Enabling Remote Desktop Administration on the Remote Server
As mentioned previously, remote desktop functionality on the server is provided by Terminal Services. It is important to note, however, that Terminal Services do not have to be explicitly enabled on the server in order to support Remote Desktop Administration. In fact, all that needs to be done is to enable Remote Desktop Administration. This is configured by opening the Control Panel from the Start menu and selecting the System icon (if the Control Panel is in Control Panel Home mode this is located under System and Maintenance). In the Task section in the top left hand corner of the System page select Remote settings to display the following properties window:
The Remote properties dialog provides a number of options. The default setting is to disallow remote connections to the computer system. The second option allows remote desktop connections from any version of the Remote Desktop client. The third, and most secure option, will only allow connections from Remote Desktop clients with Network Level Authentication support. This typically will only allow access to systems providing secure network authentication such as Windows Vista and Windows Server 2008.
If the Windows Firewall is active, the act of enabling Remote Desktop administration also results in the creation of a firewall exception allowing Remote Desktop Protocol (RDP) traffic to pass through on TCP port 3389. This default port can be changed by changing this setting in the Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-tcp\PortNumber. The easiest way to locate this registry key value is to execute regedit from the Runwindow or a command prompt, select Edit - > Find and enter RDP-tcp.