IN THIS TASK
Summary
This step-by-step article describes how to gain access to local files when you are using a Remote Desktop session to a Windows XP or Windows Server 2003 host computer. For more information about client-side drive redirection with Windows NT 4.0 Terminal Server and Windows 2000 Terminal Services, click the following article number to view the article in the Microsoft Knowledge Base:
272519 How to redirect a client drive in Terminal Services
Feb 03, 2021 Remote applications may no longer be launched from the 'RemoteApp and Desktop Connections' app feed after Duo is installed on your RD Web server. Before you begin deploying Duo in your RDS environment, please read our Duo 2FA for Microsoft Remote Desktop Services overview to understand the capabilities and limitations of the different. Microsoft’s Remote Desktop Web Client let’s access your remote desktop server through a compatible web browser. Over the past few years, Microsoft has extended RDP support to several platforms. Once the web client is installed, users can choose to use instead of traditionally RDP client.
How to install Remote Desktop Connection software on the client computer
The client portion of Remote Desktop is installed during the Windows XP and Windows Server 2003 installation process. If you are using Windows 95, Windows 98, Windows Millennium Edition, Windows NT 4.0, or Windows 2000 client computers to connect to a Windows XP or Windows Server 2003 host computer, then download and install the Remote Desktop Connection Software from the following Microsoft Web site:
How to connect to a remote Windows XP-based or Windows Server 2003-based computer
To connect to the remote computer:
Click Start, point to All Programs (or Programs), point toAccessories, point to Communications, and then click Remote Desktop Connection.
Type the name of the Windows XP-based computer that has Remote Desktop enabled, and then click Connect.
Type your user name and password, and then click OK.
How to control the Remote Desktop
After you establish a Remote Desktop connection, your remote desktop is displayed in its own window. You can use the keyboard and mouse of the local host to control the remote computer.
Microsoft Remote Desktop Web Client Download
How to gain access to local files
You can gain access to your disk drives on the local computer during a Remote Desktop session. You can redirect the local disk drives, including the hard disk drives, CD-ROM disk drives, floppy disk drives, and mapped network disk drives so that you can transfer files between the local host and the remote computer in the same way that you copy files from a network share. You can use Microsoft Windows Explorer to view the disk drives and files for each redirected disk drive. Alternatively, you can view the files for each redirected disk drive in My Computer. The drives are displayed as 'drive_letter on terminal_server_client_name' in both Windows Explorer and My Computer.
To view the disk drives and files for the redirected disk drive:
Click Start, point to All Programs (or Programs), point to
Accessories, point to Communications, and then click Remote Desktop Connection.Click Options, and then click the
Local Resources tab.Click Disk Drives, and then click
Connect.
How to end the Remote Desktop session
After you are finished using the Remote Desktop connection:
Click Start in the Remote Desktop Connection window, and then click Shut Down.
Click Log Off, and then click OK.
References
For more information about Remote Desktop and how to install Remote Desktop on versions of Windows other than Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
315328 How to use the Remote Desktop feature of Windows XP Professional
You can control HTTP traffic flowing to and from a web application by creating a Microsoft Remote Desktop Web 2008 and R2 rule that uses IPv4 protocol.
Download Microsoft Remote Desktop Application
- Go to Rules and policies > Firewall. Select IPv4 and select Add firewall rule.
- Rules are turned on by default. You can turn off a rule if you don’t want to apply its matching criteria.
- Enter the general details.
Name
Description
Rule name
Enter a name. Rule position
Specify the position of the rule.
Rule group
Specify the rule group to add the firewall rule to. You can also create a new rule group by using Create new from the list.
If you select Automatic, the firewall rule is added to an existing group based on first match with rule type and source-destination zones.
Action Select Protect with web server protection. Preconfigured template
Select a template to apply:
None: Specify the web server protection details.
Exchange Autodiscover Facturemedia.
Exchange Outlook Anywhere
Exchange General
Microsoft Lync
Microsoft Remote Desktop Gateway 2008 and R2
Microsoft Remote Desktop Web 2008 and R2
Microsoft Sharepoint 2010 and 2013
- Enter Hosted server details.
Name
Description
Hosted address
Select the public IP address assigned to an interface through which users access the internal server or host. The WAF rule is bound to the IP address assigned to the interface.
You can use the public IP address assigned to the interface or use an alias to bind the required public IP address.
When a client establishes a connection and accesses the web server, the web server obtains the interface address of the web application firewall (WAF) and not the client’s IP address. The HTTP header X-Forwarded-For carries the client’s IP address.
Listening port Enter the port number on which to reach the hosted web server. The defaults are port 80 for HTTP and port 443 for HTTPS.
You can use the same port (for example, 443) for SSL VPN and WAF. In this case, SSL VPN works on any IP address except the IP address (Hosted address) configured for WAF.
WAF can't share the same port as the user portal. The default user portal port is 443.
HTTPS
If you turn this on, the hosted server is accessible through HTTPS and not through HTTP.
