RDP client for Windows: installation and configuration. Setting up RDP (remote desktop protocol)

What is Remote Desktop

Using Windows Remote Desktop (rdp) can be a very useful and convenient solution to the issue remote computer access. When can remote desktop be useful? If you want to control your computer remotely (either from a local network or from anywhere in the world). Of course, third-party ones, such as and others, can be used for these purposes. But often these programs require access confirmation on the side of the remote computer, they are not suitable for simultaneous parallel use of the computer by several users, and still work slower than the remote desktop. Therefore, such programs are more suitable for remote assistance or maintenance, but not for everyday work.

It can be quite convenient to use Remote Desktop to allow users to work with certain programs. For example, if you need to demonstrate the operation of a program to a distant user (provide demo access for testing). Or, for example, you have only one powerful computer in your office on which a demanding program is installed. On other weak computers it slows down, but everyone needs access. Then a good solution would be to use a remote desktop: everyone from their “dead” computers connects via rdp to a powerful one and uses the program on it, without interfering with each other.

Static IP address. What is needed for remote access via rdp

One of the important points regarding setting up and subsequently using the remote desktop is the need for a static IP address on the remote computer. If you are setting up a remote desktop that will only be used within the local network, then there is no problem. However, remote desktop is mainly used for external access. Most providers provide subscribers with dynamic IP addresses and for normal use this is quite enough. Static (“white”) IPs are usually provided for an additional fee.

Setting up Windows Remote Desktop

Well, we figured out why we need a remote desktop. Now let's start setting it up. The instructions discussed here are suitable for Windows 7, 8, 8.1, 10. In all of the listed operating systems, the settings are similar, the differences are minor and only in how to open some windows.

First we need to configure the computer to which we will connect.

Attention! Your account must have administrator rights.

1. Open Start - Control Panel .

In Windows 8.1 and 10 it is convenient to open Control Panel by right-clicking on the icon Start and selecting from the list Control Panel .

Next, select system and safety - System. (This window can also be opened in another way: click Start, then right-click on Computer and choose Properties ).

Setting up remote access .

3. In the section Remote Desktop choose:

- Allow connections only from computers running Remote Desktop with network level authentication . Suitable for clients running version 7.0 of Remote Desktop.

- . Suitable for connecting legacy versions of clients.

4. Click Apply .

5. By button Select users A window opens in which you can specify accounts on the computer that will be allowed to connect remotely. (This procedure is also called adding a user to a group )

Users with administrative rights have remote worker access by default. However, in addition to actually connecting, any account must be password protected, even the administrator account.

6. Add to group Remote Desktop Users a new user with normal rights (not an administrator). To do this, press the button Add

In field Enter names of the selected objects, enter the name of our user. I have this Access1. Let's click Check names .

If everything is correct, the computer name will be added to the username. Click OK .

If we don’t remember the exact username or don’t want to enter it manually, click Additionally .

In the window that opens, click the button Search .

In field searching results All computer users and local groups will appear. Select the desired user and click OK .

When you have selected all the required users in the window Selection: Users press OK .

Now to the group Remote Desktop Users a user with a regular account will be added Access1. To apply the changes, click OK .

7. If you use a third-party one, you will need to configure it additionally, namely, open TCP port 3389. If you only have the built-in Windows firewall running, then you don’t need to do anything, it will be configured automatically as soon as we have allowed the use of remote desktop on the computer .

This completes the basic setup of the remote computer.

Network settings, port forwarding

As mentioned above, for remote desktop access you need a static IP address.

If you do not have any routers and the Internet cable goes directly to the computer, then skip this section and move on to the next one. If you use a router, you need to make additional settings on it.

If you plan to use the remote desktop only on a local network, then it will be enough to just assign a local IP to the desired computer (follow the first part, without port forwarding). If you need access from outside, then you also need . To open access to the remote desktop you need to forward TCP port 3389.

Setting up a remote desktop connection

Let's go directly to connecting to a remote desktop, that is, settings on the client side.

1. Let's launch .

You can do this in Windows 7 through the menu Start - All programs - Standard - Remote Desktop Connection .

