This is a work-in-progress. Message me with edits or revisions if you want to contribute. This project will take approximately 10-20 minutes depending on which option you take.
Disclaimer
Any remote access to your home machine, especially one not using a VPN, is a big security threat. It makes sense to do everything you reasonably can do to minimize this threat. Using the known port for RDP is one risk, simple passwords are another, and the biggest one is the user not even being aware of these threats. I am not responsible for any damage that may be incurred through the advice put forth in this guide. Proceed at your own discretion.
Method A: Utilize External IP Address (Novice)
1. Create a User Account Password
Start -> Control Panel -> User Accounts -> Change an Account -> Account Name -> Create a Password
2. Enable Remote Access
Start -> Right Click My Computer -> Properties -> Remote* -> Allow Users to Connect Remotely to this Computer
*Vista and Windows 7 users needs to Change Advanced Settings after Properties
3. Determine MAC Address
Start -> Run -> Type “cmd” -> Ok -> Type “ipconfig –all” -> scroll up to Physical Address -> Write down MAC Address (series of numbers/letters)
4. Assign a Fixed IP Address
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Scroll to Static IP Assign (Location depends on Router, check manual) -> Type MAC Address to blank field -> Set corresponding internal IP Address of your choosing → Save Settings
5. Forward Port 3389
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Application and Gaming (Location depends on Router, check manual) -> Type Policy Name -> Type "3389" to Port Option -> Select TCP or Both for Protocol Method --> Type IP Address to blank field -> Save Settings
6. Determine External IP Address
Start -> Browser -> Go to www.whatsmyip.org -> Copy external IP Address
7. Set up Remote Desktop Connection Settings (2nd Computer)
Start -> All Programs -> Accessories -> Remote Desktop -> Fill in external IP Address -> Fill in Login Information -> Configure any other Settings -> Save Settings
8. Use Remote Desktop Connection
Start -> All Programs -> Accessories -> Remote Desktop -> Connect
Method B: Utilize DNS Server (Expert)
1. Create a User Account Password
Start -> Control Panel -> User Accounts -> Change an Account -> Account Name -> Create a Password
2. Enable Remote Access
Start -> Right Click My Computer -> Properties -> Remote* -> Allow Users to Connect Remotely to this Computer
*Vista and Windows 7 users needs to Change Advanced Settings after Properties
3. Determine MAC Address
Start -> Run -> Type “cmd” -> Ok -> Type “ipconfig –all” -> scroll up to Physical Address -> Write down MAC Address (series of numbers/letters)
4. Assign a Fixed IP Address
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Scroll to Static IP Assign (Location depends on Router, check manual) -> Type MAC Address to blank field -> Set corresponding internal IP Address of your choosing → Save Settings
5. Forward Port 3389
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Application and Gaming (Location depends on Router, check manual) -> Type Policy Name -> Type "3389" to Port Option -> Select TCP or Both for Protocol Method --> Type IP Address to blank field -> Save Settings
6. Set up DNS Alias
Start -> Browser -> Go to www.dyndns.org -> Create Account (Top Right) -> Fill in Information Blanks -> Follow Steps to Complete Registration -> Go to My Services -> Add Hostname -> Fill in Information Blanks (Leave Service Type as Host with IP Address)
7. Forward DNS Settings
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> DDNS (Location depends on Router, check manual) -> Select dyndns.org -> Fill in Account and Alias Information -> Save Settings
8. Set up IP Address Updater
Start -> Browser -> Go to www.dyndns.org -> Support -> Update Clients (Left Side) -> Download Updater -> Install Updater -> Run and Configure Updater Settings
9. Set up Remote Desktop Connection Settings (2nd Computer)
Start -> All Programs -> Accessories -> Remote Desktop -> Fill in DNS Alias as the Target -> Fill in Login Information -> Configure any other Settings -> Save Settings
10. Use Remote Desktop Connection
Start -> All Programs -> Accessories -> Remote Desktop -> Connect
Additional Considerations
Ethernet Trace
Its a good idea after setting up the port forward, but before enabling remote desktop on the target machine, to leave an ethernet trace running on the target machine. This will give an idea at that time if anyone is trying to hack in. (Credit to robmurphy)
Strong Passwords
Make sure the target machine has "strong" passwords. Remember this is securing access from all of the web, and not just from your local network, or keyboard. (Credit to robmurphy)
Default Port
Using the default port is not advised. If someone runs a port scan and sees the default port for RDP open its a fair chance they will assume rightly its for RDP. I know its a registry change but you can change the port used for RDP. I changed the port my machine uses for RDP to an unused port (chosen at random). While its only a little more security it all helps, and as its a normally unused port the hacker will have to guess what the port is for. (Credit to robmurphy)
Frequently Asked Questions
Q. How does Remote Desktop compare to GoToMyPC, Teamviewer, LogMeIn
How is it comparing to gotomyPC.
A. Those applications do the work of bypassing NAT for you whereas remote desktop doesn't. Deciding which solution is better is up to personal preference. If your needs are within their service feature (Free or Paid), and you do not mind that your info is mitigated by someone else's server, then it is an easy solution. (Credits to Tbirdkid, JackMDS)
Q. Do I need to use a DNS Server?
A. You do not always need the DNS. Usually, a public IP address is dynamic but changes rarely. If users already know their external IP address they do not need a DNS name for it. (Credit to robmurphy)
Disclaimer
Any remote access to your home machine, especially one not using a VPN, is a big security threat. It makes sense to do everything you reasonably can do to minimize this threat. Using the known port for RDP is one risk, simple passwords are another, and the biggest one is the user not even being aware of these threats. I am not responsible for any damage that may be incurred through the advice put forth in this guide. Proceed at your own discretion.
