Remote-access Guide

microsoft remote access server 2008

by Susanna Heidenreich Published 2 years ago Updated 2 years ago
image

  • Log on to your Windows Server 2008 computer as an administrator. Click Start, and then click Server Manager.
  • Right-click Roles, and then click Add Roles. The Add Roles Wizard appears.
  • On the Before You Begin page, click Next.
  • On the Select Server Roles page, select Terminal Services. Then, click Next.
  • On the Terminal Services page, click Next.
  • On the Role Services page, select TS Gateway. When prompted, click Add Required Role Services. Then, click Next.
  • On the Server Authentication Certificate page, select an SSL certificate, and then click Next.

Full Answer

How do I enable remote access on Windows Server 2008 R2?

To enable Remote Access, open the Routing and Remote Access console from the Administrative Tools menu, right-click the computer running Windows Server 2008 R2 that you want to host this role, and then click Configure And Enable Routing And Remote Access. Performing this action starts the Routing And Remote Access Server Setup Wizard.

How do I install the remote access role using Server Manager?

You can use the following procedure to install the Remote Access role using Server Manager. On the VPN server, in Server Manager, select Manage and select Add Roles and Features. The Add Roles and Features Wizard opens. On the Before you begin page, select Next.

How do I create a new role in Windows Server 2008?

Log on to your Windows Server 2008 computer as an administrator. Click Start, and then click Server Manager. Right-click Roles, and then click Add Roles. The Add Roles Wizard appears. On the Before You Begin page, click Next.

How do I configure the routing and remote access Microsoft Management Console?

The Routing and Remote Access Microsoft Management Console (MMC) opens. Right-click the VPN server, then select Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard opens. In the Welcome to the Routing and Remote Access Server Setup Wizard, select Next.

image

How do I give remote access to a server 2008 R2?

Enable Windows Server 2008 R2 Remote Desktop ServicesOn the Windows ® Server 2008 R2 computer, click Start > Administrative Tools > Server Manager. ... Click Roles, and then click Add Roles. ... Select Remote Desktop Services, and then click Next. ... Select the Remote Desktop Session Host and Remote Desktop Licensing check boxes.More items...

How do I setup Remote Desktop on Windows Server 2008?

How to configure Remote Desktop in Windows Server 2008 R2 step by...Step 1: Begin the installation. ... Step 2: Select Remote Desktop Services roles you want to install. ... Step 3: Pick the license mode. ... Step 4: Allow access to Remote Desktop Session Host (not required) ... Step 5: Configure the client experience.More items...•

Does Microsoft still support Server 2008?

Versions of Windows Server that have reached or are reaching the end of extended support are: Extended support for Windows Server 2008 and Windows Server 2008 R2 ended on January 14, 2020.

What is Microsoft Remote Access Server?

Remote Access is a server role in Microsoft Windows Server 2012 and Windows Server 2012 R2 that provides administrators with a dashboard for managing, configuring and monitoring network access. Remote Access can be installed using the Add Roles and Features Wizard.

How do I setup a remote desktop server?

In Server Manager, click Remote Desktop Services > Servers. Right-click the server with the Remote Desktop Licensing role installed and select RD Licensing Manager. In RD Licensing Manager, select the server, and then click Action > Activate Server. Accept the default values in the Activate Server Wizard.

How do I setup Remote Desktop Services?

ProcedureLog in to the RDS host as an administrator.Start Server Manager.Select Add roles and features.On the Select Installation Type page, select Role-based or feature-based installation.On the Select Destination Server page, select a server.On the Select Server Roles page, select Remote Desktop Services.More items...•

Is Windows Server 2008 free?

Download and evaluate Windows Server 2008. You'll have the opportunity to try new and improved features and functionality of Windows Server 2008 free for 180 days. To find out more about Windows Server 2008, please visit the product homepage.

Can I still activate server 2008 R2?

Announced by Microsoft on March 12, on January 14, 2020, Windows 7 and Windows Server 2008/2008 R2 will go out of support, and soon thereafter Office 2010. Out of support means that there will no longer be any development or security patches released for these operating systems.

When did server 2008 end of life?

January 14, 2020On January 14, 2020, support for Windows Server 2008 and 2008 R2 came to an end. End of support or end of life refers to the date when Microsoft no longer provides automatic fixes, security updates, or online technical assistance.

Is Ras the same as VPN?

Information sent over a VPN is secure, it«s both authenticated and encrypted, while information sent via RAS lacks these security features. Although RAS served a purpose in providing LAN access to remote users, its time has clearly passed.