In Windows 8 it is convenient to launch through search. Click Start, click on the magnifying glass icon in the upper right corner and start entering the word “deleted” in the search field. From the proposed search options, select Remote Desktop Connection .

On Windows 10: Start - All applications - Standard Windows - Remote Desktop Connection .

2. First of all, let’s check which protocol version is installed. To do this, click on the icon in the upper left corner and select the item About the program .

Checking the desktop protocol version. If 7.0 or higher, then everything is in order, you can connect.

If the protocol version is lower (this is possible on older versions of Windows), then you need to either update it or lower the security level in the settings of the remote computer (i.e. select Allow connections from computers running any version of Remote Desktop (more dangerous) ).

You can download Remote Desktop updates for legacy operating systems using the links below:

3. Specify connection parameters:

In field Computer We register the IP address of the remote computer to which we are going to connect. (Local - if we connect within the local network and real (the one given by the Internet provider) if the remote computer is located outside the local network). I have the first option.

Note. You can find out what external static IP address you have, for example, through the Yandex.Internetometer service.

4. Click To plug .

You will be prompted to enter your credentials. Enter the login and password of any user on the remote computer who has rights to use the remote desktop. In my example it's Admin or Access1. I remind you that accounts must be password protected.

Enter your username and password and check the box next to it Remember credentials , so as not to enter them the next time you connect. Of course, you can only remember your credentials if you are working from a personal computer that is not accessible to unauthorized persons.

Click OK .

A warning will pop up. Put a tick Don't ask for connections to this computer again and press Yes .

If everything is done correctly, you will see the remote desktop in front of you.

Note. I remind you that you cannot simultaneously connect via remote work from several computers under one user. That is, if it is planned that several people will work with the remote computer at the same time, then for each you will need to create a separate user and grant rights to use the remote desktop. This is done on a remote computer, as discussed at the beginning of the article.

Additional Remote Desktop Settings

Now a few words about additional settings for connecting to a remote desktop.

To open the settings menu, click on Options .

General tab

Here you can change connection settings. By clicking on the edit link, you can edit the user name and connection password.

You can save the already configured connection settings. Click on the button Save as and choose a place, for example, Desktop . Now on Desktop A shortcut will appear that immediately launches a remote desktop connection without the need to specify parameters. This is very convenient, especially if you periodically work with several remote computers or if you don’t configure it for yourself and don’t want to confuse users.

Screen tab

On the tab Screen you can specify the size of the remote desktop (whether it will occupy the entire screen of your monitor or be displayed in a small separate window).

You can also choose the color depth. If your Internet connection speed is slow, it is recommended to select a lower depth.

Local Resources tab

Here you can configure the sound parameters (play it on the remote computer or on the client computer, etc.), the order of using Windows hotkey combinations (such as Ctrl+Alt+Del, Ctrl+C, etc.) when working with the remote desktop .

One of the most useful sections here is Local devices and resources . By checking the box Printer, you get the ability to print documents from a remote desktop to your local printer. Check mark Clipboard activates a single clipboard between the remote desktop and your computer. That is, you can use normal copy and paste operations to transfer files, folders, etc. from a remote computer to yours and vice versa.

Clicking the button More details, you will be taken to the settings menu where you can connect additional devices on your computer to the remote desktop.

For example, you want to have access to your disk when working on a remote computer D. Then click on the plus sign opposite Devices to expand the list and tick the disk D. Click OK .

Now when you connect to a remote desktop, you will see and access your disk D through Conductor as if it were physically connected to the remote computer.

Advanced tab

Here you can choose the connection speed to achieve maximum performance, as well as set the display of the desktop background, visual effects, etc.

Removing a Remote Desktop Connection

Finally, let's consider how to delete a remote desktop connection. When is it needed? For example, you used to have remote access to your computer, but now there is no need for this, or you even need to prevent strangers from connecting to the remote desktop of your computer. It's very easy to do.

1. Open Control Panel - system and safety - System, as they did at the beginning of the article.

2. In the left column, click on Setting up remote access .

3. In the section Remote Desktop choose:

- Don't allow connections to this computer

Ready. Now no one will be able to connect to you via remote desktop.

