Instructions 

Windows 10 1703 remote administration tools. Remote administration

Remote administration

System administration involves performing functions aimed at maintaining stable operation office computers and servers. A system administrator is an employee of a company providing IT outsourcing services. Most of the work on administering servers and user workstations can be performed without being behind the configured personal computer or server, such administration is called remote.

Remote control and configuration of computers is carried out over the network. Special remote administration applications are used to send commands. They are graphical (have a GUI) and console (text commands only). I will give examples of such applications: applications with graphical interface:

Windows package - Remote Desktop Services and its client part Remote Desktop Connection.

Console applications used for remote control:

Shh-client.

Telnet clients.

GUI programs allow you to see and control the desktop of a remote computer. The administrator has access to the same functions as when working locally. Some utilities support multiple control methods. For example, DameWare allows you to connect to an active user session. This feature can be useful when troubleshooting computer problems. The administrator will see all user actions, identify patterns of errors and localize them. However, it will not be located near the user’s computer. This becomes very critical when the administrator cannot physically be near the problematic personal computer. Also, remote administration utilities increase the efficiency of administrators and save them time.

Almost all servers are managed using remote administration utilities. After network access is configured and the remote administration service is raised, all work on further configuration and work with this server is transferred to workplace system administrator. You have to approach the server (meaning physically) during moments of network inoperability or work related to replacing server hardware.

You can remotely manage not only personal computers or servers. Remote management is the main way to configure various network hardware, hardware platforms, such as SMS mailers and multimedia platforms. As a rule, such devices have a web administration interface. Any web browser can be used to access it. In addition to the web interface, they usually support work via the telnet and ssh protocols.

For a small company, standard Windows remote control services and clients are quite suitable. The client for connecting to a remote computer is called “Remote Desktop Connection” and is located in the following path:

Start - Programs - Accessories. Once launched, you will be prompted to enter your computer name or IP address. If they are entered correctly and network access to this computer is not restricted in any way, you will be prompted to enter a username and password to gain access. After the information you entered is checked and its accuracy is confirmed, you will see the desktop of the user whose name was specified in the previous step.

If the functions offered by the standard are not enough for you Windows client, and you don’t want to spend money on buying DameWare, pay attention to free analogues. For example, TightVNC for Windows 1.3.8 (www.tightvnc.com). Good review Remote control programs can be found on the website compress.ru (http://www.compress.ru/article.aspx?id=17370&iid=805).

Summarize. Remote administration is designed to reduce the costs of system administration of office computers and servers and is the main way to configure and manage various network devices and other equipment accessible via the network. Using these technologies, an administrator can configure equipment while being hundreds of kilometers away. If you transfer the administration functions of the company to an outsourcer, you do not have to worry that in the event of a breakdown, the company’s work will be stopped while the contractor arrives to eliminate the problem. Most likely, his visit will not be necessary (it may be necessary only in extreme cases due to a hardware malfunction of the computer or its inaccessibility via the network); he will be able to carry out all the necessary actions without leaving his office, located at the other end of the city.

Many who are faced with the problem of the inability to control (or administer) their computer remotely and in real time do not even imagine the existence of remote administration. Frankly, until recently I also did not know about the existence of such a thing. Let's shed light on some subtleties regarding this issue.

Remote administration

So, as mentioned above, remote administration allows you to gain remote access to a specific computer (for example, via the Internet or LAN) and gives you the opportunity to manage your personal computer from a distance.

Essentially, remote administration is new opportunity make your work as comfortable and high-quality as possible, all the time being “online”, distribute your work schedule, consult with colleagues and make effective adjustments at work moments.

Remote administration provides the user with almost full control over a remote computer, in fact, for this purpose, remote administration programs are created, which make it possible to control the desktop, copy and delete files, run applications, etc., while being at a distance.

Remote administration programs

Programs for remote administration on this moment are the most popular. Due to their accessibility to the average user, they are mostly free, support work with all popular operating systems, for smartphones, and in general have long been a “save” for all advanced users. Forgot to download/move a file on your work computer - remote administration will help you. Other actions are required, including changing pictures from the desktop - no problem. The interface is easy to understand for most users, whether they are experienced PC users or not. There are two types of interface: visual and console, so there can be no problems with it. Each of the two types will be discussed in more detail below.

