How can I connect to any windows machine of a network manage by Windows Small Bussiness?

Question

I have to provide helpdesk support for a group of Windows machines that are in a network managed by a Windows Small Business Server (SBS). I would like to do many tasks using remote desktop.

Is it possible to configure the server (using native Microsoft / Windows tools) to obtain the ability to connect using remote desktop to every machine in the network from my remote office?

Most of the tasks I would be looking to complete are those which do not require a physical presence on-site, such as repairing office files, reconfiguring printers, cleaning up hard disks and so forth.

Answer 1

Is it possible to configure the server (using native Microsoft / Windows tools) to obtain the ability to connect using remote desktop to every machine in the network from my remote office?

Yes, it is possible.

The first question if you are in a Windows Small Business Server network is whether this is even necessary? By default, SBS installations provide access to the Remote Web Workplace functionality, typically exposed at the URL https://remote.companyname.tld/remote. Provided that:

1. The Connect to the Internet wizard was run correctly;
2. A suitable SSL certificate installed;
3. The appropriate firewall ports opened in any packet filter between you and the server; and
4. you correctly configured the name remote.companyname.tld to map to the server's publicly accessible IP address in the companyname.tld DNS namespace

then you should be able to connect to https://remote.companyname.tld/remote and log directly into any internal machine. (The tasks listed above are all standard tasks which you need to complete when rolling out an SBS server according to the Microsoft how-tos, documentation and best practices, so I would have expected them to already have been completed).

If you are not using the default administrator account, you may need to make your account a manager of the machines for this purpose to allow remote login, which is possible in the Small Business Server console (under Administrative Tools on the Start Menu).

Provided the machines were joined to the network in the SBS-approved fashion, and nobody has tampered with any of the standard SBS-installed Group Policy Objects (GPOs), this should be all that is necessary to permit remote access from the Internet.

---

You do not need to use the Remote Web Workplace function. This is just a convenient front-end for the Remote Desktop Connection tool found on any Windows workstation. Provided you have a version of this client which supports Remote Desktop Gateways (i.e. version 6.1 or above), you can configure your local workstation to log in to any remote machine without having to bounce through a web browser.

This makes use of the Remote Desktop Gateway functionality, which was configured on your SBS machine when running the Connect to the Internet wizard:

• Open the RDP client; for example, press Start, Run and type mstsc then press OK.

• On the Advanced tab (you may need to expand the Options>> button), press Settings to configure the gateways.

• Pick to connect to a gateway, and specify remote.companyname.tld here -- the same setting which was given in the Connect to the Internet wizard previously.

• On the main page, set the Computer Name field to be the internal name of the machine on the SBS network you want to connect to. For instance, if the machine is called DESKTOP and the SBS domain is SBS.local, you want to enter DESKTOP.SBS.local here.

• Press Connect and enter your credentials when prompted. Be aware authentication is required twice, once to the gateway and once to the remote machine, but if you use an account which is authorised for both tasks, the default configuration will pass those credentials through and use them for both purposes.