Thursday, March 27, 2008

Connect to your home computer from anywhere

There are several services which will allow you to connect to your home PC through the Internet (GoToMyPC and PC Anywhere come to mind) but if you have the right operating system and some patience you can do it for free. Here is a quick checklist of the steps you'll need to perform. Each step is detailed below. The machine at home that you are connecting to is called the host. The machine that you are connecting from is called the client.

Checklist:
1. Have an OS that supports Remote Desktop at home (host machine), this means XP Pro or Vista Business/Ultimate. The machine you use to connect from (the client) can be any version of XP or Vista (or even Linux).
2. Enable Remote Desktop on the host.
3. (Optional) Change the port number on the host that Remote Desktop uses.
4. Open the Remote Desktop port on the firewall of the host computer.
5. On your home network, make sure your host computer has a static IP.
6. On your router, forward the port to the host computer's static IP.
7. (Optional) If your ISP gives you a dynamic IP (most do), then get an account at dyndns.org (free) or something similar so you can easily find your network from the Internet.
8. Make sure the host computer is turned on and doesn't go to sleep while you are away.
9. From outside your home, run Remote Desktop Connection on the client machine and give it your dyndns alias name followed by a colon and port number.


Details:
1. Host Operating System. For XP you must have XP Pro. For Vista you must have Vista Business or Vista Ultimate. If you have XP Home or Vista Home, you're out of luck because they don't have Microsoft's Remote Desktop service. You can still use a service like GoToMyPC and PC Anywhere .

2. Assuming you have an OS that has the Remote Desktop service, you'll need to enable it. By default it's disabled for security reasons.
XP Pro - Right-click on My Computer and select Properties. Click the Remote tab and check Allow users to connect.. in the Remote Desktop section. You can then select which users are allowed to connect.

Vista Business/Ultimate- Right-click on Computer and click the Remote Settings link. In the System Properties dialog click one of the two lower options in the Remote Desktop section. The Help me choose link should help you choose which one. You can then select which users can remote connect in.

WARNING: Windows will let you select any user, even if they don't have a password, including the Guest account. If you plan to allow connections from the Internet it would be a REALLY BAD IDEA to allow the Guest account access or any account that is not password protected. Otherwise anyone who guessed your IP address or alias could log onto your machine and do anything.

3. Change the port used for Remote Desktop. Although this is completely optional, there are two (maybe three) very good reasons to do it. First, for security; the default port for Remote Desktop is 3389 and anyone who might want to break into your computer knows this. So, by changing it, you are making it a little more difficult for the casual hacker to find you. Second, many workplaces may block outbound traffic on 3389 precisely because they don't want people using Remote Desktop to connect to a machine which may be unsecured. If you change to a port that is allowed from wherever you may be connecting from, you'll be able to get through. I use port 8080 because this port is sometimes used for web servers (and is a high number out of the well known port range) and is thus usually open to outbound traffic but it is unlikely that you are using it for anything else. You need to pick a port that you are not using for something else. Thus, if you are running a web server on the standard port 80, you don't want to set up Remote Desktop to use port 80. To change the port, you need to edit the registry. The registry key that needs to be changed is the same for XP and Vista:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
The third potential reason to change the port number is that if you want to have multiple host machines on your network, they must use different ports to avoid collisions.

4. Open the port used by Remote Desktop on the firewall on the host machine . If you didn't change the port, then this will be 3389 (and the firewall was probably already adjusted when you enabled Remote Desktop), otherwise you need to open the port for whatever you set in the previous step. The firewall settings can be found in the Control Panel.

Steps 5-6 only apply if you have a home network with a router
5. Make sure your machine has a static IP address on your home network (for example: 192.168.1.42). You can either set this up through the Network Settings of the machine or (with some routers) tell the router to always assign the same IP address through DHCP to your machine.

6. On your router, forward the port to the IP address of the machine. Every router has a different way of doing this. You only need the TCP protocol, not UDP. For my example I would forward any incoming TCP traffic on port 8080 to the IP address 192.168.1.42. Here's what the screen looks like on my Linksys router. Note the text in the Application column is informative only, it doesn't do anything.


7. Most ISPs give you a dynamic IP address which means it could change anytime; although it usually doesn't change very often. There are many ways to find out the IP address that your ISP gave you if you are at home. You can check your router settings or you can visit one of many web sites that will tell you such as findmyip.com or kmwTech.com. When you are NOT at home, however, it is difficult to find your home IP address unless you already know it from the last time that you were at home. Of course it could have changed since you left the house.
There are many ways to overcome this but the easiest that I've found is to use a free service called DynDNS. This service will give you a domain name (like myhouse.dyndns.org) that will not change. Then, by installing some software on one of your computers at home, it keeps track of your IP address. Many routers (including my Linksys WRT54G) know how to update DynDNS so you don't even have to install any software on one of your computers, the router keeps DynDNS informed whenever it detects that your IP address has changed. This step is optional but very handy so you don't have to keep track of your own IP address.

8. Make sure your computer at home is on and doesn't go to sleep while you are out trying to remote connect in. Seems obvious but still worth mentioning.

9. Now the fun part, from work or your laptop or your friend's house or wherever run the Remote Desktop client. This is found in Start>Programs>Accessories>Remote Desktop Connection.


You'll be asked for your user name and password to log onto the machine. Check out the options to set screen resolution, sound etc. Of course if you didn't take my advice in step 7, substitute your IP address for the DynDNS alias.
Note that using your DynDNS alias or outside IP address from inside your own network might not work. To test within your network, use your local IP address and port. In this example it would be 192.168.1.42:8080.

Links:

Windows XP FAQ on Remote Desktop
Set Up Remote Desktop Web Connection with Windows XPGoogle Remote Desktop

No comments: