Windows Remote Desktop Using PuTTY

Windows "Remote Desktop" or "Terminal Services" is a feature available in modern Windows systems that allows you to login to a Windows computer over the network. Since direct connections to internal JLab systems are not allowed from the internet, to make such a connection from offsite, you must use software that allows you to create a secure "tunnel" through which the connection is made. This technique can be used to connect to individual Windows desktops (if properly configured), or designated Windows terminal servers on site.

Requirements

  • On the off-site system, you must have a "secure shell" or "ssh" client that allows you to do tunneling. For Windows systems, we suggest the PuTTy SSH and telnet client.
  • On the off-site system, you must have a remote desktop client program, included with Windows, but also available for LInux and Mac OS X systems (e.g. "rdesktop").
  • You must know the name of the target Windows computer on site. This can be your Windows desktop computer, or other terminal server. The lab provides a central, general purpose Windows Terminal Server called "jlabts.jlab.org"
  • You must have an account on the target system that is an Administrator or in its "Remote Desktop Users" group. Note: all JLAB domain users are allowed remote desktop access to JLABTS.
  • If the target computer on-site requires a smartcard to log in, you will need to have the appropriate smartcard drivers, reader, etc. available on the off-site system.

Quick Instructions

The quick instructions are for advanced users. If you would like more detailed instructions, scroll down or click here. These instructiosn assume you are using a Windows system from off-site with PuTTY.

  • In PuTTy the configuration settings are as follows:
    • Session->Hostname: login.jlab.org
    • SSH->Tunnels->Source Port: 3391
    • SSH->Tunnels->Destination: <computername>.jlab.org:3389 (or jlabts.jlab.org:3389 for the Windows terminal server)
  • In Windows Remote Desktop Connection
    • Computer: localhost:3391
    • Username: jlab\<username>

Detailed Instructions

Stage 1:

  • Install PuTTy, available at the link above, and run it.
  • Under "Category" on the left, expand "SSH" and scroll down and click "Tunnels"
    • On the right under "Source port" type "3391"
    • Under "Destination" type "<targetcomputername>.jlab.org:3389" replacing <targetcomputername> with, you guessed it, the Target on-site Computer's Name. (or jlabts, as mentioned above)
    • Now click "Add" and a new entry will appear in the "Forwarded Ports" box.
  • Under "Category" Click "Session"
    • On the right under "Host Name (or IP address)" type "login.jlab.org" (without the quotes)
    • On the right under "Saved Sessions" type "jlab" (without the quotes)
    • Click "Save" and "jlab" should appear in the list below "Saved Sessions"
  • Now, in PuTTY, under "Saved Sessions" double-click "jlab"
    • Log in with your CUE username and password
    • Minimize or otherwise forget about PuTTy for now, it is doing its job

Stage 2:

  • Open Remote Desktop Connection in Windows.
    • Start->Programs->Accessories->Remote Desktop Connection
    • For "computer" you will put "localhost:3391" (without the quotes)
    • Click "Connect".
    • You may be warned that the remote computer's identity cannot be verified. Click "yes" if you have followed the above instructions correctly, otherwise click "no" and double check your configuration.
    • You should now see the login screen of the target on-site computer
    • Enter your username as "jlab\<username" (eg. jlab\johns) and password to Login