Remote desktop is an operating system functionality that allows you to administer a remote computer in real time, using a local network or the Internet as a data transmission medium. There are a great variety of remote desktop implementations depending on the protocol or operating system. The most common solution in the Windows operating system is Remote Desktop Protocol (RDP), and in systems based on the Linux kernel - VNC and X11.

How to enable remote desktop functionality

By default, the ability to become an RDP session server is disabled on a Windows workstation.

Right-click on the “My Computer” icon and select “Properties” from the context menu.

Select the item “Setting up remote access” in the left menu. This will require administrator privileges.

The “System Properties” window will open, in which, on the “Remote Access” tab, you need to set the access permission to this computer as done in the screenshot below.

If necessary, you can select users under whom you can log in to the system.

In addition, if you have a network filter (Firewall) installed, you will need to create an allowing rule for connecting to this computer in the properties of the network adapter or in the Windows Firewall applet in the Control Panel.

How to connect to remote desktop

There are several ways to connect to a remote desktop. Go to the main menu of the system “Start – All Programs – Accessories – Remote Desktop Connection”

Or run the command in the Windows command prompt (or window Execute»)

Both of these methods are equivalent and launch the same program - the Remote Desktop Connection Wizard.

In the wizard window, you can specify the name or IP address of the computer to which you want to connect, as well as specify special parameters, such as screen resolution, transfer of local (clipboard, local disks) or remote (sounds) resources.

Enter the IP address of the remote node and press the button “ To plug».

Most likely we will see a warning about problems authenticating the remote computer. If we are sure that we have not made a mistake in spelling the address or name, then we can click “Yes”, after which the connection to the node will be initialized.

You will also need to enter the remote user's credentials.

If we haven’t made a mistake anywhere, then after some time we will see the desktop of the remote computer, where we can perform certain actions. Control the mouse pointer, enter characters from the keyboard, and so on.

As mentioned earlier, for the convenience of system administration, we can transfer local resources such as printers, logical drives or the clipboard to a remote machine.

To do this, in the Remote Desktop Connection Wizard window, go to the “Local Resources” tab, click on the “More details...” button.

And in the window that opens, select, for example, Local disk (C:).

Now, when connecting a remote desktop, we will see our local drive (C:) of the computer from which the connection is made.

How to Increase Remote Desktop Security

It's no secret that leaving a computer with Remote Desktop activated and connected to the Internet is unsafe. The fact is that various types of attackers are constantly scanning network address ranges in search of running network services (including remote desktop) with the aim of further hacking them.

One of the ways that can make it more difficult for an attacker to find a running Terminal Services (RDP) service is to change the standard port number to a different value. By default, the RDP service listens on network port 3389/TCP waiting for an incoming connection. It is this port that attackers try to connect to first. We can say with almost 100% certainty that if a port with this number is open on a computer, then it is running a Windows system with allowed remote access.

Attention! Further actions with the system registry must be performed very carefully. Changing certain settings may make the operating system inoperable.

In order to change the port number of the remote desktop, you need to open the registry editor and open the section:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Then find REG_DWORD the PortNumber parameter and change its value in the decimal system to an arbitrary number (from 1024 to 65535).

After the value is changed, the computer should be restarted. Now, to access the remote desktop, you need to additionally specify our port via a colon. In this situation, you need to specify as the computer name 10.0.0.119:33321

Well, attackers, having tried the standard port, will probably conclude that remote access via the RDP protocol is not allowed on this computer. Of course, this method will not save you from targeted attacks, when every network port is carefully checked in search of a loophole, but it will protect you from massive template attacks.

In addition, you need to use a fairly complex and long password for those accounts that are allowed access via remote desktop.

Quite often, many users who use remote access sessions have a question about how to change the RDP port. Now let's look at the simplest solutions, and also indicate several main stages in the setup process.

What is the RDP protocol for?

First, a few words about RDP. If you look at the decoding of the abbreviation, you can understand that remote access

In simple terms, this is a tool for a terminal server or workstation. Windows settings (and any version of the system) use default settings that suit most users. However, sometimes there is a need to change them.

Standard RDP port: should it be changed?

So, regardless of the modification of Windows, all protocols have a preset meaning. This is RDP port 3389, which is used to carry out a communication session (connecting one terminal to remote ones).

