Chapter : 7

Remote Access Management

7.0 Objectives
7.1
7.2 Understand VPN Basics
7.3 Summary
7.4
Questions for Self Study

7.0 Objectives
At the end of the module, you will be able to:
Understand and explain Remote Desktop Connections
Understand and configure VPN
Configure Offline Files
Understand and implement Windows 10 concepts like Power
Management, Tethering and Metered Links

7.1 Remote Desktop Communication

For remote desktop communication, you can use Remote
Desktop connection (RDC) to run programs that are not
supported on your local hardware.
Remote Desktop Protocol (RDP) is a proprietary protocol
developed by Microsoft, which provides a user with a graphical
interface to connect to another computer over a network
connection. The user employs RDP client software for this
purpose, while the other computer must run RDP server
software.

Remote Access Management / 109

 The image shows a Windows 10 Remote Desktop Client is
used to connect, to 3 instances explained as:
Instance 1 illustrates, a Windows 10 client PC can connect
to Server 2012 R2 Remote Desktop Virtualization Host for
accessing the remote VM or the virtual applications running
inside the Server. This is beneficial for corporate, as a client
PC practically cannot run heavy applications.
Instance 2 explains that, Server 2012 R2, Remote Desktop
Session Host (RD Session Host) server that hosts Windows-
based programs or the full Windows desktop for Remote
Desktop Services clients. Users can connect to an RD
Session Host server to run programs, to save files, and to
use network resources on that server.
Instance 3 depicts, a Windows 10 client PC can connect to
another Windows 10 PC or a Server machine, to provide
support or access the remote resources stored on the
machine.

7.1.1 Configuring RDC

Remote Desktop connections consists of following
configurations:
Server-Side Configurations: It is installation of Remote
Desktop service role by using Server Manager.
Workstation configuration: It can be done by modifying
system properties to enable the remote desktop connections.
The workstation configuration is shown in the image. It shows
the Windows 10 System settings, navigate to Remote settings
and Select the option “Allow remote connection to this computer”.
Select OK to confirm the settings.

7.1.2 RD and Security

The following are the security aspects related to Remote
Desktop:
Remote Desktop is disabled by default in all the versions of

110 / Operating System 1

 the Microsoft Operating Systems.
If Remote Desktop is enabled, then by default only Local
Admins have access.
Remote Desktop uses TCP (Transmission Control Protocol)
port number 3389, it should be noted that if you want to block
the Remote Desktop connection, you can manually block TCP
port number 3389 from Windows Firewall settings.
The important security aspect is “Network Level
Authentication”, a technology used in Remote Desktop
Services (RDP Server) or Remote Desktop Connection (RDP
Client) that requires the connecting user to authenticate
themselves before a session is established with the server.

7.1.3 RDC Settings

RDC (Remote Desktop Connection) settings consists of
following options as shown in the image.
The various tabs are explained as follows:
General Tab: It consists of Computer Name, Username and
Password settings.
Display Tab: It consists of display resolution, multiple monitors
and Full screen layout.
Local Resources: It is mapping of local disks and USB drives.
Experience Tab: It consists of various options for selection of
connection speed.
Advanced Tab: It consists of the certificate settings and
Connection from your PC to the Remote Desktop Gateway
server.

7.1.4 RDS and VDI

Remote Desktop Service (RDS)
It is a proprietary protocol of Microsoft; it allows users to
connect remotely to a network Graphical User Interface.
While the RDS client is installed on a User System, the
RDS server software is installed on the server machine, and

Remote Access Management / 111

 a remote connection is established with one or more terminal
servers.
There are 2 types of RDS server as shown from the image:
1) RD session Host: It is a role in Windows Server. Previously it
was known as Terminal Services.
2) RD Virtualization Host: It integrates with Hyper-V to provide
virtual machines by using RemoteApp and Desktop
Connection.
Remote Desktop Connection Broker: It is the server that
integrates the various services in Server-side RDS. The other
Servers available as per image are explained as follows:
Remote Desktop Gateway: It is used like a centralized point
for Remote Desktops.
Remote Desktop Web Access: It consists of Web based
access, such that clients can access the remote desktop
services through Web console.
Virtual Desktop Infrastructure (VDI) is virtualization
technology that hosts a desktop operating system on a
centralized server in a data center. VDI is a variation on the
client-server computing model, sometimes referred to as server-
based computing. The term was developed by VMware and in
later stages Microsoft provided the wide-spread implementation
in the corporate environments.
VDI involves running user desktops inside virtual machines
that are hosted on datacenter servers. In a VDI environment,
each user is allocated a dedicated VM that runs a separate
Operating System. This Flexibility provides a secure and isolated
environment for the user.