Method A: Utilize External IP Address (Novice)
1. Create a User Account Password
Start -> Control Panel -> User Accounts -> Change an Account -> Account Name -> Create a Password
2. Enable Remote Access
Start -> Right Click My Computer -> Properties -> Remote* -> Allow Users to Connect Remotely to this Computer
*Vista and Windows 7 users needs to Change Advanced Settings after Properties
3. Determine MAC Address
Start -> Run -> Type “cmd” -> Ok -> Type “ipconfig –all” -> scroll up to Physical Address -> Write down MAC Address (series of numbers/letters)
4. Assign a Fixed IP Address
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Scroll to Static IP Assign (Location depends on Router, check manual) -> Type MAC Address to blank field -> Set corresponding internal IP Address of your choosing → Save Settings
5. Forward Port 3389
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Application and Gaming (Location depends on Router, check manual) -> Type Policy Name -> Type "3389" to Port Option -> Select TCP or Both for Protocol Method --> Type IP Address to blank field -> Save Settings
6. Determine External IP Address
Start -> Browser -> Go to www.whatsmyip.org -> Copy external IP Address
7. Set up Remote Desktop Connection Settings (2nd Computer)
Start -> All Programs -> Accessories -> Remote Desktop -> Fill in external IP Address -> Fill in Login Information -> Configure any other Settings -> Save Settings
8. Use Remote Desktop Connection
Start -> All Programs -> Accessories -> Remote Desktop -> Connect
Method B: Utilize DNS Server (Expert)
1. Create a User Account Password
Start -> Control Panel -> User Accounts -> Change an Account -> Account Name -> Create a Password
2. Enable Remote Access
Start -> Right Click My Computer -> Properties -> Remote* -> Allow Users to Connect Remotely to this Computer
*Vista and Windows 7 users needs to Change Advanced Settings after Properties
3. Determine MAC Address
Start -> Run -> Type “cmd” -> Ok -> Type “ipconfig –all” -> scroll up to Physical Address -> Write down MAC Address (series of numbers/letters)
4. Assign a Fixed IP Address
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Scroll to Static IP Assign (Location depends on Router, check manual) -> Type MAC Address to blank field -> Set corresponding internal IP Address of your choosing → Save Settings
5. Forward Port 3389
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> Application and Gaming (Location depends on Router, check manual) -> Type Policy Name -> Type "3389" to Port Option -> Select TCP or Both for Protocol Method --> Type IP Address to blank field -> Save Settings
6. Set up DNS Alias
Start -> Browser -> Go to www.dyndns.org -> Create Account (Top Right) -> Fill in Information Blanks -> Follow Steps to Complete Registration -> Go to My Services -> Add Hostname -> Fill in Information Blanks (Leave Service Type as Host with IP Address)
7. Forward DNS Settings
Start -> Browser -> Go to Router IP Address (Gateway; usually 192.168.1.1) -> DDNS (Location depends on Router, check manual) -> Select dyndns.org -> Fill in Account and Alias Information -> Save Settings
8. Set up IP Address Updater
Start -> Browser -> Go to www.dyndns.org -> Support -> Update Clients (Left Side) -> Download Updater -> Install Updater -> Run and Configure Updater Settings
9. Set up Remote Desktop Connection Settings (2nd Computer)
Start -> All Programs -> Accessories -> Remote Desktop -> Fill in DNS Alias as the Target -> Fill in Login Information -> Configure any other Settings -> Save Settings
10. Use Remote Desktop Connection
Start -> All Programs -> Accessories -> Remote Desktop -> Connect
Additional Considerations
Ethernet Trace
Its a good idea after setting up the port forward, but before enabling remote desktop on the target machine, to leave an ethernet trace running on the target machine. This will give an idea at that time if anyone is trying to hack in. (Credit to robmurphy)
Strong Passwords
Make sure the target machine has "strong" passwords. Remember this is securing access from all of the web, and not just from your local network, or keyboard. (Credit to robmurphy)
Default Port
Using the default port is not advised. If someone runs a port scan and sees the default port for RDP open its a fair chance they will assume rightly its for RDP. I know its a registry change but you can change the port used for RDP. I changed the port my machine uses for RDP to an unused port (chosen at random). While its only a little more security it all helps, and as its a normally unused port the hacker will have to guess what the port is for. (Credit to robmurphy)
Frequently Asked Questions
Q. How does Remote Desktop compare to GoToMyPC, Teamviewer, LogMeIn
How is it comparing to gotomyPC.
A. Those applications do the work of bypassing NAT for you whereas remote desktop doesn't. Deciding which solution is better is up to personal preference. If your needs are within their service feature (Free or Paid), and you do not mind that your info is mitigated by someone else's server, then it is an easy solution. (Credits to Tbirdkid, JackMDS)
Q. Do I need to use a DNS Server?
A. You do not always need the DNS. Usually, a public IP address is dynamic but changes rarely. If users already know their external IP address they do not need a DNS name for it. (Credit to robmurphy)
Last edited: