Remote Desktop Setup

Before You Start
By default, Remote Desktop is turned off. This is a smart move on Microsoft's part because it's one less security vulnerability to worry about. But before you can reach your desktop remotely, you need to turn this feature on.


Figure 1: Enabling Remote Desktop on the host computer

The following steps apply to Windows XP Professional only:

1. Click Start > My Computer.
2. In the left-hand task pane, select View System Information.
3. Select the Remote tab in the window that pops up.
4. Check off the box for Allow Users to Connect Remotely to This Computer (Figure 1). You'll need to have a password on your profile already. Remember, any user account that you wish to access remotely must have a password associated with it!  If you don't, you'll receive a warning prompt.
5. Click OK to finalize the changes.

That's it--your computer is now ready to accept Remote Desktop connections. Now it's a matter of finding it remotely.

Scenario 1: Using Remote Desktop within your network
If you're within a closed network, connecting to a PC using Remote Desktop is quite simple: on the computer you want to connect to (remember it needs to be running Windows XP Professional), click the Start button, then Run. You'll see a retro DOS-looking box--this is the command prompt. From the blinking cursor, type ipconfig. You'll see a list of numbers, one of which is the current IP address of the computer you're connecting to. Once you have the IP address you have all you need to connect to the desktop.

Making the connection from the computer you're sitting at, back to the computer you want to connect to, is simple as well:

1. Click Start > Accessories > Communications > Remote Desktop Connection.
2. A window will pop up (Figure 2) prompting you for an address.
3. In the Computer: field, type in the IP address of the computer you want to connect to. It will likely be a 192.168.x.x number.
4. Click Connect.

Figure 2: The Remote Desktop Connection window

There are some advanced options you can adjust, but in most cases bandwidth isn't an issue when you're on a local network connection, so you can leave them at their defaults.

If you're using something other than Windows XP on the computer you're using as the terminal (i.e., the computer you're using to connect to your main computer), you can still use Remote Desktop. Microsoft has released Remote Desktop clients, free for downloading, for Windows 95, Windows 98, Windows Me, Windows NT 4.0, and Windows 2000.

Scenario 2: Using Remote Desktop outside your network
This is where things get a little more complicated. The procedure for connecting to your desktop remains exactly the same, but the procedure for getting to your desktop requires some thought. This assumes that you have a persistent high-speed connection (cable or DSL)--if you only have dial-up there's not much point in doing this, although it's technically possible (but you'd have to have the patience of a monk).

See which scenario most closely matches your set up:

• If you're connected directly to the Internet with your cable or DSL connection without a firewall, do the same ipconfig procedure described above to get your ISP-assigned IP address. Once you have this IP address, connect to that IP as in Scenario 1. You may want to optimize for bandwidth (see below).
• If you're connected directly to the Internet with your cable or DSL connection protected with a software firewall, do the same ipconfig procedure described above to get your ISP-assigned IP address. You'll need to authorize the remote access through your software firewall, which means the first time you try it you may need to have someone sitting in front of your computer to click the Allow Access button.
• If you're connected directly to the Internet with your cable or DSL connection and you're behind a hardware firewall, you'll need to open port 3389. This is the port that Remote Desktop uses by default, but the procedure for opening this port will be different for every firewall. In most cases it will be found in the port forwarding or security settings for your hardware firewall, and there are two settings you'll need to enter: the external port you're permanently opening to the outside world (port 3389), and the internal computer IP that you're going to route that Remote Desktop Protocol to. The internal IP is how your hardware firewall will know which computer you want to access. You find the internal IP by using the ipconfig procedure described above on the PC you want to control.

The above describes the most typical scenarios, but there's one scenario that needs further explanation.

Multiple PC Remote Desktop
So what happens if you have more than one computer you want to connect to? Microsoft didn't allow for this scenario for SOHO users; enterprise users will likely use VPN and network authentication to be automatically routed to the appropriate resources, but for everyone else a clever solution is needed.

It's time to hack the Windows Registry! This is a fairly simple Registry hack, so as long as you follow the instructions closely, there's little danger of you damaging your system. But, as always, Registry edits should only be done by relatively experienced computer users.


