Announcement

Collapse
No announcement yet.

Remote user access to server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote user access to server

    Hi,
    This forum has helped in the past, hope can help now. If this is in the wrong place to post I apologize.

    My question is, how can I provide remote access to a share/folder on the server without the whole server being open to the user?

    I've been asked to come up with a low cost-cost effective solution for a user to access an app. on the server.

    The setup is: a Windows 2008r2 server which is being used as an all-in-one (DNS,dhCP,File server,etc.) User OS=Win7 pro.
    They have only one application on the server that they would like one of their users to be able to access from home.

    Looked at the program- "LogMeIn" and was able to access the server. The whole server. I do not want to allow the user to have remote access to the whole server. When they log in I only want them to be able to go to the folder they need to and do their work. Just as if they were on-site connecting to the domain/server.

    I will be looking at Go to my PC" but I'm guessing the results will be the same as above.

    Recommendations on how to accomplish this??
    Thanks in advance.
    J

  • #2
    Re: Remote user access to server

    Enable VPN access for the user and then they can map a drive to the shared folder on the server from home. Then you can lock down the folder permissions so that only the shared folder is accessible.

    Extremely low cost, it's all built in Windows functionality.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Remote user access to server

      Couldn't you run Remote App off the server ?

      Ajw901

      Comment


      • #4
        Re: Remote user access to server

        Remote app is good -- will certificates be required though?
        Alternatively, Terminal Services with the app specified to run at startup
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Remote user access to server

          Hi cruachan, ajw901 and Ossian. Thanks for the feedback.

          Here is what I've done so far. Installed the Remote Access only (no router)/VPN on the server. Opened port 1723 which was mentioned in some of the research I've done. Installed a VPN connection on a test laptop (XPSP3).
          The folder that I needed access to is already shared out. As long as I'm on-site where the server is, I can access the shared folder on the server.
          When I try a test at home I get an error 800 [Unable to establish the VPN connection. Server may be unreachable or security parameters may not be configured properly].

          Tried changing the firewall settings on my home router (2Wire306), but still same error. I'm wondering if I need to make some changes on the company router (Linksys WRT160n) too?

          ajw901 & Ossian: not familiar with Remote App, just a newbie that's had to jump in feet first here. I will research Remote App and maybe give it a try. Anything in particular I need focus on?

          I will be back on-site Tues. and will look into Remote App or any other suggestions you may have.

          Regards- J

          Comment


          • #6
            Re: Remote user access to server

            Originally posted by Jae
            Hi cruachan, ajw901 and Ossian. Thanks for the feedback.

            Here is what I've done so far. Installed the Remote Access only (no router)/VPN on the server. Opened port 1723 which was mentioned in some of the research I've done. Installed a VPN connection on a test laptop (XPSP3).
            The folder that I needed access to is already shared out. As long as I'm on-site where the server is, I can access the shared folder on the server.
            When I try a test at home I get an error 800 [Unable to establish the VPN connection. Server may be unreachable or security parameters may not be configured properly].

            Tried changing the firewall settings on my home router (2Wire306), but still same error. I'm wondering if I need to make some changes on the company router (Linksys WRT160n) too?

            ajw901 & Ossian: not familiar with Remote App, just a newbie that's had to jump in feet first here. I will research Remote App and maybe give it a try. Anything in particular I need focus on?

            I will be back on-site Tues. and will look into Remote App or any other suggestions you may have.

            Regards- J
            - you need to open GRE on your firewall, as well as just PPtP. I forget what port it is, maybe port 47.


            Also - make sure that you can telnet to port 1723 on the VPN server, from itself. I just saw a problem yesterday where Exchange's Store.exe process took the port, and the vpn wouldn't terminate.
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Remote user access to server

              Originally posted by tehcamel View Post
              - you need to open GRE on your firewall, as well as just PPtP. I forget what port it is, maybe port 47.