The visual interface gives more possibilities in terms of graphics; Using high-quality pictures allows you to find a particular folder, template or photo much faster. The visual interface is ideal for people who consider themselves not the most experienced PC or smartphone users. Quite often the visual interface is simplified to the maximum.

The console interface has more functions available to the user. According to experienced users, it is more productive and has text strings, allowing you to specify a fairly wide range of commands in a minimum amount of time. The console interface is ideal for embedded system applications, is less expensive and certainly does not require special software.

There are a lot of programs for remote administration, the most famous are:

  • Radmin
  • AnyDesk
  • Team Viewer
  • Windows RDP
But naturally it is best to work with a team of specialists who can help with correct settings remote administration and software configuration in general.

Remote Linux administration

Let's turn our attention to the remote Linux administration. Linux is the general name for Unix-like operating systems, based on the core of the same name. Currently, Linux is leading the market in smartphones, Internet servers, data centers and enterprises, etc. Linux does not require a ton of system or other software and has an excellent set of features that speak for themselves.

The editors hope that the information offered above will allow you to handle remote administration programs more easily. After all, they were invented for our convenience. We wish you good luck; for all questions regarding the purchase of remote administration programs, you can find answers to the links provided in the text.
Subscribe to our channel in Yandex.Zen

Simultaneous work on several computers, of which only one is in front of you, and the rest are even on the other side of the Earth, is not fantastic. To have this wonderful opportunity, all you need is Internet access and a remote control program on each machine.

Remote control programs are bridges that connect the PC or mobile gadget that is in front of you with various computer devices Worldwide. Of course, if you have a key, that is, a password that allows remote connection with them.

The possibilities of programs of this kind are very wide. This includes access to the contents of disks and launching installed applications, and change system settings, and viewing user actions... In short, they allow you to do almost everything on a remote PC that you can do on a local one. Today's article is a review of six free programs remote computer control on Windows based(and not only), one of which is part of the operating system itself.

If you need to establish a connection between two computers or a PC and a mobile device, one of which (remote) is under Windows control, and the second - for Windows, iOS, Android or Mac OS X, sometimes you can do without third party programs(if only Windows computers are involved in the connection). System application“Remote Desktop” is present in all editions of Windows, starting with XP. It is not necessary that both machines have the same version of the OS; you can easily establish a connection, for example, between Windows 10 and Windows 7.

The Microsoft Remote Desktop app for Android and Apple is available for free download on Google Play and the App Store.

What else is needed to create a connection:

  • Remote access permission - configured on the computer that you are going to manage externally.
  • An account with a password on the remote computer. To perform administrative tasks (installing and uninstalling programs, changing system settings, etc.), you need an account with administrator rights.
  • Connecting both machines to the Internet or being on the same local network.
  • On the receiving side - open TCP port 3389 (used by default by Remote Desktop).

How to enable permission

This and further instructions are shown using Windows 10 as an example.

  • Right-click on the “This PC” icon on the desktop. Let's open "Properties".

  • While in the “System” window, click in the transition panel “Settings” remote access" In the “Remote Desktop” section of the window, check the “Allow...” checkbox (it’s better to leave the “Allow authenticated connections only” checkbox). Next, click “Select Users”.

  • To add a user who will be allowed to connect to you remotely, click “Add”. In the “Enter names” field, enter the name of his account on this computer (don’t forget, it must have a password!), click “Check names” and OK.

This completes the setup.

How to configure connection settings

We perform the following steps on the computer from which we will make the remote connection.

  • Click on the search icon in the taskbar and start typing the word “remote”. Select from the found “Remote Desktop Connection”.

  • By default, the application window opens minimized, with only fields for entering the computer name and user data. To access all settings, click the “Show options” arrow. At the bottom of the first tab - “General”, there is a button for saving connection settings to a file. This is useful when you use different settings to connect to different machines.

  • The next tab, “Screen,” allows you to change the image properties of the remote computer’s screen on your monitor. In particular, increase and decrease the resolution, use multiple monitors, change the color depth.

  • Next, let’s configure “ Local resources» - sound from a remote computer, conditions for using keyboard shortcuts, access to a remote printer and clipboard.

  • The parameters of the “Interaction” tab affect the connection speed and the quality of displaying the image from the remote machine on your monitor.