7.1.5 RD and VDI Integration

Following are the benefits of Microsoft based VDI (Virtual
Desktop Infrastructure) integration with Remote Desktop
services:
Microsoft VDI enables users to access corporate apps and

112 / Operating System 1

data from any device or any location.
RDS helps to deliver great user experience, and provides
seamless access on multiple devices. VDI helps to save
corporate resources and provide flexible working environment
to the employees.
Considering the benefits from administration point of view,
Microsoft VDI enables Administrators to centrally administer
and manage desktops. It also protects against loss and leaks
of sensitive corporate data.
VDI helps to maintain a balance between User Requirements
for corporate apps and company defined compliance.

7.1.6 Accessing RDS/VDI through Windows 10

RemoteApp and Desktop Connections is the option available
inside Windows 10 Control Panel to access the Microsoft
based RDS and VDI.
The following are the features of Remote App and Desktop
Connections:
It is available on client-side control panel.
It is used to list remote apps and Desktops, basically it points
to an URL of your Remote Desktop Server.
Windows 10 downloads the links to remote apps and
desktops.
Note: RemoteApp and Desktop Connections can be
accessed through control panel as shown in the image.
To access the Microsoft based VDI and RDS, from your
Windows 10 machine. Open Control panel and navigate to
RemoteApp and Desktop Connections.

7.2 Understand VPN Basics

VPN (Virtual Private Network), is an "unreal” network using
encrypted protocols. The data contents passing through VPN is
securely encrypted.
Following are the objectives and uses of VPN :

Remote Access Management / 113

 Client to server connection: A VPN client is usually software
that runs on a client computer that wants to connect to the
remote network. The VPN client software must be configured
with the IP address of the VPN server for authentication
purpose.
Site-to-site VPNs connect entire networks to each other, for
example, connecting a branch office network to a company
headquarter network.
VoIP (Voice over Internet Protocol), is a category of hardware
and software that enables people to use the Internet as the
transmission medium for telephone calls by sending voice
data in packets using IP rather than by traditional circuit
transmissions of the PSTN.

7.2.1 VPN Protocols

The tabular classification shows the VPN supported
protocols:
PPTP, Point-to-Point Tunneling Protocol: It is used with older
clients, and a faster protocol that uses TCP port 1723.
Generally, it is not recommended since PKI (Public Key
Infrastructure) and Data Integrity is not supported with PPTP.
L2TP/IPSec, Layer 2 Tunnel Protocol: It is used since
Windows vista and higher versions of Operating Systems. It
uses UDP port number 500 and 1701. This protocol supports
IPSec encryption, PKI (Public Key Infrastructure) certificates
and Data Integrity.
SSTP, Secure Socket Tunneling Protocol: It is supported by
Windows Vista and Higher Operating Systems. It uses TCP
port number 443. SSTP supports encryption via SSL. It also
supports PKI and Data Integrity. SSTP is preferred over L2TP
since it uses TCP port.
IKEv2, Internet Key Exchange version 2: It is supported by
Windows 7 and Higher Operating Systems. It uses UDP
port number 500, Supported encryption is AES
(Advanced Encryption Standards) or 3DES (Triple Data

114 / Operating System 1

 Encryption Standards), it supports PKI, Data integrity.

7.2.2 Windows 10 VPN Connections

It should be noted that, the server-side VPN must be
configured in Windows Server 2012. Windows 10 PC can be a
client VPN to connect to the VPN server.
To set client VPN,
open Windows 10 settings > Network and Internet Options,
select the VPN option as shown in the image, then select the
option, "Add a VPN connection”.
The wizard appears, is a guided process to complete the
Client VPN configuration.