What is the reason for the situation when the standard value needs to be changed? First of all, only with ensuring the security of the local computer. After all, if you look at it, with a standard port installed, in principle, any attacker can easily penetrate the system. So now let's see how to change the default RDP port.

Changing settings in the system registry

Let us immediately note that the change procedure is carried out exclusively in manual mode, and the remote access client itself does not provide for any reset or installation of new parameters.

First, call the standard registry editor with the regedit command in the “Run” menu (Win + R). Here we are interested in the HKLM branch, in which we need to go down the partition tree through the terminal server directory to the RDP-Tcp directory. In the window on the right we find the PortNumber key. It is its meaning that we need to change.

We go into editing and see 00000D3D there. Many people are immediately perplexed about what it is. And this is simply a hexadecimal representation of the decimal number 3389. To indicate the port in decimal form, we use the corresponding line to display the value representation, and then specify the parameter we need.

After this, we reboot the system, and when trying to connect, specify a new RDP port. Another way to connect is to use the special command mstsc /v:ip_address:XXXXX, where XXXXX is the new port number. But that's not all.

Windows Firewall Rules

Unfortunately, the built-in Windows firewall may block the new port. This means that you need to make changes to the settings of the firewall itself.

Call up the firewall settings with advanced security settings. Here you should first select incoming connections and click on the line to create a new rule. Now we select the item to create a rule for the port, then enter its value for TCP, then allow the connection, leave the profiles section unchanged and finally assign a name to the new rule, after which we click the complete configuration button. All that remains is to reboot the server and, when connecting, specify the new RDP port through a colon in the appropriate line. In theory, there should be no problems.

Forwarding the RDP port on the router

In some cases, when you are using a wireless connection rather than a cable connection, you may need to forward the port on your router. There is nothing complicated about it.

First, in the system properties, we allow and indicate the users who have the right to do so. Then go to the router settings menu through the browser (192.168.1.1 or at the end 0.1 - it all depends on the router model). In the field (if our main address is 1.1), it is advisable to indicate the address, starting with the third (1.3), and write the rule for issuing the address for the second (1.2).

Then in network connections we use the details view, where you should view the details, copy the physical MAC address from there and paste it into the router parameters.

Now, in the NAT settings section on the modem, enable the connection to the server, add a rule and specify port XXXXX, which needs to be forwarded to the standard RDP port 3389. Save the changes and reboot the router (the new port will not be accepted without a reboot). You can check the connection on some specialized website like ping.eu in the port testing section. As you can see, everything is simple.

Finally, note that the port values ​​are distributed as follows:

  • 0 - 1023 - ports for low-level system programs;
  • 1024 - 49151 - ports allocated for private purposes;
  • 49152 - 65535 - dynamic private ports.

In general, many users usually select RDP ports from the third range of the list to avoid problems. However, both specialists and experts recommend using these values ​​in the settings, since they are suitable for most of the tasks.

As for this particular procedure, it is used mainly only in cases of Wi-Fi connection. As you can already see, with a normal wired connection it is not required: just change the values ​​of the registry keys and add rules for the port in the firewall.

This article begins a series of articles devoted to the design and security of the RDP protocol. The first article in this series analyzes the design, use and main technologies embedded in this protocol.

This article begins a series of articles devoted to the design and security of the RDP protocol. The first article in this series analyzes the design, use and main technologies embedded in this protocol.

The following articles will discuss the following issues in detail:

  • Operation of the Remote Desktop security subsystem
  • Service information exchange format in RDP
  • Terminal Server vulnerabilities and ways to eliminate them
  • Selection of user accounts using the RDP protocol (developed by Positive Technologies in this area)

The history of RDP

The Remote Desktop protocol was created by Microsoft to provide remote access to Windows servers and workstations. The RDP protocol is designed to share the resources of a high-performance terminal server with many less powerful workstations. The first terminal server (version 4.0) appeared in 1998 as part of Windows NT 4.0 Terminal Server; at the time of writing (January 2009), the latest version of the terminal server is version 6.1, included in the Windows 2008 Server and Windows Vista SP1 distributions. Currently, RDP is the main remote access protocol for Windows family systems, and client applications exist for both Microsoft OS and Linux, FreeBSD, MAC OS X, etc.