  • The “Advanced” tab allows you to define actions to take when authentication of a remote PC fails, as well as set connection parameters when connecting through a gateway.

  • To start a remote access session, click “Connect.” In the next window, enter the password.

Once the connection is established, the current user's computer session will be terminated and control will pass to you. The user of the remote PC will not be able to see his desktop, since a screensaver will appear on the screen instead.

By following these instructions, you will easily connect to a computer that is on the same network as yours. If the devices are connected to different networks, you will have to make several additional settings.

How to connect to a remote computer via the Internet

There are 2 ways to set up a Remote Worker connection Windows desktop over the Internet - by creating a VPN channel so that devices see each other as if they were on the same local network, and by forwarding port 3389 to local network and changing the dynamic (variable) IP address of the remote machine to a permanent (static) one.

There are plenty of ways to create VPN channels, but describing them all will take quite a lot of space (besides, a lot of information about this can easily be found on the Internet). Therefore, let’s look at one of the simplest ones as an example – using Windows’ own tools.

How to create a VPN channel in Windows

On the remote machine that will be the server:


After that in the folder network connections the “Incoming Connections” component will appear, which will be the VPN server. To ensure that the connection is not blocked by the firewall, do not forget to open TCP port 1723 on the device. And if the server is assigned a local IP address (starting with 10, 172.16 or 192.168), the port will have to be redirected to the external network. How to do this, read below.

On the client computer (Windows 10), setting up the connection is even easier. Launch the “Settings” utility, go to the “Networks and Internet” -> “VPN” section. Click "Add VPN connection".

In the options window, specify:

  • Service provider - Windows.
  • Connection name – any.
  • Server name or address – IP or Domain name the server you created before.
  • VPN type – detect automatically or PPTP.
  • Login data type – login and password (one of the accounts to which you have given access permission). To avoid entering this data every time you connect, enter it in the appropriate fields below and check the “Remember” checkbox.


Port forwarding on the router and obtaining a static IP

Redirection (forwarding) of ports to different devices(routers) is performed in its own way, but the general principle is the same everywhere. Let's look at how this is done using the example of a typical TP-Link home router.

Let’s open the section “Forwarding” and “ Virtual servers" In the right half of the window, click the “Add” button.

In the “Add or edit entry” window, enter the following settings:

  • Service port: 3389 (or 1723 if you are setting up a VPN).
  • The internal port is the same.
  • IP address: computer address (look in the connection properties) or domain name.
  • Protocol: TCP or all.
  • Standard service port: you can not specify it or select it from the PDP list, and for VPN – PPTP.

How to make a changeable IP address permanent

IN standard package Internet service providers for home subscribers, as a rule, only include a dynamic IP address that is constantly changing. And assigning a permanent IP to a user usually costs him a lot of money. So that you do not have to incur extra costs, there are DDNS (dynamic DNS) services, the task of which is to assign a permanent domain name to a device (computer) with a changing network address.

Many DDNS services provide their services for free, but there are also those who charge a small subscription fee for this.

Below is a short list of free DDNS, whose capabilities are more than enough for our task.

The rules for using these services, if they differ, are insignificant: first we register an account, then we confirm the email address, and finally we register the domain name of your device and activate it. After this, your home computer will have its own name on the Internet, for example, 111pc.ddns.net. This name should be specified in the connection settings instead of the IP or local network name.

By the way, some routers only support a small group of DDNS providers, for example, only the oldest and most famous DynDNS (now paid) and No IP. And others, such as Asus, have their own DDNS service. Installing alternative firmware DD-WRT on the router helps remove restrictions.

Pros and cons of using Windows Remote Desktop

The main advantage of proprietary Windows tools before third-party developments is the absence of intermediary servers during the connection, which means reducing the risk of data leakage. In addition, this tool has a lot of flexible settings and, with a skillful approach, can become an “impregnable fortress” and a “space rocket.”

Other advantages of the Windows desktop are that there is no need to download anything, there are no restrictions on session duration, the number of connections, and it is free.

Disadvantages: difficulty in setting up for access via the Internet, vulnerability to Pass the Hash attacks.

TeamViewer

Before you start using the service, you will have to register an account. Google entry(Android device users already have it) or log in using it in Google browser Chrome.

The main window of the Chrome Desktop includes 2 sections:

  • Remote support. This contains options for managing a one-time connection to another PC and providing access to yours.
  • My computers. This section contains machines with which you have previously established a connection and you can quickly connect to them using a given PIN code.