7.2.3 Configuration of Offline files versus OneDrive

For overall understanding of the topic learnt so far, it should
be clear that Remote Desktop and VPNs presume network
connectivity is established and running. While, Offline files
presumes there is an occasional drop in network connectivity.
Additionally, when you are comparing Offline Files with One
Drive, it should be clear that OneDrive sync local content with
the cloud storage while Offline files sync the contents stored on
the local server network It should be clear from both the
techniques that cached files are available on local disk.

7.2.4 Types of Offline Files

There are 2 Types of Offline Files, they are:
Automatically cached: A cache is a place to store something
temporarily in a computing environment. Caching is used to
improve application performance.
Another option is manually or semi-automatic caching of
Offline files, users have the freedom to cache the required
files. NTFS permissions are critically important in this type of
caching.
Also, there are 2 sources of Offline Files, they are:

Remote Access Management / 115

 First option is Server-side configuration for Offline Files. Here
the File Server is configured to share the offline files.
The second option is Offline files between Windows 10 PCs.
In this option a Windows 10 PC becomes the offline server
and shares the offline folders to the corresponding Windows
10 PCs. It should be noted that a feature “Access-based
enumeration” is not available in this method of Offline Files
configuration.

7.2.5 Sync Center Settings

Sync Center allows you to keep information in sync between
your computer and shared folders on network servers. These are
called “offline files” because you can access them even when
your computer or the server is not connected to the network.
Offline File is stored in Local computer on the location
“C:\Windows\CSC”, Note that the folder “CSC” is a system folder
where even admins have no permissions.
The following operations can be performed in Sync Center:
You can disable Offline Files.
Offline Disk Usage limits can be modified.
Cache encryption can be enabled.
Change frequency of the connection speed.

7.2.6 Windows 10 Power and Sleep Settings

Windows 10 Power and Sleep settings has following
available options:
Separate values for AC (Alternate Current) / DC (Direct
Current)
When to turn off the screen, it means the defined idle time
after which the screen must be turned OFF
The defined idle time after which the PC must sleep.
The other available options are explained as:
Sleep Mode: When configured, this mode provides Power to

116 / Operating System 1

 CPU and RAM only.
Hibernation Mode: This mode when configured provides,
zero power to RAM, CPU, all the RAM data is offloaded to
disk.
Hybrid Sleep: This mode writes “Hyberfil.sys” file on
Windows “C” Drive, this file is similar like hibernate, but it
keeps CPU and RAM powered UP for fast resume, technically
it is a combination of Hibernate and sleep. You can use
“Advanced settings options” to configure it.

7.2.7 Windows 10 Battery Saver Settings

Windows 10 Action Menu has active “Tile” named as “Battery
Saver”, as shown in the image.
The objective of Battery saver is:
To lowers screen brightness.
To disallow “Push” notifications.
Also, you can use battery icon, available in taskbar, on your
portable laptop to modify the settings for the Laptop battery.
Also take a look at the image, it shows the tile of “Battery
Saver”, available in Windows 10 Action Menu.

7.2.8 Windows 10 Mobility Center Settings

Windows 10 Mobility Center Settings is the console available
only for mobile systems like Laptop, Tablets and Windows
Smartphone. The available options are shown in the image.
The options available are:
Brightness: It gives the option to adjust brightness of the
mobile device.
Volume: It is an adjustment button.
Battery status of the mobile device.
Screen orientation of the device.
External display settings.
Offline Files Sync settings.

Remote Access Management / 117

 Presentation settings: It is used for connecting the mobile
device to the projector.

7.2.9 Windows 10 “Device Manager” Settings

Windows 10 Device manager consists of set of individual
device properties. Windows 10 Power Management Tab is used
to configure the Power Settings for the Windows Device.
Take a look at the screenshot, it shows the command
“Powercfg.exe”.
This command is used to implement following actions:
Devices not entering suspend mode.
Overcome Hardware incompatibilities for the Windows 10.
Use the command "powercfg/batteryreport “to retrieve the
battery information for the windows 10 mobile devices like
laptop or netbooks.
The command “powercfg/hibernate” is used to enable or
disable hibernation in windows 10 mobile devices like laptops.

