How to Access Windows Remote Desktop Over the Internet
By default, Windows Remote Desktop will only work on your local network. To access Remote Desktop over the Internet, you’ll need to use a VPN or forward ports on your router.
We’ve covered several solutions for accessing your desktop remotely over the Internet. However, if you have a Professional, Enterprise, or Ultimate edition of Windows, you already have the full Windows Remote Desktop installed. Home versions of Windows only have the remote desktop client for letting you connect to machines, but you need one of the pricier editions in order to connect to your PC. If you’re using Remote Desktop, getting it set up for access over the internet isn’t too difficult, but you will have to jump through a couple of hoops. Before you get started, enable Remote Desktop on the PC you want to access and make sure you can reach it from other computers on your local network.
Option One: Set Up a VPN
If you create a virtual private network (VPN), you won’t have to expose the Remote Desktop server directly to the Internet. Instead, when you’re away from home, you can connect to the VPN, and your computer will act like it’s part of the same local network as the computer at home, running the Remote Desktop server. This will allow you to access Remote Desktop and other services normally only exposed on your local network.
We’ve covered a number of ways to set up your own home VPN server, including a way to create a VPN server in Windows without any extra software or services.
Setting up a VPN is by far the more secure option when it comes to making Remote Desktop accessible over the internet, and with the right tools, it’s pretty simple to achieve. It is not your only option, though.
Option Two: Expose Remote Desktop Directly to the Internet
You can also skip the VPN and expose the Remote Desktop server directly to the Internet by setting your router to forward Remote Desktop traffic to the PC being accessed. Obviously, doing this opens you up to potential attacks over the internet, so if you go this route you’ll want to understand the risks. Malware and automated hacking apps out there on the internet are pretty much constantly probing your router for weakness like open TCP ports, especially commonly used ports like the one Remote Desktop uses. You should at least make sure you have strong passwords set up on your PC, but even then you’re vulnerable to exploits that might have been discovered but not yet patched. However, while we strongly recommend using a VPN, you can still allow RDP traffic in over your router if that’s your preference.
Set Up a Single PC for Remote Access
The process is pretty straightforward if you just have one PC you want to make accessible over the internet. The PC on which you set up Remote Desktop is already listening for traffic using the Remote Desktop Protocol (RDP). You’ll need to log into your router and have it forward all traffic using TCP port 3389 to the IP address of the PC running Remote Desktop. Since routers have different interfaces, it’s impossible to give instructions specific to you. But for more detailed help, be sure to check out our in-depth guide to port forwarding. Here, we’re just going to run through a quick example using a basic router.
First, you’ll need to know the IP address of the PC running Remote Desktop that you want to connect to. The easiest way to do this is to fire up the Command Prompt and use the
ipconfig
command. In the results, look for the section detailing the network adapter connecting you to the Internet (in our example, it’s “Ethernet Adapter”). In that section, look for the IPv4 address.
Next, you’ll log into your router and locate the Port Forwarding section. Exactly where that is will depend on what router you’re using. In that section, forward TCP port 3389 to the IPv4 address you located previously.
You now should be able to log into Remote Desktop over the internet by connecting to the public IP address your router exposes for your local network.
Remembering that IP address can be tough (especially if it changes), so you also may want to set up a dynamic DNS service so you can always connect with an easy-to-remember domain name. You may also want to set up a static IP address on the computer running the Remote Desktop server. This will ensure that the computer’s internal IP address won’t change—if it does, you’ll have to change your port forwarding configuration.
Change the Port Number or Set Up Multiple PCs for Remote Access
If you have multiple PCs on your local network that you want to be able to access remotely over the internet—or if you have one PC but want to change the default port used for Remote Desktop—you have a little more work cut out for you. Setting up a VPN is still your better option here in terms of ease of setup and security, but there is a way to do it through port forwarding if you want. The trick is that you’ll need to dive into the Registry on each PC to change the TCP port number it uses to listen for Remote Desktop traffic. You then forward ports on the router to each of the PCs individually using the port numbers you set up for them. You can also use this trick even if you have just one PC and want to change away from the default, commonly-used port number. This is arguably a bit more secure than than leaving the default port open.
Before you dive into the Registry, you should also note that some routers allow you to listen for traffic on one external port number, but then forward traffic to a different port number and PC internally. For example, you could have your router listen for traffic coming from the internet on a port number like 55,000 and then forward that traffic to a specific PC on your local network. Using this method, you wouldn’t have to change the ports each PC uses in the Registry. You could do it all on your router. So, check whether your router supports this first. If it does, skip the Registry part of these instructions.
Assuming you’ve got Remote Desktop set up on each of the PCs and it’s working for local access, you’ll need to go to each PC in turn and perform the following steps:
- Get the IP address for that PC using the procedure we outlined previously.
- Use Registry Editor to change the Remote Desktop listening port number on that PC.
- Make notes on which port number goes with which IP address.
Here’s how to do the Registry part of those steps. And our usual standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes.
Open the Registry Editor by hitting Start and typing “regedit.” Press Enter to open Registry Editor and give it permission to make changes to your PC.
In the Registry Editor, use the left sidebar to navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
On the right side, double-click the PortNumber value to open its properties window.
In the properties window, select the “Decimal” option and then type the port number you want to use. What port number you choose is up to you, but be aware that some port numbers are already in use. You can check out Wikipedia’s list of common port assignments to see numbers you shouldn’t use, but network apps installed on your PC may use additional ports. Port numbers can go all the way up to 65,535, though, and if you choose port numbers over 50,000 you should be pretty safe. When you’ve entered the port number you want to use, click “OK.”
You can now close Registry Editor. Make a note of the port number you used, the IP address for that PC, and the name of the PC for good measure. Then move on to the next PC.
When you’re done changing port assignments on all your PCs, you can log into your router and start forwarding each of the ports to the associated PC. If your router allows it, you should also enter the name of the PC just to keep things straight. You can always use the “Application” entry that most routers feature for keeping track of what application a port is assigned to. Just enter the name of the PC followed by something like “_RDP” to keep thing straight.
Once you’re done setting things up, you should be able to log into Remote Desktop over the internet by connecting to the public IP address your router exposes for your local network followed by a colon and then the port number for the PC to which you want to connect. For example, if my public IP was 123.45.67.89 and I’d set up a PC with the port number 55501, I’d connect to “123.45.67.89:55501.”
Of course, you can always save that connection in Remote Desktop by name, so that you don’t have to type in the IP address and port number every time.
It does require a fair bit of setup to get Remote Desktop working over the internet, especially if you don’t use a VPN and even more so if you have multiple computers you want to access. But, once you’ve got the setup done, Remote Desktop provides a pretty powerful and reliable way of accessing your PCs remotely and without requiring any additional services.
No comments:
Post a Comment