When talking about the history of RDP, one cannot fail to mention Citrix. Citrix Systems specialized in multi-user systems and remote access technologies in the 1990s. After acquiring the Windows NT 3.51 source code license in 1995, the company released a multi-user version of Windows NT known as WinFrame. In 1997, Citrix Systems and Microsoft entered into an agreement under which the Windows NT 4.0 multi-user environment was based on Citrix technology developments. In turn, Citrix Systems refused to distribute a full-fledged operating system and received the right to develop and implement extensions for Microsoft products. These extensions were originally called MetaFrame. Rights to ICA (Independent Computing Architecture), the application protocol for interaction between thin clients and the Citrix application server, remained with Citrix Systems, and the Microsoft RDP protocol was based on ITU T.120.

Currently, the main competition between Citrix and Microsoft is in the field of application servers for small and medium businesses. Traditionally, solutions based on Terminal Services win in systems with not a very large number of the same type of servers and similar configurations, while Citrix Systems is firmly established in the market of complex and high-performance systems. Competition is fueled by the release of lightweight solutions for small systems by Citrix and the constant expansion of Terminal Services functionality by Microsoft.

Let's look at the benefits of these solutions.

Strengths of Terminal Services:

  • Easy installation of applications for the client side of the application server
  • Centralized maintenance of user sessions
  • Requires a license for Terminal Services only

Strengths of Citrix solutions:

  • Easy to scale
  • Ease of administration and monitoring
  • Access control policy
  • Support for third-party enterprise products (IBM WebSphere, BEA WebLogic)

Network design using Terminal Services

Microsoft suggests two modes of using the RDP protocol:

  • for administration (Remote administration mode)
  • to access the application server (Terminal Server mode)

RDP in administration mode

This type of connection is used by all modern Microsoft operating systems. Server versions of Windows support two remote connections and one local login simultaneously, while client versions support only one login (local or remote). To allow remote connections, you must enable remote desktop access in the workstation properties.

RDP in terminal server access mode

This mode is available only in server versions of Windows. The number of remote connections in this case is not limited, but configuration of the License server and its subsequent activation are required. The license server can be installed either on a terminal server or on a separate network node. The ability to remotely access the terminal server is available only after installing the appropriate licenses on the License server.

When using a terminal server cluster and load balancing, the installation of a specialized connection server (Session Directory Service) is required. This server indexes user sessions, which allows you to log in, as well as re-login to terminal servers operating in a distributed environment.

How RDP works

Remote Desktop is an application protocol based on TCP. After a connection is established, an RDP session is initialized at the transport layer, within which various data transfer parameters are negotiated. After the initialization phase has successfully completed, the terminal server begins sending graphical output to the client and waits for keyboard and mouse input. The graphic output can be an exact copy of the graphic screen, transmitting both an image and commands for drawing graphic primitives (rectangle, line, ellipse, text, etc.). Transmitting output using primitives is a priority for the RDP protocol, as it significantly saves traffic; and the image is transmitted only if otherwise is impossible for some reason (it was not possible to agree on the parameters for transmitting primitives when setting up an RDP session). The RDP client processes received commands and displays images using its graphics subsystem. By default, user input is transmitted using keyboard scan codes. The signal for pressing and releasing a key is transmitted separately using a special flag.

RDP supports multiple virtual channels within a single connection, which can be used to provide additional functionality:

  • using a printer or serial port
  • file system redirection
  • Clipboard support
  • using the audio subsystem

The characteristics of the virtual channels are negotiated during the connection setup phase.

Ensuring security when using RDP

The RDP protocol specification calls for one of two security approaches:

  • Standard RDP Security (built-in security subsystem)
  • Enhanced RDP Security (external security subsystem)

Standard RDP Security

With this approach, authentication, encryption and integrity assurance are implemented using the means built into the RDP protocol.

Authentication

Server authentication is performed as follows:

  1. When the system starts, a pair of RSA keys is generated
  2. A public key Proprietary Certificate is created
  3. The certificate is signed with an RSA key hardcoded into the operating system (any RDP client contains the public key of this built-in RSA key).
  4. The client connects to the terminal server and receives a Proprietary Certificate
  5. The client verifies the certificate and receives the server's public key (this key is used later to negotiate encryption parameters)

Client authentication is performed by entering a username and password.