7.2.10 Broadband Tethering

Tethering is connecting one device to another. In the context
of mobile phones and tablet computers, tethering allows sharing
the Internet connection of the phone or tablet with other devices
such as laptops.
Windows 10 can be used as a Tethering Server or Client. A
windows 10 device can be used like a private Wi-Fi hotspot. This
mode corresponds to:
Windows 10 Tethering Server
Windows 10 devices support both wired and wireless NIC.
If you are planning to connect Windows 10 device to a cell
phone’s private hotspot, this mode corresponds to:
Tethering “client”
The other condition is Windows 10 device must have a
wireless NIC or if the mobile device supports USB tethering,

118 / Operating System 1

 then it can be used to pass mobile internet to Windows 10
device.
Note - USB tethering has the fastest speed, but you have to
connect your phone to your laptop with a USB cable. Your
phone’s battery won’t drain because it will utilize power from your
computer’s USB port.

7.2.11 Windows 10 Hotspot commands

The commands used to enable Hotspot on Windows machine
is “netsh wlan show drivers”.
This command is used to list the Wi-Fi drivers and properties
in Windows 10 Hotspot.

7.2.12 Windows 10 Wi-Fi Sense

Wi-Fi Sense is a feature in Windows 10 Operating system.
Wi-Fi sense consists information about Windows 10
compatible open Wi-Fi Hotspots.
Wi-Fi Sense needs Microsoft online account login, since
Microsoft maintains the list of these databases.
If Wi-Fi sense is “ON” then Windows 10 auto connects to such
hotspots.
Note you can “Turn OFF” Wi-Fi Sense by using local or
Domain based Group Policy settings. Take a look at the
image, it shows the options to enable or disable Wi-Fi Sense.

7.2.13 Need for Metered Connection

Windows 10 is designed for PCs assuming consumer has
unlimited Internet connections, and it normally uses as much
of your download and upload bandwidth required without the
permissions of the user.
Setting the wireless connection as “metered” allows the user
to control on the amount of data consumed in upload or
Download.
The appropriate purpose of Metered Connection is:

Remote Access Management / 119

 Broadband connection or Mobile Connection are designed
for "pay-as you-use” type of subscription, it means that data
used in broadband and mobile connections are chargeable.
Windows 10 Metered connections track the data usage with
reference to connection bandwidth limit.
If the user is near to threshold limits, Windows PC goes offline
and stops the data usage.
Note: Metered connections is not available for Wired
Connection

7.1,7.2 Check Your Progress.

1) you can ................ Wi-Fi Sense by using local or Domain
based Group Policy settings
2) Wi-Fi Sense needs ...................
3) .............. tethering has the fastest speed (USB)

7.3 Summary
Remote Desktop connection (RDC) is used to run programs
that are not supported on your local hardware.
RDC configuration consists of Server side or Workstation side.
Remote Desktop is disabled by default, uses TCP port
number 3389.
Network level authentication used in Remote Desktop
Services requires the connecting user to authenticate
themselves.
RDS and VDI can be integrated for better application hosting.
VPN is Virtual Private Network. VPN purpose is:
Site to Site VPN
Remote access VPN
VoIP
VPN protocols are L2TP, PPTP, SSTP and IKEv2.
Offline Files and OneDrive techniques cache files locally for

120 / Operating System 1

offline use.
Windows 10 default Power Management consists of:
Power Saver , Balanced and High Performance.
Other Power settings are Sleep, Hibernate and Hybrid Sleep.
Windows 10 supports features like:
Mobility Center settings
Broadband Tethering
Wi-Fi Sense
Metered Links

7.4 Check Your Progress Answers.

7.1, 7.2
1) “Turn OFF”
2) Microsoft online account login
3) USB

7.5 Questions for Self Study

1) Which protocol and port number is used by Microsoft based
Remote Desktop Services?
2) What are the various components available in RDS and VDI
integration?
3) What are the ideal scenarios to implement VPN?
4) Compare between the various VPN protocols.
5) What are the different methods to configure Offline Files?
6) Explain Windows 10 Features like, Wi-Fi Sense, Metered
Links and Broadband Tethering.

Remote Access Management / 121

 Notes
____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

122 / Operating System 1