What is the difference between RDP and RDS?

(Previously, RDS was called Terminal Server) All operations take place server-side, not on a user machine. Many people ask “What is the difference between RDP and RDS?” To tell the truth, there is no difference.

How does Microsoft RDP work?

How does a remote desktop work? Remote desktop software captures a device's screen and mouse and keyboard inputs and transmits them to another device, where a user can view or control it remotely. Tech support professionals often use remote desktop connectivity to troubleshoot live fixes on a client's computer.

What is port for RDP?

Overview. Remote Desktop Protocol (RDP) is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389.

What is the new name of terminal server?

Terminal Services has been renamed to Remote Desktop Services.

How to enable remote access to a server?

To enable Remote Access, open the Routing and Remote Access console from the Administrative Tools menu, right-click the computer running Windows Server 2008 R2 that you want to host this role, and then click Configure And Enable Routing And Remote Access. Performing this action starts the Routing And Remote Access Server Setup Wizard. The configuration page of this wizard, shown in Figure 9-1, allows you to select the combination of services that this particular server will provide. The Remote Access (Dial-Up Or VPN) option is selected when you want to provide either remote access option or both options to clients outside your organization.

What is VPN in Windows Server 2008 R2?

Windows Server 2008 R2 supports four different VPN protocols: Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol over IPsec (L2TP/IPsec), Secure Socket Tunneling Protocol (SSTP), and IKEv2. The factors that will influence the protocol you choose to deploy in your own network environment include client operating system, certificate infrastructure, and how your organization’s firewall is deployed.

What is EAP TLS?

Extensible Authentication Protocol-Transport Level Security (EAP-TLS) This is the protocol that you deploy when your VPN clients are able to authenticate using smart cards or digital certificates. EAP-TLS is not supported on stand-alone servers and can be implemented only when the server hosting the RAS role service is a member of an AD DS domain.

How to configure a RADIUS client?

To configure a RADIUS client using NPS, open the Network Policy Server console from the Administrative Tools menu. Right-click RADIUS Clients and then click New RADIUS Client. This will open the dialog box shown in Figure 9-6.

How to write log files to remote share?

Log files can be written to remote shares. This is done by specifying the UNC path of the share. If you configure this option, it will be necessary to ensure that the share permissions are configured to allow the account that writes the logs to write data to the shared folder. The Log File tab of the Local File Logging properties dialog box is shown in Figure 9-8.

Does DirectAccess require user intervention?

The connection process is automatic and does not require user intervention or logon. The DirectAccess connection process starts from the moment the computer connects to an active network. From the user’s perspective, the computer always has access to the corporate intranet, whether she is sitting at her desk or when she has just connected to a Wi-Fi hotspot at a beachside cafe. Traditionally, users must initiate VPN connections to the corporate intranet manually.

Is DirectAccess bidirectional?

DirectAccess is bidirectional, with servers on the intra net being able to interact with the client running Windows 7 in the same way that they would if the client was connected to the LAN . In many traditional VPN solutions, the client can access the intranet, but servers on the intranet cannot initiate communication with the client.

How to connect to a remote system?

You can simply enter the IP of the system that you wish to connect remotely to and hit Connect or configure advanced options for managing your connection. For instance, in the General tab, login credentials can be entered to automatically login to the system that you are connecting to (e.g. Domain admin credentials). To visit Advanced Options, click Options button to expand the interface.

How to remotely connect to a computer?

To make sure that your system can remotely connect, go to Computer (My Computer) Properties from the right-click context menu to enable incoming remote desktop connections. Click on Advanced System Settings and move over to the Remote tab. From here select Allow Connections Running Remote Desktop With Network Level Authentication ...

Where to place remote access server?

Network and server topology: With DirectAccess, you can place your Remote Access server at the edge of your intranet or behind a network address translation (NAT) device or a firewall.

Where is a remote access server deployed?

The Remote Access server must be a domain member. The server can be deployed at the edge of the internal network, or behind an edge firewall or other device.

What permissions do remote access users need?

Admins who deploy a Remote Access server require local administrator permissions on the server and domain user permissions. In addition, the administrator requires permissions for the GPOs that are used for DirectAccess deployment.

What is DirectAccess configuration?

DirectAccess provides a configuration that supports remote management of DirectAccess clients. You can use a deployment wizard option that limits the creation of policies to only those needed for remote management of client computers.

What is DirectAccess client?