Figure 3: Finding the correct port number registry key to edit

1. Click Start > Run then type regedit.
2. This will start the Windows Registry Editor. You'll need to navigate down through the following directories:

HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Control
Terminal Server
WinStations
RDP-Tcp

3. You should see something that looks very much like Figure 3. Double click on the RDP-Tcp registry entry and the key editing menu will appear (Figure 4).
   
   
   Figure 4: Editing the DWORD value of the port number.
4. Click the radio box for Decimal Base mode--you can't enter a number while it's in Hexadecimal mode. After you make the change, the Value Data field should read 3389. This is the default port--now type a new number, click OK, then reboot the computer. This computer is now ready to accept RDP connections on that port. I typically start at 3389 and go up from there depending on how many computers I want to have access to: 3390, 3391, 3992, etc. There aren't any reserved ports in this range that I'm aware of, so you should be able to add quite a few computers without a problem.
5. Remember that when you re-map a computer to listen on a new port, you also need to update the firewall port redirection accordingly. So instead of having port 3389 push to 192.168.X.X (or whatever the internal IP address is), you need to change it to port 3391 and 192.168.X.X (your settings will be different from mine).
6. When connecting remotely, you need to add the port number after the IP address with a colon. So if your ISP-assigned external IP address is 65.43.X.X, you'll need to add :3396 after it like this: 65.43.X.X:3396.

Figure 5: Adding a custom port number to a Remote Desktop Connection session

Optimizing the Remote Desktop Experience
There are a few things you can do to optimize your connection settings if you're in a low-bandwidth situation. If you have broadband connections on both ends, I find the default settings work fine--it will be fairly snappy and responsive (though there can be slow-downs if your bandwidth speed drops). The following screens show you the options you have for each session.


Figure 6: Setting the Remote Desktop display properties

In most cases you'll want to run Remote Desktop in Full Screen mode, which is the default. If the desktop computer has a higher resolution than that of the computer you're using to make the connection, it will bump the resolution down on the remote device. Full Screen applies to the device you're using to make the connection. Other options include the color bit depth setting (32-bit color takes more bandwidth than 8-bit color), and whether or not to show the thin yellow line up at the top of the screen that allows you to control the Remote Desktop window (the connection bar).


Figure 7: Controlling local resources

The Local Resources tab is fairly straightforward. The first option is for controlling audio on the remote computer--in most cases, especially if you have limited bandwidth, you'll want to leave them at the remote computer (the default). If the remote computer is in a place where the audio may disturb others, you may want to change the option to Do Not Play. If you have bandwidth to spare and are using software that requires audio, you can select the Bring To This Computer option.

The Keyboard option should be left on the default of In Full Screen Mode Only, unless you're not planning on working in full-screen Remote Desktop. The Local Devices options allow you to control which resources you connect to on the remote computer. When you have the Disk Drives option selected it means that on the local computer you'll have access to the drives on the remote computer. This is handy for moving files between computers--you can move text from one clipboard to another, but if you want to move files, you'll need to use the copy/paste function from one drive to another. You can't drag and drop files from a Remote Desktop window to another.

Connecting to a printer allows you to print, and if you have devices connected to the serial port on the remote computer, you can access them by selecting this box first. But what the heck are you doing with serial-based devices anyway? Time to join the next millennium--ditch those serial devices!

There's a Programs tab that will allow you to start a program on your local computer when you connect. I'm sure there are good reasons for needing this feature, but I have yet to use it myself.


Figure 8: The Experience tab

The final tab, Experience (Figure 8), is perhaps the most important one when it comes to optimizing for bandwidth. If you don't want to change the settings yourself, simply select the type of connection you have and it will adjust them for you. Always be sure the Bitmap Caching option is selected--everything else is optional.

Saving Session Settings
Since you're not going to want to configure the settings each time, once you have everything set up the way you want go back to the General tab and select the Save As option. This will create a file that contains all the information you specified. In general, you don't want to save the password with this file--it's a serious security risk to embed your password into a file that could be stolen and used elsewhere.


Figure 9: Saving session details