Accessing Resources with Terminal Services and Remote Desktops

With local drive mapping now available Windows Server 2003 Terminal Services is a great way to work with computers remotely. Remote Desktop allows access to documents and corporate applications that might not be available on the local machine.

Allowing Remote Desktop Control

By default Remote Desktop is disabled on Windows XP and Windows Server 2003. You need to perform the following to enable Remote Desktop control:

1. Right-click on My Computer and choose Properties.

2. Click on the Remote tab.

3. Click on the Allow Users to Connect Remotely to This Computer check box in the Remote Desktop section.

4. Click on the Select Remote Users to Add Authorized Users to Access This Computer.

Securing Terminal Services

Terminal Services is one of the more popular remote control programs for Windows. It also has a pretty well-known port (3389) and therefore is well port scanned. It is a good practice to change this port to avoid unwanted Remote Desktop connections.

To change the port number that Terminal Services listens on, perform the following:

1. Run Regedt32.exe and navigate to the following key:

   LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\ RDP-Tcp

2. In the Details pane find the PortNumber subkey and double-click on it.

3. In the Base section of the window choose the Decimal radio button. The number now in the Value Data box, by default, will be 3389. Change this to any high port number that is not being used in the company for another service. Before closing the window change the Base value back to Hexadecimal, and then click OK.

4. For the listening port number to take effect, Terminal Services must be restarted. At the command prompt type net stop termservice and then net start termservice .