DirectAccess client computers are connected to the intranet whenever they are connected to the Internet, regardless of whether the user has signed in to the computer. They can be managed as intranet resources and kept current with Group Policy changes, operating system updates, antimalware updates, and other organizational changes.

What is DirectAccess Remote Client Management?

The DirectAccess Remote Client Management deployment scenario uses DirectAccess to maintain clients over the Internet. This section explains the scenario, including its phases, roles, features, and links to additional resources.

How many domain controllers are required for remote access?

At least one domain controller. The Remote Access servers and DirectAccess clients must be domain members.

What is a remediation server?

Remediation servers generally host software updates and antivirus and anti-spyware definition files and are used to bring a client that has not passed a health check up to date. Remediation servers are accessible from the restricted networks that noncompliant clients are relegated to when they do not pass system health checks. Remediation servers allow these clients to be brought into compliance so that they can have unrestricted access to the network. Remediation server groups are added through the Remediation Server Group node of the Network Policy Server console, as shown in Figure 9-12.

How does server isolation work?

Server isolation works in a similar way to domain isolation except that instead of applying to all computers within a domain, a server isolation policy applies only to a specific set of servers in a domain. You do this by placing the computer accounts of the servers that will be isolated in a specific OU and then applying a GPO that has an appropriately configured connection security rule to that OU. When enforced, only computers that are members of the domain are able to communicate with the isolated servers. This can be an effective way of protecting servers when you must grant network access to third-party computers. The third-party computers are able to access some network resources, such as intranet web and DNS servers, but you can isolate specific network resources, such as file servers and databases, by configuring server isolation policies.

How to use NAP with DirectAccess?

You can incorporate NAP into your DirectAccess infrastructure as a way of ensuring that clients that are attempting to connect using DirectAccess from remote networks will be successful only if they meet network health requirements . Using NAP with DirectAccess requires similar infrastructure to the NAP IPsec enforcement method. It is necessary to ensure that your organization has at least one HRA as well as CAs that are configured to support NAP, NAP health policy servers, and necessary remediation servers. If your remediation and HRA servers are on the Intranet, you’ll need to perform the following steps:

What happens when a domain is enforced?

When enforced, computers that are members of the domain are isolated from computers that are not members of the domain. It is important to remember that in domain isolation scenarios, isolated computers can initiate communication with hosts outside the domain, such as web servers on the Internet.

What is domain isolation?

Domain isolation uses an AD DS domain, domain membership , and Windows Firewall with Advanced Security Group Policy settings to enforce a policy that forces domain member computers to accept incoming communication requests only from other computers that are members of the same domain. When enforced, computers that are members of the domain are isolated from computers that are not members of the domain. It is important to remember that in domain isolation scenarios, isolated computers can initiate communication with hosts outside the domain, such as web servers on the Internet. However, they will not respond when network communication is initiated from a host outside the domain.

Can third party computers access intranets?

The third-party computers are able to access some network resources, such as intranet web and DNS servers, but you can isolate specific network resources, such as file servers and databases, by configuring server isolation policies.

Can you connect to a server 2008?

You want only healthy computers on your network to be able to connect to a computer running Windows Server 2008 used as an intranet web server role for management tasks, but you want to allow all clients, healthy or unhealthy, to be able to access Web pages on the same servers.

How to install Remote Access Role in VPN?

On the VPN server, in Server Manager, select Manage and select Add Roles and Features. The Add Roles and Features Wizard opens. On the Before you begin page, select Next.

How to start remote access?

Select Start service to start Remote Access. In the Remote Access MMC, right-click the VPN server, then select Properties. In Properties, select the Security tab and do: a. Select Authentication provider and select RADIUS Authentication.

How to select a server from the server pool?

On the Select destination server page, select the Select a server from the server pool option. Under Server Pool, select the local computer and select Next. On the Select server roles page, in Roles, select Remote Access, then Next. On the Select features page, select Next. On the Remote Access page, select Next.

Is RRAS a router or a server?

RRAS is designed to perform well as both a router and a remote access server because it supports a wide array of features. For the purposes of this deployment, you require only a small subset of these features: support for IKEv2 VPN connections and LAN routing.

Where to install a server?

Install the server on your perimeter network between your edge and internal firewalls, with one network adapter connected to the External Perimeter Network, and one network adapter connected to the Internal Perimeter Network.

Can you use a VPN as a RADIUS client?

When you configure the NPS Server on your Organization/Corporate network, you will add this VPN Server as a RADIUS Client. During that configuration, you will use this same shared secret so that the NPS and VPN Servers can communicate. In Add RADIUS Server, review the default settings for: Time-out.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9