              Also - make sure that you can telnet to port 1723 on the VPN server, from itself. I just saw a problem yesterday where Exchange's Store.exe process took the port, and the vpn wouldn't terminate.
              GRE is a protocol (protocol number 47, hence why lots of sites tell you to forward port 47), not a port, so can't be forwarded. VPN passthrough has to enabled on most routers to allow the GRE packets through.

              You said you opened Port 1723, is it being forwarded to the VPN server? Also try tehcamel's suggestion of Telnet-ing to port 1723 externally.
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Re: Remote user access to server

                As a completely different apporce, could you not use SaaS?

                You have a 2008r2 network with Windows 7 machines, you should be able ot host out the application from 2008.

                I have never set SaaS up (I am trying to learn, but I have no chance to use it yet), so I am not 100% sure of.. well anything, but this does sound like the perfect case example of SaaS, you have a app, on a sever, that you want everyone to have access to.

                Just a thought, and I will use this as a excuse to investigate SaaS alittle more.

                Wofen
                Good to be back....

                Comment


                • #9
                  Re: Remote user access to server

                  Originally posted by cruachan View Post
                  GRE is a protocol (protocol number 47, hence why lots of sites tell you to forward port 47), not a port, so can't be forwarded. VPN passthrough has to enabled on most routers to allow the GRE packets through.

                  You said you opened Port 1723, is it being forwarded to the VPN server? Also try tehcamel's suggestion of Telnet-ing to port 1723 externally.
                  Whoops :P
                  Well - I knew what i meant, anyway

                  thanks for correcting me though
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: Remote user access to server

                    Hello once again,

                    I've been working on this VPN issue since our last contact (reading posts here & out on internet and trying the various solutions) and have gotten absolutely nowhere. UGH! Have not tried SaS as mentioned below. Otherwise I hope I've answered your questions you've posed to me in your posts below.

                    Here is what I have done so far, hopefully someone can help me see what I am missing. This should not be so hard but my lack of working w/ VPN is showing. Additional suggestions? Feel free to hand hold and give a step by step if you deem necessary.


                    OFFICE SETUP

                    Router - WRN160n (has latest firmware 3.03)
                    Enabled PPTP Passthrough
                    Set to Port Range TCP port to 1723 - 1723,
                    set IP address to that of server (say 192.168.1.57)
                    Checked Enabled

                    NOTES: [tried putting client in DMZ - didn't work]
                    IP addresses coming from server

                    Server - running 2008r2 (single NIC)
                    NOTE: this server has several roles set up (dhcp, dns, print server,
                    remote access,etc.)
                    Installed Remote Access Role (using & checking several different sources)
                    Set it to VPN
                    Test User account is set up for remote access under the Dial-Up tab
                    I can telnet when I'm on-site

                    >> When I am within the building where the server resides I am able to
                    connect to the server via VPN.

                    HOME SETUP

                    2Wire 2700B router

                    Set up port forwarding in the advanced section of Firewall settings

                    Windows Test Clients (Windows XP & Vista)
                    Set up VPN connection
                    Tried setting IP addresses and also Automatically selecting (neither

                    has worked)

                    >>
                    Off-site/at home I am not able to access the VPN server that has been
                    setup. Have gotten the following errors 800, 678 and 808 being the
                    latest


                    That's all I have for now.

                    J

                    Comment


                    • #11
                      Re: Remote user access to server

                      Hello all,

                      Request a close to this thread. Unable to resolve so am having a network engineer coming on-site to help resolve issue. Porbably will be something simple. Can let you know what it turned out to be. A big thanks to all who responded.

                      Jae

                      Comment


                      • #12
                        Re: Remote user access to server

                        i know you've organised for a network engineer, but in te mean time:

                        can you telnet to port 1723 on the router at the office, from outside?
                        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                        Comment


                        • #13
                          Re: Remote user access to server

                          Hi tehcamel,

                          To answer your question, I can telnet and vpn at the office/site but unable to once outside of the network environment.

                          It sure sticks in my craw that I couldn't get this going but sometimes it works out that way.

                          Have a good day.
                          Jae

                          Comment

                          Working...
                          X