dslreports logo
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»


This FAQ text is copyright dslreports.com
Reproduction of all or part only with our permission..
This FAQ is edited by: dpierce See Profile
It was last modified on 2013-10-17 16:59:23

1. General Information

FAQ Updates & Progress

The initial planned FAQ sections are now complete (as of 02/19/05). This FAQ will be updated as the need arises or as questions or changes are requested. Thanks for taking a look at the FAQ.

1. General Information

FAQ Updates
What is this FAQ?
Can anyone contribute?
System Requirements?
What are the benefits?
Where did VNC come from?

2. Software Options
What are the basic software combinations?
Behind firewall with no port forwarding
Other Software: Radmin
Other Software: AdminMagic2

3. Software Setup

Setup OpenSSH
Setup Cygwin
Setup VNC Server
Setup Windows Remote Desktop
Setup SSL-Explorer

4. Firewall Setup

Setup Router
Setup Windows XP Firewall
Can I change the default port 3389 used for Windows XP Remote Desktop?

5. Testing

Connecting using putty with VNC
Connecting using putty with Windows Remote Desktop
Connecting using Windows Remote Desktop Directly
Connecting using VNC directly

* I updated all the pages, as I realized that the images where being hosted on a domain no longer available. Images should now be showing again.

What is this FAQ?

This FAQ gives general information related to setting up the software and firewall to allow a user to connect to the desktop of a remote computer. Usual setup is connecting to your home computer from work.

Can anyone contribute?

Yes! Please allow up to 48 hours for your forum host (dpierce) to approve the submissions. If after 48 hours and you have not seen your submission, please IM the forum Host.

I would also like to take this time to mention other sites that I used to combine all of this information together and sites that offer additional information on this subject:

»www.maths.utas.edu.au/People/Hil ··· vnc.html
»pigtail.net/LRP/printsrv/cygwin- ··· shd.html
»theillustratednetwork.mvps.org/R ··· nd_Users

System Requirements?

There is always the question of: Can this program run on my system?

Answer: YES!

All of these programs use very very little amounts of processor power and memory. As long as you have a broadband connection you should have no problem running the apps mentioned in this FAQ.

What are the benefits?

The benefits of using a SSH server with your choice of remote deskop viewers enables all of your communications, including passwords, to be encrypted. Which means you can view a secure online account at home from work through the viewer without people sniffing your packets to get your password or other information.

Where did VNC come from?

If you want detailed informaion as to the orgins of VNC, check out this article written by Tim Waugh titled Where it came from, where it's going »cyberelk.net/tim/articles/VNC/

2. Software Options

What are the basic software combinations?

For this faq there are a couple of different software combination that could be available. To make it easier for showing I have created a table below:

Stand Alone
Stand Alone Secure
Ultra VNC
a w/ DSMPlugin
Tight VNC
Real VNC
a w/ Personal or Enterprise Edition
Windows Remote Desktop
PCAnywhere $199.95

Behind firewall with no port forwarding

I you are behind a firewall and you have no access to change the port forwarding settings (like behind a college firewall) then try some of these site.


These site will have the host computer connect to their servers through the internet. The remote user then logins into the website and is able to communicate to the host computer. Some of the services are free and some you have to pay for. I have never used any of the services, but others I have talked to say they work just fine.

Other Software: Radmin

Radmin - PC Remote Control Software:


Single User $35

Volume licensing, Helpdesk licensing, Educational discounts available too.

Radmin is the fastest remote control software available. It is optimized for low-bandwidth connections such as modems. Connecting via modem, screen refreshment rate reaches 5-10 updates per second. If connected to a LAN you can work on remote computer with real-time speed, reaching over 100 screen updates per second.


