresses.
> 3) All the computers have access to the internet directly trough a
> SonicWall
> firewall. The firewall had port 3386 enabled pointing to the server's IP
> address.
>
> I access the server via Remote Desktop.
> My boss also access his office computer from a remote location by login in
> the server using Remote Desktop and then using a second Remote Desktop
> connection initiated from the server to log on to his office PC using the
> computer name.
>
> My question is: Is there a way for him to long in directly into his office
> computer avoiding the log in to the server? Remember that I need to access
> to
> server. If so what steps do I need to take. I really don't like the idea
> of
> him messing up with the server at all.
>

Thanks. When your say:

"Go to Start, right click on My Network Places and select Properties. Next
right click and select Properties for the interface that ICF is enable on to
access the network connection properties configuration window. The example
illustrated is for a 56 Kbps dial-up modem."

Are you referring to the server or each client machine?

"Sooner Al [MVP]" wrote:

> See this page for help opening additional ports on whatever firewall you
> might be using.
>
> http://theillustratednetwork.mvps.or...ple_PC_RD.html
>
> IMO a better choice would be if you could connect to the office LAN via a
> VPN tunnel of some sort you could then access any XP Pro PC via RDP. I do
> that using SSH to access my home LAN and its two XP Pro desktops...
>
> You might check the microsoft.public.windows.server.sbs news group for help
> with a VPN and SBS.
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Silvio" <Silvio@discussions.microsoft.com> wrote in message
> news:C9D24300-8863-4518-9987-6FF1E894337C@microsoft.com...
> > Hello I need some advice from the expert:
> >
> > This is my LAN configuration is as follow:
> >
> > 1) Windows Server 2003 (SBS) configured as Domain controller with static
> > IP
> > address.
> > 2) The client machines all have installed Windows XP Professional and are
> > part of the domain. The entire network has static IP addresses.
> > 3) All the computers have access to the internet directly trough a
> > SonicWall
> > firewall. The firewall had port 3386 enabled pointing to the server's IP
> > address.
> >
> > I access the server via Remote Desktop.
> > My boss also access his office computer from a remote location by login in
> > the server using Remote Desktop and then using a second Remote Desktop
> > connection initiated from the server to log on to his office PC using the
> > computer name.
> >
> > My question is: Is there a way for him to long in directly into his office
> > computer avoiding the log in to the server? Remember that I need to access
> > to
> > server. If so what steps do I need to take. I really don't like the idea
> > of
> > him messing up with the server at all.
> >
>
>
>

Also, since I dont actually dial-in in any PC because I am using a broadband
internet connection, do I really need to configure the Windows XP Internet
Connection Firewall (ICF) Configuration for Port Redirection? If I understand
correctly, all I need in my case is is to configure the SonicWall firewall to
redirect ports to the server IP addresses and enable Remote Desktop
Connection in each XP Pro machine. Correct?

"Sooner Al [MVP]" wrote:

> See this page for help opening additional ports on whatever firewall you
> might be using.
>
> http://theillustratednetwork.mvps.or...ple_PC_RD.html
>
> IMO a better choice would be if you could connect to the office LAN via a
> VPN tunnel of some sort you could then access any XP Pro PC via RDP. I do
> that using SSH to access my home LAN and its two XP Pro desktops...
>
> You might check the microsoft.public.windows.server.sbs news group for help
> with a VPN and SBS.
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Silvio" <Silvio@discussions.microsoft.com> wrote in message
> news:C9D24300-8863-4518-9987-6FF1E894337C@microsoft.com...
> > Hello I need some advice from the expert:
> >
> > This is my LAN configuration is as follow:
> >
> > 1) Windows Server 2003 (SBS) configured as Domain controller with static
> > IP
> > address.
> > 2) The client machines all have installed Windows XP Professional and are
> > part of the domain. The entire network has static IP addresses.
> > 3) All the computers have access to the internet directly trough a
> > SonicWall
> > firewall. The firewall had port 3386 enabled pointing to the server's IP
> > address.
> >
> > I access the server via Remote Desktop.
> > My boss also access his office computer from a remote location by login in
> > the server using Remote Desktop and then using a second Remote Desktop
> > connection initiated from the server to log on to his office PC using the
> > computer name.
> >
> > My question is: Is there a way for him to long in directly into his office
> > computer avoiding the log in to the server? Remember that I need to access
> > to
> > server. If so what steps do I need to take. I really don't like the idea
> > of
> > him messing up with the server at all.
> >
>
>
>

Those examples only illustrate what you would do on what ever firewall your
SBS box and XP Pro workstations are running or behind if you wanted to open
multiple ports. It really does not matter if its a broadband connection or
not. Personally I think the VPN solution is best for an office environment.