The first time you communicate using Chrome Desktop, the remote computer will be additional component(host), which will take 2-3 minutes. When everything is ready, it will appear on the screen secret code. After entering it in the appropriate field, click “Connection”.

As with TeamViewer, the user of the remote machine will be able to see all your actions on the screen. So for covert surveillance, for example, of a child, these programs are not suitable.

is a very simple and equally reliable utility designed for remote control of computers running Windows and Linux. Its main advantages are ease of use, reliability, high speed connections and also the fact that it does not require installation. Cons: no mobile versions(it will not be possible to establish a connection via Android and iOS using this program) and the fact that many antiviruses consider it malicious and seek to remove it. Fortunately, the latter is easy to prevent by adding the utility to the exceptions.

Ammyy Admin supports 2 methods of establishing communication - by ID number and by IP address. The second one works only over the local network.

The utility window is divided into 2 halves - “Client”, where the computer identification data and password are located, and “Operator” - with fields for entering this data. The connection button is also located here.

The contact book and program settings, which are quite simple, are hidden in the “Ammyy” menu.

- another compact portable Windows program, externally similar to the previous one, but with a more interesting set of functions. Supports 2 connection methods - ID and IP, and 3 modes - full control, file manager(file transfer) and only viewing the screen of the remote PC.

It also allows you to define several levels of access rights:

  • Remote operator use of keyboard and mouse.
  • Clipboard synchronization.
  • Changing access rights by an administrator, etc.

The “View Only” mode can be used to covertly monitor the actions of users of remote machines (children, workers), which is not available in similar products.

In the main AeroAdmin window there is a button to open an email chat (located next to the “Stop” button). Chat is designed for quick sending email operator, for example, asking for help. This function is unique, since analogue programs only have a regular chat for text messaging. And it starts working only after the connection is established.

Unfortunately, the AeroAdmin contact book does not become available immediately. It requires separate activation - via Facebook. And only members of this social network, since in order to receive an activation code, developers request a link to your personal page. It turns out that those who liked the program cannot do without registering on Facebook.

Another feature of AeroAdmin is the admissibility free use even for commercial purposes, if not needed additional features(continuous connection, multiple parallel sessions, etc.), available only in paid versions.

- the last utility in today’s review for remote connection to a Windows PC from another computer or mobile device. Can be used without installation or with it.

Like its predecessors, it has a number of unique functions:

  • The highest speed of image transfer from a remote machine.
  • The fastest file sharing, even with low Internet speeds.
  • Supports simultaneous connection of multiple remote users. The ability to collaborate on one project (each user has their own cursor).

Plus, like other programs in this class, AnyDesk provides the operator with full access to the functions of a remote machine, it is very easy to connect (using ID and password) and reliably protects the transmitted data.

Ivanov Sergey

Remote administration programs are a hidden security threat

Information today is one of the most important resources in the world, so its security and confidentiality is given special attention even at the state level. The more valuable and significant the information, the greater the damage from its loss.

A threat to the integrity of information always exists; it can be a simple failure of equipment with the loss of all information or malicious penetration and theft or damage of information by an attacker. In the first case, to preserve information there are many means of protection, such as regular duplication or archiving of information, but in the second case, things are much more complicated.

There are many ways to penetrate someone else's computer to gain access to confidential information, and each case has its own means of protection against these threats.

In this article, I will look at the threats posed by remote administration programs, determine the cause and source of the threats, and then consider methods of protecting against this type of threat.

Remote administration programs

Remote administration programs are powerful tools that provide almost complete control over a remote computer. If an attacker manages to gain access through such a program, he will be able to do with the information on this computer anything. The most well-known remote administration programs are RDP, VNC, DameWare, TeamViewer, Remote Office Manager, Hamachi, etc. All of these programs provide the ability to remotely control your computer's desktop, the ability to copy or delete files, and much more, which is very convenient for system administration. In principle, a remote administration program is an ideal “Trojan” for an attacker; the only question is in whose hands the remote control will be. Certainly not alone System Administrator will not voluntarily open access to the computer through such a program. Where then does the threat come from? How can an attacker gain illegal remote access to a computer?