Encryption

The RC4 stream cipher was chosen as the encryption algorithm. Depending on the operating system version, different key lengths are available from 40 to 168 bits.

Maximum key length for Winodws operating systems:

  • Windows 2000 Server - 56 bit
  • Windows XP, Windows 2003 Server – 128 bit
  • Windows Vista, Windows 2008 Server – 168 bit

When a connection is established, after agreeing on the length, two different keys are generated: to encrypt data from the client and from the server.

Integrity

Message integrity is achieved by using a MAC (Message Authentication Code) generation algorithm based on the MD5 and SHA1 algorithms.

Beginning with Windows 2003 Server, FIPS (Federal Information Processing Standard) 140-1 compliance can be achieved by using 3DES for message encryption and a SHA1-only MAC generation algorithm to ensure integrity.

Enhanced RDP Security

This approach uses external security modules:

  • TLS 1.0
  • CredSSP

TLS can be used starting with Windows 2003 Server, but only if the RDP client supports it. TLS support has been added since RDP client version 6.0.

When using TLS, the server certificate can be generated using Terminal Sercives or you can select an existing certificate from the Windows store.

The CredSSP protocol is a combination of the functionality of TLS, Kerberos and NTLM.

Let's look at the main advantages of the CredSSP protocol:

  • Checking permission to log into a remote system before establishing a full RDP connection, which allows you to save terminal server resources when there are a large number of connections
  • Strong authentication and encryption via TLS protocol
  • Using Single Sign On with Kerberos or NTLM

CredSSP features can only be used on Windows Vista and Windows 2008 Server operating systems. This protocol is enabled by the Use Network Level Authentication flag in the terminal server settings (Windows 2008 Server) or in the remote access settings (Windows Vista).

Terminal Services licensing scheme

When using RDP, accessing applications in thin client mode requires setting up a specialized license server.

Permanent client licenses can be installed on the server only after completing the activation procedure; before this procedure, temporary licenses limited in validity period can be issued. After activation, the license server is provided with a digital certificate confirming its ownership and authenticity. Using this certificate, the license server can perform subsequent transactions with the Microsoft Clearinghouse database and accept permanent CALs for the terminal server.

Types of client licenses:

  • temporary license (Temporary Terminal Server CAL)
  • device license (Device Terminal Server CAL)
  • user license (User Terminal Server CAL)
  • license for external users (External Terminal Server Connector)

Temporary license

This type of license is issued to the client upon first connection to the terminal server; the license is valid for 90 days. Upon successful login, the client continues to work with a temporary license, and the next time the terminal server connects, it tries to replace the temporary license with a permanent one, if it is available in the storage.

Device license

This license is issued for each physical device that connects to the application server. The license validity period is set randomly between 52 and 89 days. 7 days before the expiration date, the terminal server attempts to renew the license from the license server each time a client connects again.

User license

Per-user licensing provides additional flexibility by allowing users to connect from a variety of devices. The current implementation of Terminal Services does not have controls over the use of user licenses, i.e. The number of available licenses on the license server does not decrease when new users connect. Using insufficient licenses for client connections violates the Microsoft license agreement. To use both device and user CALs on the same terminal server, the server must be configured to operate in per-user licensing mode.

License for external users

This is a special type of license designed to connect external users to a corporate terminal server. This license does not impose restrictions on the number of connections, however, according to the user agreement (EULA), the terminal server for external connections must be dedicated, which does not allow its use to serve sessions from corporate users. Due to the high price, this type of license is not widely used.

The license server can have one of two roles:

  • Domain or Workgroup License server
  • Entire Enterprise License Server

The roles differ in how they discover the license server: when using the Enterprise role, the terminal server searches the ActiveDirectory for the license server, otherwise the search is performed using a NetBIOS broadcast request. Each server found is checked for correctness using an RPC request.

Promising technologies Terminal Services

Solutions for application servers are actively promoted by Microsoft, functionality is being expanded, and additional modules are being introduced. The greatest development has been achieved by technologies that simplify the installation of applications and components responsible for the operation of terminal servers in global networks.