If you describe your broadband connection to the public internet then
perhaps someone can help.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Silvio" <Silvio@discussions.microsoft.com> wrote in message
news:056D0541-ABF4-4591-8B00-38DECA6E60F5@microsoft.com...
> Also, since I dont actually dial-in in any PC because I am using a
> broadband
> internet connection, do I really need to configure the Windows XP
> Internet
> Connection Firewall (ICF) Configuration for Port Redirection? If I
> understand
> correctly, all I need in my case is is to configure the SonicWall firewall
> to
> redirect ports to the server IP addresses and enable Remote Desktop
> Connection in each XP Pro machine. Correct?
>
> "Sooner Al [MVP]" wrote:
>
>> See this page for help opening additional ports on whatever firewall you
>> might be using.
>>
>> http://theillustratednetwork.mvps.or...ple_PC_RD.html
>>
>> IMO a better choice would be if you could connect to the office LAN via a
>> VPN tunnel of some sort you could then access any XP Pro PC via RDP. I do
>> that using SSH to access my home LAN and its two XP Pro desktops...
>>
>> You might check the microsoft.public.windows.server.sbs news group for
>> help
>> with a VPN and SBS.
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>> "Silvio" <Silvio@discussions.microsoft.com> wrote in message
>> news:C9D24300-8863-4518-9987-6FF1E894337C@microsoft.com...
>> > Hello I need some advice from the expert:
>> >
>> > This is my LAN configuration is as follow:
>> >
>> > 1) Windows Server 2003 (SBS) configured as Domain controller with
>> > static
>> > IP
>> > address.
>> > 2) The client machines all have installed Windows XP Professional and
>> > are
>> > part of the domain. The entire network has static IP addresses.
>> > 3) All the computers have access to the internet directly trough a
>> > SonicWall
>> > firewall. The firewall had port 3386 enabled pointing to the server's
>> > IP
>> > address.
>> >
>> > I access the server via Remote Desktop.
>> > My boss also access his office computer from a remote location by login
>> > in
>> > the server using Remote Desktop and then using a second Remote Desktop
>> > connection initiated from the server to log on to his office PC using
>> > the
>> > computer name.
>> >
>> > My question is: Is there a way for him to long in directly into his
>> > office
>> > computer avoiding the log in to the server? Remember that I need to
>> > access
>> > to
>> > server. If so what steps do I need to take. I really don't like the
>> > idea
>> > of
>> > him messing up with the server at all.
>> >
>>
>>
>>

I never used VPN and I have no idea where to start. Can it be implemented
with my existing software and hardware or I need purchase service from a
third party?

"Sooner Al [MVP]" wrote:

> Those examples only illustrate what you would do on what ever firewall your
> SBS box and XP Pro workstations are running or behind if you wanted to open
> multiple ports. It really does not matter if its a broadband connection or
> not. Personally I think the VPN solution is best for an office environment.
>
> If you describe your broadband connection to the public internet then
> perhaps someone can help.
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Silvio" <Silvio@discussions.microsoft.com> wrote in message
> news:056D0541-ABF4-4591-8B00-38DECA6E60F5@microsoft.com...
> > Also, since I dont actually dial-in in any PC because I am using a
> > broadband
> > internet connection, do I really need to configure the Windows XP
> > Internet
> > Connection Firewall (ICF) Configuration for Port Redirection? If I
> > understand
> > correctly, all I need in my case is is to configure the SonicWall firewall
> > to
> > redirect ports to the server IP addresses and enable Remote Desktop
> > Connection in each XP Pro machine. Correct?
> >
> > "Sooner Al [MVP]" wrote:
> >
> >> See this page for help opening additional ports on whatever firewall you
> >> might be using.
> >>
> >> http://theillustratednetwork.mvps.or...ple_PC_RD.html
> >>
> >> IMO a better choice would be if you could connect to the office LAN via a
> >> VPN tunnel of some sort you could then access any XP Pro PC via RDP. I do
> >> that using SSH to access my home LAN and its two XP Pro desktops...
> >>
> >> You might check the microsoft.public.windows.server.sbs news group for
> >> help
> >> with a VPN and SBS.
> >>
> >> --
> >>
> >> Al Jarvi (MS-MVP Windows Networking)
> >>
> >> Please post *ALL* questions and replies to the news group for the mutual
> >> benefit of all of us...
> >> The MS-MVP Program - http://mvp.support.microsoft.com
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights...
> >>
> >> "Silvio" <Silvio@discussions.microsoft.com> wrote in message
> >> news:C9D24300-8863-4518-9987-6FF1E894337C@microsoft.com...
> >> > Hello I need some advice from the expert:
> >> >
> >> > This is my LAN configuration is as follow:
> >> >
> >> > 1) Windows Server 2003 (SBS) configured as Domain controller with
> >> > static
> >> > IP
> >> > address.
> >> > 2) The client machines all have installed Windows XP Professional and
> >> > are
> >> > part of the domain. The entire network has static IP addresses.
> >> > 3) All the computers have access to the internet directly trough a
> >> > SonicWall
> >> > firewall. The firewall had port 3386 enabled pointing to the server's
> >> > IP
> >> > address.
> >> >
> >> > I access the server via Remote Desktop.
> >> > My boss also access his office computer from a remote location by login
> >> > in
> >> > the server using Remote Desktop and then using a second Remote Desktop
> >> > connection initiated from the server to log on to his office PC using
> >> > the
> >> > computer name.
> >> >
> >> > My question is: Is there a way for him to long in directly into his
> >> > office
> >> > computer avoiding the log in to the server? Remember that I need to
> >> > access
> >> > to
> >> > server. If so what steps do I need to take. I really don't like the
> >> > idea
> >> > of
> >> > him messing up with the server at all.
> >> >
> >>
> >>
> >>
>
>
>

> I never used VPN and I have no idea where to start. Can it be implemented
> with my existing software and hardware or I need purchase service from a
> third party?

Routing and Remote Access on your Windows 2003 SBS server. No need for any
extra hardware or software.

Hi Silvio

It sounds to me as if you need to be using something like Remote Web
Workplace, which is a feature of SBS.

You can set up any user to access their personal desktop just like RDP
without giving them access to the Server.

It's not wholly straight forward as you'll need to configure RRAS and IECW
via Server Management on the Domain Controller and forward Ports 443 and 4125
on the Host Broadband Router plus some other tinkering. Use a Web browser to
access your desktop via https://FQDN (or Server Public IP address)/remote,
but once it's set up, it's a breeze. You can also then access your email via
Outlook Web Access from anywhere you like without the need to access your
desktop.

If you go to the Small Business Server Newsgroups and post the same query
you'll be up and running in no time.

Good luck
--
Always hands on and keen to learn.


"Peter" wrote:

> > I never used VPN and I have no idea where to start. Can it be implemented
> > with my existing software and hardware or I need purchase service from a
> > third party?
>
> Routing and Remote Access on your Windows 2003 SBS server. No need for any
> extra hardware or software.
>
>
>

Good advice...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Tonky" <Tonky@discussions.microsoft.com> wrote in message
news8EB34E8-C014-4441-88DA-0B5BA3B9057C@microsoft.com...
> Hi Silvio
>
> It sounds to me as if you need to be using something like Remote Web
> Workplace, which is a feature of SBS.
>
> You can set up any user to access their personal desktop just like RDP
> without giving them access to the Server.
>
> It's not wholly straight forward as you'll need to configure RRAS and IECW
> via Server Management on the Domain Controller and forward Ports 443 and
> 4125
> on the Host Broadband Router plus some other tinkering. Use a Web browser
> to
> access your desktop via https://FQDN (or Server Public IP address)/remote,
> but once it's set up, it's a breeze. You can also then access your email
> via
> Outlook Web Access from anywhere you like without the need to access your
> desktop.
>
> If you go to the Small Business Server Newsgroups and post the same query
> you'll be up and running in no time.
>
> Good luck
> --
> Always hands on and keen to learn.
>