Source of danger

The threat comes from people wanting to gain remote access to specific computer. To do this, they want to use a remote administration program. Of course, if a remote administration program is installed on a computer and a simple access password is set, for example, 111111 or 123456, without any security settings, then anyone can get into such a computer, if only they want to. In practice, this rarely happens; in serious organizations, information protection and security are approached with special attention, complex passwords are set, additional funds information protection, antiviruses and firewalls.

But even with such a serious approach, you will still not be in complete safety! The most serious danger is posed by former employees who, for some reason, want to penetrate the internal network of an enterprise and damage or steal confidential data. Who knows what might be going through the mind of a fired employee? What kind of resentment is lodged in him, and who does he want to annoy...

Former employees pose the greatest danger because they already know the password to access the computer through a remote administration program, and connecting remotely will not be difficult. Even if the information is encrypted, full access will provide the opportunity to simply corrupt it, or decrypt it by stealing the password to access it.

Let's look at this problem and its solutions, using the example of the most common remote administration program, although other similar programs are also susceptible to this threat, which I will not mention.

What is the complexity of the problem?

The fact is that in a large company under the control of the IT department there are up to a hundred machines, or even more, on each of these computers a program is installed that provides remote access. When there is a change of personnel in the IT department, it is necessary to change the access password on all machines through this program, since to work through the remote administration program you need to know the access password and enter it every time you connect.

It is possible to set a varied, complex password on a hundred machines, but no one does this, because the system administrator himself may get confused and forget it. Therefore, in most cases, either the same or a monotonous complex password is set, for example: STORE01, STORE02, etc. Sometimes the keyboard layout changes when typing, i.e. The password “flvbybcnhfnjh” is typed, which corresponds to “administrator”; instead of the word administrator, the name of the company or the surname of the director is used. All this makes it possible for a former employee to pick up a password and connect to some company computer on the Internet, where he can steal or corrupt information, and possibly use the resulting computer as a platform for infiltrating other computers.
Of course, remote administration programs provide their own protection means, such as IP filtering, NT authorization, and password guessing protection. It is not always possible to use IP filtering on a computer, since it can be accessed by an employee from a computer that has a dynamic IP or from another region when he is on vacation. Authorization Windows security NT is not used often in practice, because it also requires knowledge of the username on the remote computer and its password, and loses its power in front of an attacker who already knows the access password.

So, the essence of the problem is that the attacker already knows the password to access the computer, or can quickly guess it.

How can you protect yourself?

Remedies

The first thing that comes to mind is changing the access passwords on all computers when one of the employees leaves. But it is simply impossible to perform such an operation every time on hundreds of machines; in reality, not a single system administrator will do this. Even if you change the password on all computers, then you need to inform all interested parties about the new passwords; this will cause great inconvenience, although it will solve our problem.

The second way is to change the approach to the remote control tool itself. Employees working through the remote control program are not provided with a password in clear text. One way or another, many programs require a clear-text password, so you can use additional developments or another remote administration program. Good decision in this situation is the Remote Office Manager program (http://www.aledensoft.ru/). Remote Office Manager is a remote administration program that provides almost all the basic capabilities of remote administration, but with the ability to store a password for accessing a remote computer. That is, we can set any passwords on a hundred computers that only one person will know, and the rest of the employees will be able to connect and work remotely without knowing the access password. Thus, the resigned employee will not know the access passwords to remote computers and will not be able to use them for penetration. Unfortunately, in this case there is one very unpleasant moment, the fact is that most programs provide the ability to export address book with all the settings as a file and then download it on another computer. To completely eliminate the possibility of penetration, it is necessary to regularly change the main access passwords as a preventive measure, especially since this will not be difficult to do with the password saving function.

Let's sum it up

In my practice, there have been many cases when former employees, using a remote administration program, penetrated the computers of their organization and created a real house. Moreover, it can be any employee knows the password for remote access, even if he worked for a couple of months in the sales department and has no relation to anyone system administration. It is better to prevent in advance the hidden threat posed by remote administration programs and quitting employees. I just described the problem and gave an example of its solution, perhaps it will not affect you, or you will find another way to solve it, more suitable for you.

Conclusion

Protecting confidentiality and maintaining the integrity of information is a priority for the IT department and its management, so it is worth paying attention to the hidden threat posed by remote administration programs and taking measures in advance to prevent possible danger, as they say, “God protects the best.”