HTTPS certificate If you selected HTTPS, select the certificate.
Sophos Firewall supports SNI (Server Name Indication), allowing you to create more than one virtual web server that's accessible over the same IP address and port. You can assign a different certificate to each server. Servers are presented to clients based on the requested hostname.
To create or upload a certificate, go to Certificates > Certificates.
Redirect HTTP Select to redirect port 80 traffic to port 443.
Domains
Enter the FQDN configured for the web server, for example, shop.example.com.
If you've turned on HTTPS, domain names of the selected HTTPS certificate show in the list. You can edit or delete these or add new domain names.
You can use the wildcard *. at the start of a domain name only.
Example: *.company.com
A single WAF policy supports multiple wildcard domains. Virtual web servers with wildcard domains are only matched when there are no virtual web servers with specific domains configured.
Example: A client request to the domain, test.company.com, will match with test.company.com before it matches with *.company.com before matching with *.com.
- Specify the details of the Protected servers. You can specify the web servers, authentication method, and allowed and blocked client networks. If you select path-specific routing, in addition to these settings, you can bind sessions to servers, specify the primary and backup servers, and use the WebSocket protocol.Note If you select multiple web servers, requests are balanced between the webservers.
If you don't want to configure path-specific routing, specify the Web servers and Access permissions.
Name
Description
Web server
Select the web servers from the Web server list. Alternatively, you can create new ones. You can see the selected web servers under Selected web servers. Allowed client networks Specify the IP addresses and networks that can connect to the hosted web server.
Blocked client networks Specify the IP addresses and networks to block from connecting to the hosted web server.
Authentication
Specify an authentication profile for web applications.
- Select Add new exception to specify the security checks to skip.
Select the paths, sources, and security checks to skip. You can specify more than one exception in a WAF rule.
Name
Description
Paths
Specify the paths for which you want to create an exception. You can use wildcards in the paths. Example: /products/*/images/*
Operation
Select the Boolean operation for paths and source networks. Sources
Specify the IP addresses, range, list, or networks from which the traffic originates. Cookie signing
Skips check for cookie tampering. Cookie signing mitigates attempts to obtain private session data and engage in fraudulent activity by tampering with cookies. When the web server sets a cookie, a second cookie is added to the first cookie containing a hash built from the name and value of the primary cookie and a secret that is known only to Sophos Firewall. If a request can't provide the correct cookie pair, the cookie is dropped.
Static URL hardening
Allows rewritten links for the specified paths and source networks.
Static URL hardening prevents users from manually constructing deep links that lead to unauthorized access. When a client requests a website, all static URLs of the website are signed using a procedure similar to cookie signing. In addition, the response from the web server is analyzed regarding which links can be validly requested next.
When you turn on static URL hardening, the entries for URL paths become case-sensitive. For example, if you add the path /rule.html and users enter /Rule.html, Sophos Firewall reports that the signature can't be found.
Form hardening
Skips checks for web form rewriting. To prevent tampering with forms, Sophos Firewall saves the original structure of a web form and signs it. If the structure has changed when the form is submitted, Sophos Firewall rejects the request.
Antivirus
Skips anti-virus scanning for requests from the specified source networks and to the paths that you specify.
Block clients with bad reputation
Skips checks for clients that have a bad reputation according to real-time blackhole lists (RBLs) and GeoIP information. - Specify the advanced protection policies.
Name
Description Protection
Specify a protection policy for the servers.
Intrusion prevention
Specify an intrusion prevention policy.
Traffic shaping
Specify a traffic shaping policy to allocate bandwidth.
- Specify the Advanced settings.
Name
Description
Disable compression support
When clients request compressed data, Sophos Firewall sends data in compressed form.
Select this setting to turn off compression if web pages appear incorrectly or if users experience content-encoding errors. Sophos Firewall then requests uncompressed data from web servers and sends it to the client irrespective of the request’s encoding parameter.
Rewrite HTML
Select to rewrite the links of returned web pages to retain link validity.
Example: If a web server's hostname is yourcompany.local, but the hosted web server’s hostname is yourcompany.com, absolute links like [a href='http://yourcompany.local/'] are broken if the link is not rewritten to [a href='http://yourcompany.com/'] before delivery to the client.
You don't need to select this option if yourcompany.com is configured on your web server or if internal links on your web pages are always realized as relative links.
We recommend that you use the option with Microsoft Outlook web access or SharePoint portal server.
HTML rewriting affects all files with HTTP content type text/* or *xml*. * is a wildcard. To prevent corruption during HTML rewriting, make sure that other file types (example: binary files) have the correct HTTP content type.
Rewrite cookies
Select to rewrite cookies of the returned web pages.
Pass host header
Select to forward the host header requested by the client to the web server.
You can use this to match the requested hostname with the web server when you've hosted more than one website on a server.
- Click Save.When you save a new or edited web server protection rule, Sophos Firewall restarts all web server rules. Live connections using any of these rules will be lost and need to be re-established.