We live in the age of global communication and connectivity. Could you imagine 10 years ago if you had told someone you’d be sitting in a coffee shop, connected to a worldwide network, with no wires connected to your laptop, reading the latest news or even playing a game with your friends?
They would have suggested that you are mad! Fortunately, that is not the case and we do live in a world where global communications are standard and almost everyone has their own permanent connection to the internet via broadband.
What if, via this worldwide communications network, you could not only read the latest news or do your grocery shopping online; you could actually remotely control your PC at home! Think about this for a minute, what would this allow you to do? Would it allow you to remotely use any applications you may have installed at homes, such as accountancy applications, spreadsheets or documents? Allow you to check any downloads you may have progressing at home? Check on emails that only come into your email client? The possibilities really are endless. There is a solution at hand, and in this article, I will focus on using the inbuilt features of Microsoft Windows XP Professional, namely, Remote Desktop.
If you have never used remote desktop before, don’t be worried. It’s a simple feature that does what is says, presents you with your desktop via a client. If you look in Start -> Programs -> Accessories -> Communications, you will see a Remote Desktop Client application.
Using this application, you can enter a computer name or IP address to connect to. You can even map your home computers hard drives as well so that they appear in windows explorer, and even print to the printer beside you, from your home computer, over the internet!
Try it at home if you have two computers. You need to make sure that Remote Desktop is enabled first, and this can be done by selecting System from Control Panel, selecting the remote tab, and ensuring that “Allow users to connect remotely to this computer” is enabled. If you plan to do this at home, take note of the “Full computer name”, as this is what you will need to enter into the remote desktop client to connect to this computer.
I know you are worried about security at this point, but don’t worry – we’ll address that later.
Now, if you do have two computers at home, try it and see what happens! You should be presented with the familiar login box, and once logged in – ta-da! You are now on the desktop of the other computer, using the remote desktop application on your local computer!
Now – what if this functionality could be extended; so that you can connect to your home PC from anywhere in the world provided you are connected to the internet? Fortunately, this can be done! There are seven steps that we need to do in order to achieve this.
1. Ensure that your computer will accept remote desktop requests
2. Make sure your password is strong!
3. Note down your IP addresses
4. Change the port number that remote desktop responds on (this will aid with security)
5. Ensure any local firewalls are not blocking the Remote Desktop Port.
6. Create the necessary port forwarding rules on your home router
7. Sign up to a Dynamic DNS service (ignore if you have a static IP address from your ISP)
Let me explain these steps and how to perform each one.
1. Ensure your computer will accept remote desktop requests. As above, you need to select the System icon from Control Panel, and, from the remote tab, ensure that “Allow users to connect remotely to this computer” is enabled.
2. Make sure your password is strong! If your password is not very secure, make sure you change it so that it has at least 8 characters, at least one uppercase character and at least one symbol. One way to do this is to use symbols/numbers as a substitute for letters. For example, say I wanted my password to be the name of my son, Benjamin. Instead of using Benjamin as my password, which as you can see, is a lot more secure than Benjamin.
3. Note down your IP addresses. We need to make a note of your internal and external IP addresses. To do this, go to Start -> Run and type cmd. Then click OK. Type config and look for the IP address entry. In this example, we will use 192.168.01. This is your internal IP address. Take a note of your IP address, in this example, we will use 220.127.116.11. This is your external IP address.
Things will get a bit techy from this point on. The tasks we need to perform are pretty straight forward, however, if you have any questions, please ask a technical friend first or consult online help from the internet as an error in the below steps could cause your computer to malfunction or cause you internet connectivity problems.
4. Change the port number that remote desktop responds on. This will require you editing the registry. Go to Start -> Run and type regedit. Then click OK and you will be presented with the Windows Registry. I won’t get into detail about the registry now, there are books as thick as encyclopedias written on the windows registry, suffice to say, if you don’t know what you are doing, don’t mess around with it!
Now, if you browse through the tree to
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinstationsRDP-TCP. Once there, look for an entry in the right-hand pane called “PortNumber”. Double click this entry and select decimal. Now, this will be 3389 by default. Make sure you change this to a number of your choosing, above 1024 and below 65534. In this case, lets you 23456. I highly recommend making this number as obscure as possible to avoid people discovering an open port via portscan! Click OK, and close down Registry Editor.
One caveat to this, what port you decide to use, may affect the usability of this feature. Some companies will block ports that are not in common use, so 23456 will be blocked. Other companies allow all ports, as do most home users. If you choose a common port, such as port 80 or 443, it may allow you more access from secure networks, however, will allow hackers to more easily see your PC on the internet.
Even using a higher port number will still render you vulnerable to certain attacks, however, the risk is severely minimised when using a higher port number. I and a number of colleagues have used this technology for a number of years without incident; however remember when allowing any connectivity over the internet, there is always a risk! This choice in functionality is up to you.