•Operating systems support: Windows 9x/ME/NT4.0/2000/XP/2003*
•Radmin Server can work as a service under all supported operating systems, which allows you to logon and logoff a user remotely.
•Radmin supports Windows NT/2000/XP/2003* user level security. You can give the right of remote control to a specific user or user group.
•If Windows NT security support is switched off, access to a remote computer is controlled by password. Remote Administrator uses a challenge-response password authentication method similar to that used in Windows NT, but with more powerful security keys.
•Supports multiple connections on both server and client sides.
•Supports the controlling of multiple remote computers and the viewing of multiple sessions on one screen.
•View modes include Full-Screen, Scaled and Windowed. Full-Screen mode lets you see the remote screen on the entire screen of your display. Scaled mode lets you see the scaled remote screen in a window with a user defined size.
•Radmin uses a video hook kernel mode driver under Windows NT 4.0 to improve performance. This lets you work on a remote computer with an incredible 'real-time' update speed (hundreds of screen updates per second). The Win2000/XP/2003 compatible version of the driver will be included in the coming version of Radmin.
•Transfers files to or from a remote computer. With Radmin you can easily drag and drop files via Explorer-like interface.
•Lets you remotely shutdown a computer without having to connect in remote screen mode.
•Radmin server provides Telnet access to remote computers when it's Server runs on Windows NT/2000/XP/2003.
•Has multilingual support using one file per language so it is not necessary to download and re-install Radmin for each language. More... More info
•Radmin supports High Resolution modes of up to 2048 X 2048 X 32bit color.

Other Features

•Clipboard transfers
•Remote shutdown
•16 color (4 bits per pixel) network transfer mode
•/stop command kills all running Radmin servers on the computer
•Optional 'Incoming connection' dialog box on server side
•Optional Tray icon on server side with computer IP address tip and current connection list. Tray icon changes its state when an active connection persists and a notification beeps when a user connects to the server.
•Close connection dialog in Viewer
•Some useful registry settings for system administrators to disable some unnecessary Server functions (telnet, file transfer, control, the possibility of changing server settings by a user, etc.)
•Can send Ctrl-Alt-Del to a remote computer
•Reduced network usage in minimized mode of the viewer's remote screen window
•Automatic disconnection of frozen remote screen connections

Radmin Security

A lot of attention was paid to security questions in the Radmin design. Here are some reasons Radmin operations are completely secure:

•Radmin supports Windows NT/2000/XP/2003* user level security. You can give the right of remote control to a specific user or user group.
•If Windows NT security support is switched off, access to a remote computer is controlled by password. Remote Administrator uses a challenge-response password authentication method similar to that used in Windows NT, but with more powerful security keys.
•Radmin prevents incorrect Server configurations. Radmin Server 2.2 does not allow empty passwords.
•Server password protection. New Radmin Server 2.2 actively protects its settings, which are stored in the system registry. Only a user with administrator rights can access this registry branch.
•Remote Administrator works in encrypted mode where all data, screen images, mouse movement and keys are encrypted using 128 bit strong encryption with randomly generated keys.
•Radmin Server has a logging feature where all actions are written to the log file.
•Radmin Server has an IP filter table so access can be restricted to specified IP addresses and networks.
•Radmin has a self-testing code defense that protects its code from being altered.
•All algorithms used in Radmin are industry standard: TWOFISH, MD5.
•New, fully OS-integrated NT security system with NTLMv2 support. Permissions for Radmin connections can be given to users from trusted domains and active directories. Security settings interface is unified with Windows standard.
•Smart protection from password guessing. This protection includes such features as password anti-guessing security delays, banning IP adresses with excessive number of password guess attempts, etc.
•Radmin Server 2.2 starts as a service and doesn't start as an application on Windows NT/2000/XP*, which improves security.

(*) Radmin 2.2 is incompatible with the "switch user" feature of Windows XP or Windows 2003. Radmin 2.2 works fine on Windows XP and Windows 2003 only if this feature is turned off or not used.

Other Software: AdminMagic2

AdminMagic2 - Remote Control:


Single License $99 (US)

Site License for $499.00 (US)

Tools4ever, leading provider of Disk Quota, User Management and Network Management software for all Windows platforms, announced the launch of AdminMagic 2, a completely new version of its popular remote desktop control tool. AdminMagic 2 improves upon performance, reliability and ease of use when controlling remote computers.