The following features have been introduced in Terminal Services for Windows 2008 Server.

What is Remote Desktop

Using Windows Remote Desktop (rdp) can be a very useful and convenient solution to the issue remote computer access. When can remote desktop be useful? If you want to control your computer remotely (either from a local network or from anywhere in the world). Of course, third-party ones, such as and others, can be used for these purposes. But often these programs require access confirmation on the side of the remote computer, they are not suitable for simultaneous parallel use of the computer by several users, and still work slower than the remote desktop. Therefore, such programs are more suitable for remote assistance or maintenance, but not for everyday work.

It can be quite convenient to use Remote Desktop to allow users to work with certain programs. For example, if you need to demonstrate the operation of a program to a distant user (provide demo access for testing). Or, for example, you have only one powerful computer in your office on which a demanding program is installed. On other weak computers it slows down, but everyone needs access. Then a good solution would be to use a remote desktop: everyone from their “dead” computers connects via rdp to a powerful one and uses the program on it, without interfering with each other.

Static IP address. What is needed for remote access via rdp

One of the important points regarding setting up and subsequently using the remote desktop is the need for a static IP address on the remote computer. If you are setting up a remote desktop that will only be used within the local network, then there is no problem. However, remote desktop is mainly used for external access. Most providers provide subscribers with dynamic IP addresses and for normal use this is quite enough. Static (“white”) IPs are usually provided for an additional fee.

Setting up Windows Remote Desktop

Well, we figured out why we need a remote desktop. Now let's start setting it up. The instructions discussed here are suitable for Windows 7, 8, 8.1, 10. In all of the listed operating systems, the settings are similar, the differences are minor and only in how to open some windows.

First we need to configure the computer to which we will connect.

Attention! Your account must have administrator rights.

1. Open Start - Control Panel .

In Windows 8.1 and 10 it is convenient to open Control Panel by right-clicking on the icon Start and selecting from the list Control Panel .

Next, select system and safety - System. (This window can also be opened in another way: click Start, then right-click on Computer and choose Properties ).

Setting up remote access .

3. In the section Remote Desktop choose:

- Allow connections only from computers running Remote Desktop with network level authentication . Suitable for clients running version 7.0 of Remote Desktop.

- . Suitable for connecting legacy versions of clients.

4. Click Apply .

5. By button Select users A window opens in which you can specify accounts on the computer that will be allowed to connect remotely. (This procedure is also called adding a user to a group )

Users with administrative rights have remote worker access by default. However, in addition to actually connecting, any account must be password protected, even the administrator account.

6. Add to group Remote Desktop Users a new user with normal rights (not an administrator). To do this, press the button Add

In field Enter names of the selected objects, enter the name of our user. I have this Access1. Let's click Check names .

If everything is correct, the computer name will be added to the username. Click OK .

If we don’t remember the exact username or don’t want to enter it manually, click Additionally .

In the window that opens, click the button Search .

In field searching results All computer users and local groups will appear. Select the desired user and click OK .

When you have selected all the required users in the window Selection: Users press OK .

Now to the group Remote Desktop Users a user with a regular account will be added Access1. To apply the changes, click OK .

7. If you use a third-party one, you will need to configure it additionally, namely, open TCP port 3389. If you only have the built-in Windows firewall running, then you don’t need to do anything, it will be configured automatically as soon as we have allowed the use of remote desktop on the computer .

This completes the basic setup of the remote computer.

Network settings, port forwarding

As mentioned above, for remote desktop access you need a static IP address.

If you do not have any routers and the Internet cable goes directly to the computer, then skip this section and move on to the next one. If you use a router, you need to make additional settings on it.

If you plan to use the remote desktop only on a local network, then it will be enough to just assign a local IP to the desired computer (follow the first part, without port forwarding). If you need access from outside, then you also need . To open access to the remote desktop you need to forward TCP port 3389.

Setting up a remote desktop connection

Let's go directly to connecting to a remote desktop, that is, settings on the client side.

1. Let's launch .

You can do this in Windows 7 through the menu Start - All programs - Standard - Remote Desktop Connection .

