2009-07-12

Forward different port to internal service on SonicalWall firewall

Scenario:
You want to use other ports other than 3389 for remote desktop.
The plan is to use wan ip xx.xx.xxx.xxx:4000-xxxx for the other remote desktop users.

Solution one:
You could just forward 4000-xxxx to the windows servers and change the listening port for RDP: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp
Edit PortNumber, change it to decimal and specify the new port number.
Reboot the server

Solution two:
1. Create an Address Object allowing a WAN IP to access the Firewall.
a. Network > Address Object > Click Add button.
b. Name: WAN IP Access
c:Zone Assignment: Host
d. Type : Wan
e. IP Address: Whatever your External IP Address is.
f. Click OK
What you’ve done here is create a way for you to access this firewall from outside the network.

2. Next, create your custom port.
a. Go to Firewall > Services, put a bullet for Custom Services this will make it easier to see.
b. Scroll down to the Services area and click on the Add button.
c. From here is where you:
i. Name the port that you are opening and assign what port to be open.
ii. Protocol: for Remote Desktop is TCP (6)
iii. Port Range: For me I wanted my Remote Desktop users to start Using 9000. So the port Range is 9000-9000.
iv. And Sub Type I left alone. Then click OK .

3. To keep things organized we added Services to a Services Group
a. Click Add Group ex. Remote Desktop; for us since we had more than Remote Desktop users we called it External Ports.
b. Then select your newly created Service from the left column and put it on the right by highlighting and then using the arrow button.
c. Then click OK

4. Next we went to Network > Address Object; place a bullet in Custom Address Objects.
a. Click the Add Button
b. Name: Username PC
c. Zone Assignment: LAN
d. Type: Host
e. IP Address: Enter local IP address of computer or machine ex. 192.168.1.100
f. Click OK

5. Now, below Address Objects select NAT Policies ; place a bullet in Custom Policies.
This is what binds the Outside IP address to the local IP address using your custom port.
a. Original Source: Any (any request from the outside coming to the firewall)
b. Translated: Original (keep the request the same, say if you want to enter through port 3389)
c. Original Destination: Public IP Address (WAN IP/ External IP)
d. Translates: Username PC (Custom Address Objects)
e. Original Service: created Port 9000
f. Translated: Remotes Desktop
g. Interface Inbound: Any
h. Interface Outbound: Any
i. Click ok.

Reference reading:
http://www.sonicwall.com/downloads/C...Forwarding.pdf , Standard is pages 2 to the top of 3.
Above steps enhanced which started on page 3-7.

2009-07-09

Remote Server Administration Tools for Vista

Remote Server Administration Tools (RSAT) for Windows Vista allows administrators to use their Vista machines to manage their Windows 2000, Windows Server 2003, and Windows Server 2008 infrastructure.

1. Downloads:
Microsoft Remote Server Administration Tools for Windows Vista for x86-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4a36-b7fc-d52065de9960&DisplayLang=en

Microsoft Remote Server Administration Tools for Windows Vista for x64-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyID=d647a60b-63fd-4ac5-9243-bd3c497d2bc5&DisplayLang=en


2. Installation and configuration:
After you install this, open Control Panel -> "start Programs and Features"->"Turn Windows Features on or off" -> scroll down to the Remote Server Administration Tools ->turn on the the features you needed, or just simplely turn on all features.

3. To fix missing tab issue of "AD users and computers":
Specifically, in Active Directory Users and Computers (DSA.MSC) when you looked at the properties of a user, you do not see:

Terminal Services Profile
Environment
Sessions
Remote Control

This is a known issue and has now been fixed by MS KB960890: "Some tabs are not available in the properties of a user account in the Active Directory Users and Computers MMC snap-in after you install Remote Server Administration Tools (RSAT) on a computer that is running Windows Vista"
http://support.microsoft.com/default.aspx?scid=kb;EN-US;960890

4. Reference reading:
A guide to install and setup
http://www.trainsignaltraining.com/windows-vista-rsat/2008-04-03/

RSAT and ADUC: Getting the Terminal Services Tabs to Appear in AD Users and Computers
http://blogs.technet.com/askds/archive/2008/03/31/rsat-and-aduc-getting-the-terminal-services-tabs-to-appear-in-ad-users-and-computers.aspx

RSAT (Remote Server Administration Tools): what's included and what's NOT!!
http://trycatch.be/blogs/roggenk/archive/2008/04/08/rsat-remote-server-administration-tools-what-s-included-and-what-s-not.aspx