•Up and running in 5 minutes
•Affordable; just $99
•Extremely easy to use; wizard based configuration
•No need to visit remote computers
•No software installation on remote computers
•Multiple remote desktops at your fingertips
•Fast; almost realtime performance in LAN environments

•Full remote control of remote computers' desktops
•Wizard-based remote agent deployment
•Remote authentication
•Up and running within 1 minute
•No need to install software on remote computers
•Supports 2003-XP-2000-NT with integrated security
•Control multiple remote desktops simultaneously

New Features Admin Magic 2
•New screen engine: AdminMagic 2 sports a completely new screen engine built from the ground up for maximum performance. Remote controlling PCs in a local area network results in near real-time screen updates.
•Wizard-based remote agent deployment: when launched, AdminMagic 2 improves on ease of use by showing a configuration wizard. This wizard shows you the basics of remote deploying a software agent.
•Remote authentication: a major improvement over the previous version, AdminMagic now features remote authentication, meaning that you can deploy a remote agent using different credentials than your current logon account. This greatly improves usability when connecting to remote sites.

3. Software Setup

Setup OpenSSH

This is a step by step instruction on install OpenSSH for Windows. I used version 3.8.1p1 for the screenshots. You can download the install file from here and save it to the desktop.

Once it is on the desktop you will need to extract the exe installation file. After extracting, double click on the exe file to run the installer.

The first two screens of the installer are normal screens. The first giving you general information about the installation with the simple "Next" or "Cancel" buttons. The next screenshots shows the License Agreement, read it or don't read it that's up to you. But, you have to agree to the terms to install the software.

The components screen you want to select everything (Shortcuts are up to you) and press the next key.

The installation will put the default path of "c:\Program Files\OpenSSH" in to the Install Location textbox. If you want to install somewhere else select "Browse" and pick the location. And then press "Next." The next screen is just the Start Menu folder location and name. Change as needed and press "Install"

This message window will appear during the installation process to edit the password file so that you can login to the SSH server. That process will be discussed later in this step by step. And then finally press the finish button to exit installtion program.

The next screenshot is the two commands you need to execute to setup the groups and password files so that you can login into your SSH server. First go to Start->Run->cmd In the command prompt window type the two following commands:

mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd

those two commands will create the two files with the current users and groups on the windows machine. Additional usage info for mkpasswd:
Usage: mkpasswd [OPTION]... [domain]...
Print /etc/passwd file to stdout

-l,--local print local user accounts
-c,--current print current account, if a domain account
-d,--domain print domain accounts (from current domain
if no domains specified)
-o,--id-offset offset change the default offset (10000) added to uids
in domain accounts.
-g,--local-groups print local group information too
if no domain specified
-m,--no-mount don't use mount points for home dir
-s,--no-sids don't print SIDs in GCOS field
(this affects ntsec)
-p,--path-to-home path use specified path and not user account home dir or / home
-u,--username username only return information for the specified user
-h,--help displays this message
-v,--version version information and exit

One of `-l', `-d' or `-g' must be given.

The install should have installed the OpenSSH server as a service for windows to automatically start on boot. To start the service now type:
net start opensshd

Or go to the Start->Run->services.msc and find the "opensshd" service and right click and press start.

If the service starts then try to login to the server using putty if successful then the installation is complete.

Setup Cygwin

How to install a cygwin (ssh server) on a Windows 2000, WindowsXP, or Windows Server 2003. The ssh server is an emulation of the UNIX environment and OpenSSH toWindows, by Redhat, called Cygwin.

(1) Login as a user with Administrator privilege.

(2) Download cygwin's setup.exe from http://www.cygwin.com/. Once completly downloaded run the setup.exe file.

There will be some basic installation information to begin. You will be selecting a server where it will download the selected files from. Select one of the locations and press next, continue till you get to the screen below.

When a selection screen comes up, click the little View button for "Full" view g,find the line "OpenSSH", click on the word "skip" so that an appears in Column B,

Find the line "cygrunsrv",click on the word "skip" so that an appears in Column B,

Click g to start installing cygwin and ssh.
Size of the basic cygwin system is about 40 Meg, this may take a whileif you have a slow connection.