5. Ensure any local firewalls are not blocking the Remote Desktop Port. This step will most likely require you to check the instructions with your particular desktop firewall product. What you will need to do here is ensure that anyone is allowed to connect to the port number used above. This is usually in the form of a firewall rule and looks similar to the below:
Allow Anyone using protocol TCP 23456 in both directions to connect to My computer. Once again, this will require consulting your desktop firewall instructions.
Now, before we go any further we need to make sure this change has taken effect. Reboot your computer, and, if you have another computer on your LAN, try and remote desktop to your computer with the “: you port number” at the end, for example. My computer:23456, or your IP address, 192.168.0.1:23456. Make sure this works before continuing or else the next steps will not work.
6. Create the necessary port forwarding rules on your home router. This step will depend on your particular home router. You will need to connect to this and define a port forwarding rule similar to the following:
Allow anyone -> Using Port TCP 23456 (substitute for your port number above) to connect to 192.168.0.1 (substitute for your internal IP address). You may need to consult the manual for your router regarding port forwarding for this. You may need to define a particular protocol or server for TCP 23456 (substitute for your particular port number above). This is the hardest step of all so it may take you a while to achieve.
7. Sign up to a Dynamic DNS service (ignore if you have a static IP address from your ISP). If you know your external IP address will never change, ignore this step. If however, you have a dynamic IP from your ISP, you will need to perform this step.
This step is to ensure that your external IP address changes, it will be registered on the internet so you can still connect to your PC. The best service.
Sign up here and enter a hostname that you would like to use, ie, myname.dyndns.com. Follow the instructions here to ensure that your external IP address is always updated on the internet.
8. Finally, you are ready to go. If you have completed all the steps above successfully, you’ll want to test this out. The best choice will be to go to a friend’s house with home broadband, and test connecting in. Once connected to the internet, load up your remote desktop client, and enter either you external IP address or DNS name, eg 18.104.22.168:23456 or myname.dyndns.com:23456.
Chances are this may not work the first time, so, I have included below tests that you can perform at each stage to determine where the problem may be.
1. Ensure that your computer will accept remote desktops requests. The best way to check this is to go to Start -> Run and type cmd . Then type “telnet 127.0.0.1 portnumber” ie, “telnet 127.0.0.1 23456”. This should return a blank cmd window if successful, and an error if unsuccessful. If this is successful, move on to the next step. If this is unsuccessful, make sure Remote Desktop Connections to you PC are enabled and the port number is correct. You can do this by typing “telnet 127.0.0.1 3389” in the same cmd window as before, and if this is successful, your remote desktop port number has not yet changed. You may need to reboot your PC or check the above registry entry.
2. Make sure your password is strong! This test I will leave to you to ensure your password is correct.
3. Note down your IP addresses. Make sure that all your IP addresses are correct!
4. Change the port number that remote desktop responds on. You can check this has been set successfully by going to Start -> Run and type cmd . Then type “telnet 127.0.0.1 portnumber” ie, “telnet 127.0.0.1 23456”. This should return a blank cmd window if successful, and an error if unsuccessful. If this is successful, move on to the next step. If this is unsuccessful, make sure Remote Desktop Connections to you PC are enabled and the port number is correct. You can do this by typing “telnet 127.0.0.1 3389” in the same cmd window as before, and if this is successful, your remote desktop port number has not yet changed. You may need to reboot your PC or check the above registry entry.
5. Ensure any local firewalls are not blocking the Remote Desktop Port. The best way to test this functionality, if you can, is to use a PC on your LAN. From a PC on the same network as yours, type “telnet “, ie “telnet 192.168.0.1 23456”. If you receive a blank cmd window, then this is working OK. If you receive an error, and all the above tests are successful, then this indicates that something on your PC is blocking this connection. You will need to look at any local firewalls that may be preventing this access (including the inbuilt Microsoft Firewall).
If this step works, also ensure that your local firewall is not just allowing computer on your local network and nothing else to connect. I stress again, make sure you read the instructions that came with your desktop firewall.
6. Create the necessary port forwarding rules on your home router. This is the most problematic part of the process. To check this, you will need to be on another broadband connection. Once connected, navigate to Start -> Run and type cmd . Then type “telnet ” ie, “telnet 22.214.171.124 23456”. Once again, this should return a blank cmd window if successful and an error if unsuccessful. If all the tests above have been successful, and this command is unsuccessful, then this problem indicates there is an issue on the router port forwarding the Remote Desktop request. Ensure that you have read the manual and port forwarded this successfully.
7. Sign up to a Dynamic DNS service. You can test this simply by performing the same command as above. If “telnet externalip portnumber” works, and “telnet myname.dyndns.com portnumber” does not, then there is a problem with this service. From a cmd window, type ping myname.dyndns.com and see if it returns a reply. If not, then you will need to check the online help with regards to this service.
That should be it; you should now be able to connect to your home PC from almost any internet connection. Remember you can use advanced features of the remote desktop client such as connecting your local drives, printers etc.