In Windows 8 it is convenient to launch through search. Click Start, click on the magnifying glass icon in the upper right corner and start entering the word “deleted” in the search field. From the proposed search options, select Remote Desktop Connection .

On Windows 10: Start - All applications - Standard Windows - Remote Desktop Connection .

2. First of all, let’s check which protocol version is installed. To do this, click on the icon in the upper left corner and select the item About the program .

Checking the desktop protocol version. If 7.0 or higher, then everything is in order, you can connect.

If the protocol version is lower (this is possible on older versions of Windows), then you need to either update it or lower the security level in the settings of the remote computer (i.e. select Allow connections from computers running any version of Remote Desktop (more dangerous) ).

You can download Remote Desktop updates for legacy operating systems using the links below:

3. Specify connection parameters:

In field Computer We register the IP address of the remote computer to which we are going to connect. (Local - if we connect within the local network and real (the one given by the Internet provider) if the remote computer is located outside the local network). I have the first option.

Note. You can find out what external static IP address you have, for example, through the Yandex.Internetometer service.

4. Click To plug .

You will be prompted to enter your credentials. Enter the login and password of any user on the remote computer who has rights to use the remote desktop. In my example it's Admin or Access1. I remind you that accounts must be password protected.

Enter your username and password and check the box next to it Remember credentials , so as not to enter them the next time you connect. Of course, you can only remember your credentials if you are working from a personal computer that is not accessible to unauthorized persons.

Click OK .

A warning will pop up. Put a tick Don't ask for connections to this computer again and press Yes .

If everything is done correctly, you will see the remote desktop in front of you.

Note. I remind you that you cannot simultaneously connect via remote work from several computers under one user. That is, if it is planned that several people will work with the remote computer at the same time, then for each you will need to create a separate user and grant rights to use the remote desktop. This is done on a remote computer, as discussed at the beginning of the article.

Additional Remote Desktop Settings

Now a few words about additional settings for connecting to a remote desktop.

To open the settings menu, click on Options .

General tab

Here you can change connection settings. By clicking on the edit link, you can edit the user name and connection password.

You can save the already configured connection settings. Click on the button Save as and choose a place, for example, Desktop . Now on Desktop A shortcut will appear that immediately launches a remote desktop connection without the need to specify parameters. This is very convenient, especially if you periodically work with several remote computers or if you don’t configure it for yourself and don’t want to confuse users.

Screen tab

On the tab Screen you can specify the size of the remote desktop (whether it will occupy the entire screen of your monitor or be displayed in a small separate window).

You can also choose the color depth. If your Internet connection speed is slow, it is recommended to select a lower depth.

Local Resources tab

Here you can configure the sound parameters (play it on the remote computer or on the client computer, etc.), the order of using Windows hotkey combinations (such as Ctrl+Alt+Del, Ctrl+C, etc.) when working with the remote desktop .

One of the most useful sections here is Local devices and resources . By checking the box Printer, you get the ability to print documents from a remote desktop to your local printer. Check mark Clipboard activates a single clipboard between the remote desktop and your computer. That is, you can use normal copy and paste operations to transfer files, folders, etc. from a remote computer to yours and vice versa.

Clicking the button More details, you will be taken to the settings menu where you can connect additional devices on your computer to the remote desktop.

For example, you want to have access to your disk when working on a remote computer D. Then click on the plus sign opposite Devices to expand the list and tick the disk D. Click OK .

Now when you connect to a remote desktop, you will see and access your disk D through Conductor as if it were physically connected to the remote computer.

Advanced tab

Here you can choose the connection speed to achieve maximum performance, as well as set the display of the desktop background, visual effects, etc.

Removing a Remote Desktop Connection

Finally, let's consider how to delete a remote desktop connection. When is it needed? For example, you used to have remote access to your computer, but now there is no need for this, or you even need to prevent strangers from connecting to the remote desktop of your computer. It's very easy to do.

1. Open Control Panel - system and safety - System, as they did at the beginning of the article.

2. In the left column, click on Setting up remote access .

3. In the section Remote Desktop choose:

- Don't allow connections to this computer

Ready. Now no one will be able to connect to you via remote desktop.