(3) Right click My Computer,Properties, Advanced, Environment Variables

Click the "New" button to add a new entry to system variables:
variable name is CYGWIN
variable value is ntsec tty

(4) Right click My Computer, Properties, Advanced,Environment Variables

Select the Path variable and click the "Edit" button:
append ;c:\cygwin\bin to the end of the existingvariable string.

(5) Open a cygwin window (by double clicking theg icon), a black screen pops open, type
When the script asks you about "privilege separation beused", answer yes.
When the script asks you about "install sshd as a service", answer yes
When the script asks you for "CYGWIN=",
your answer should be ntsec tty

(6) While you are still in the (black) cygwin screen, startthe sshd service:
cygrunsrv --start sshd
net start sshd

To stop the sshd service, pop open a g cygwin window, type
cygrunsrv --stop sshd
net stop sshd

Setup VNC Server

There are multiple versions of VNC out there on the web. I am going to show you examples of UltraVNC which I particularly like. You can download UltraVNC from »ultravnc.sourceforge.net/downloa ··· load.htm after running the normal installation exe file one of the last screens in the install will look like this:

You want to select the "Register Ultr@VNC Server as a system service" and the "Start or restart Ultr@VNC service." The options for icon locations is entirely up to you. Press the "Next >" button and finish up with the install.

After the installation finished. Right click on the Ultr@VNC icon in the tray and select properties. If the icon isn't there than go to your Start Menu -> Programs -> UltraVNC -> Ultr@VNC Server -> Run Service Helper.

When the properties window comes up you want to do the following:

•Check the Accept Socket Connections and put a password in the textbox (VERY IMPORTANT!!)

•Select the "AUTO" radio button so that the server will pick the 5900 port.

•Check the "Allow Loopback Connections" checkbox.

•Check the "Remove Desktop Wallpaper" checkbox.

Press Apply and then OK. Try to connect to the server. If actually on the server when trying to connect, the screen will go into a loop and and keep displaying the same thing over and over again like two mirros looking at each other. If everything works this step is complete.

Setup Windows Remote Desktop

Enable Your Computer as the Host

You must first enable the Remote Desktop feature on your office computer so that you can control it remotely from another computer. You must be logged on as an administrator or a member of the Administrators group to enable Remote Desktop on your Windows XP Professional-based computer.

1. Open the System folder in Control Panel. Click Start, point to Settings, click Control Panel, and then double-click the System icon.

2. On the Remote tab, select the Allow users to connect remotely to this computer check box, as shown below.

3. Ensure that you have the proper permissions to connect to your computer remotely, and click OK.

Enable Remote Desktop

Setting Encryption Levels (from Microsoft.com)

Data encryption can protect your data by encrypting it on the communications link between the client and the Windows XP Professionalbased computer. Encryption protects against the risk of unauthorized interception of transmitted data. By default, Remote Desktop sessions are encrypted at the highest level of security available (128-bit). However, some older versions of Terminal Services client software do not support this high level of encryption. If your network contains such "legacy" clients, you can set the encryption level of the connection to send and receive data at the highest encryption level supported by the client.

There are two levels of encryption available.

High. The High level encrypts data sent from client to remote computer and from remote computer to client, by using strong 128-bit encryption. Use this level only if you are sure that your client computer supports 128-bit encryption (for example, if it is running Windows XP Professional). Clients that do not support this level of encryption will not be able to connect.

Client Compatible. The Client Compatible level encrypts data sent between the client and the remote computer at the maximum key strength supported by the client. Use this level if your client computer does not support 128-bit encryption.

You can set the encryption level of the connection between the client and the remote computer by enabling the Set client connection encryption level Properties Terminal Services Group Policy setting.

To edit this encryption setting in the Group Policy

1) Goto the Start Menu and click run. In the dialog type gpedit.msc and then press ok.

2) In the Group Policy window, on the left side, goto Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Encryption and Security and then on the right hand side click on Set client connection encryption level.

3) When the dialog comes up. Click enable and select the type of encryption you want. And then press enter and exit out of the Group Policy.

Setup SSL-Explorer

Setup SSL-Explorer - Please bear with as I am going to take more screenshots of some things I have used this portal system for and will need to add more text.

SSL-Explorer is a very nice little tool that I notice being talked about recently in the Networking forum and decided I would take a look at it. I liked it so much I added the install info to this FAQ for everyone to read.

To get started if you want more information click here.

And off we are .... cheesy theme music start now ... ok enough of that.

To start download the latest version of SSL-Explorer from here. I used version 0.1.12 for the screenshots.

The install is a pretty basic install uptill it finishes copying files so we will go through this really quickly. And I will try to go into more detail in the later steps. Basically the install will start out checking your java on your machine. The program has a required version of 1.5.0 of the Java Runtime and if you don't have it on your computer it will download it for you with your permission. I pressed the download and it was away. I forced the setup closed to see what would happen. The third screenshot is the result of terminating the install during the middle of the java download/install. I think its self explanatory.

Moving on we are going through the standard install screenshots. Its all the basics. This is an open source program so you need to agree to the terms of the GNU. Then select destination directory and what you wanted to install. I just installed the Program I DIDN'T install the Source. Its up to you. Then it starts the fun file copying and registering services and fun stuff like that.

This next screenshot starts the actual initial setup of everything. You just need to click on launch server and it will start the service in setup mode and launch a web browser going to the default location. To login the default username password are the same (admin).

This is the first screen that will come up after it launches the webserver and browser. It is where you need to setup you password for you key. Basically SSL-Explorer runs a secure encrypted web server and uses java for VPN. You need to create a key and certificate for the https protocol. You type your password in (twice) and then click on set and select create new key store and click update and then click on the create button.

This page will then be displayed. You can put anything in the alias spot its for your reference. in the hostname make sure you put the specific hostname you will use to access the page externally. Either IP address or Domain name. (note www.yourdomain.com is different from yourdomain.com) If they are not the same you will get a message when you connect saying that the certificate is setup for site www.yourdomain.com and you are accessing it from yourdomain.com. Certificate aren't set in stone you can always edit later if you want. Organizational Unit and Company are your creative message again. Then click on generate. The other two boxes are used for actually buying all out real certificates that are certified and owned. If you want to go through that extra expense go right ahead. I didn't so I won't be able to give you any info on that process. The process though seems pretty straight forward.

This is just the screenshot when I remembered the install was still open. It hides under the web browser when you launch the server. Just click Finish.

If you click on the Admin at the top of the screen you will get a drop down menu and then with sub menus. The following screenshots are from those menus and I will add text for each screenshot when I get a chance.

Once you go through all the settings and change what you want and do what you want and cry if you want because its your party. You want to go back to the Admin menu and select Shutdown server. After confirming shutdown wait about 15 seconds and go in the services dialog. You can get there by going Start->Run->services.msc and pressing ok. Fin the SSL-Explorer and start the server. I did find sometime it takes two times if you try to start it too soon after shutting it down from setup mode. Then just browse to the »www.yourdomain.com and put in your username and password that you setup and start exploring.

4. Firewall Setup

Setup Router

Because there are so many different routers out there, I can't go through the exact procedure to follow to setup port forwarding. The original manual that came with your router (or downloaded from the company webiste) will be able to walk you through connecting to your router's home page and with the needed actions below.

1. If you are using DHCP from your router then you are going to want to create a reserved IP address that is mapped to the MAC address of the nic card in the machine that is going to be remotely accessed.

2. Once that is completed then you are going to need to setup port forwarding to that reserved IP address.

    Forward port 22 for ssh tunnelling
    Forward port 5900 for direct connection to a vnc server
    Forward port 3389 for direct connection to remote desktop

Step-By-Step Instructions on setting up Port Forwarding on many different routers.

Setup Windows XP Firewall

To setup the Windows XP SP2 firewall to allow connection of Remote Desktop, SSH connection to cygwin or openssh, or direct connection to the vnc server here is what you must do:

To open Windows Firewall

1. Click Start and then click Control Panel.
2. In the control panel, click Windows Security Center.
3. Click Windows Firewall.

Once open

1. Make sure that the "Don't allow exceptions" is NOT checked and then click on the Exceptions tab

2a. On the exceptions screen if you want to allow remote desktop click on the remote desktop checkbox and press ok.

2b. If you are going to be connecting through the secure ssh connection to remote desktop or the vnc server then you want to click on the "Add Port" button and put in port 22.

2c. If you are going to be connecting directly to the vnc server without the ssh tunneling then you need to select "Add Port" button and put in port 5900.

Can I change the default port 3389 used for Windows XP Remote Desktop?

Yes! Microsoft has instructions located here.

Some ISP's or firewalls may block the default port 3389, and changing the port may be a successful workaround.

Basic Summary Below:
Run regedit

Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

Modify the decimal value of the portnumber and reboot the computer.

When connecting to this computer with a different port number you will need to manually specify the port. If you are going through a SSL tunnel instead of localhost:3389 you would use localhost:portnumber. If connecting using Remote Desktop directly you would connect as yourhomeip:portnumber. (http://support.microsoft.com/kb/304304/)

5. Testing

Connecting using putty with VNC

Using VNC through a Putty SSH tunnel

Get the latest version of putty (0.59b works).

Step 2.:
Get the Ultra VNC viewer from here http://ultravnc.sourceforge.net/.

Step 3.:
Run putty and setup an SSH connection and tunnel to the VNC server.

In this example we have setup an ssh connection to YOUR_IP_ADDRESS_HERE and given
it the session name BBR .

Finally set up a tunnel from port 5900 to your computer to port 5900 on
the VNC server. (as shown below)

Now you must save the session otherwise you'll need to do it all again
next time you make a connection.

Open the session and make a connection to the SSH server.

Step 4.:
Run the Ultra VNC viewer and make a connection to localhost:5900.

You should have a login prompt from the VNC server machine now.

Connecting using putty with Windows Remote Desktop

Using Remote Desktop through a Putty SSH tunnel

Get the latest version of putty (0.59b works).

Step 2.:
Run putty and setup an SSH connection and tunnel to the server.

In this example we have setup an ssh connection to YOUR_IP_ADDRESS_HERE and given
it the session name LR-S .

Finally set up a tunnel from port 3389 to your computer to port 3389 on Remote Desktop server. (as shown below)

Now you must save the session otherwise you'll need to do it all again
next time you make a connection.

Open the session and make a connection to the SSH server.

Step 3.:
Run the Remote Desktop viewer, or Microsoft Terminal Services Client, and make a connection to localhost:3389.

You should have a login prompt from the remote computer.

If you computer doesn't have Remote Desktop Viewer or Microsoft Terminal Services Client you can download the install from Microsoft.com (»www.microsoft.com/windowsxp/down ··· tdl.mspx)

Connecting using Windows Remote Desktop Directly

To connect directly to a remote computer using Windows Remote Desktop (aka Microsoft Terminal Services Client), first Open the Remote Desktop Connection program. Then put in your ip address or domain name of the computer. And the username and password. If the username and password are left blank the windows computer will prompt you for the username and password after it makes the initial connection. Then just press connect.

There are other options in the Windows Remote Desktop Connection program and their functions are pretty self explanatory. I have included screen shots for your viewing pleasure.

If you computer doesn't have Remote Desktop Viewer or Microsoft Terminal Services Client you can download the install from Microsoft.com (»www.microsoft.com/windowsxp/down ··· tdl.mspx)

Connecting using VNC directly

To connect directly to a remote computer using VNC, first Open the VNC Client program (in this case Ultr@VNC). Then put in your ip address or domain name of the computer. Then just press connect.

If a connection is made it will prompt you for a password.


After a successful connection and password you should now be connected to your remote machine. Below is a screenshot of some of the options in Ultr@VNC. Most of the VNC clients will have similar options.