Remote Desktop Tool Windows 10



Setting up a remote desktop allows you to access your computer wherever you are and control it as if you were directly in front of the keyboard. By using the built-in Remote Desktop Connection app in Windows 10, you can troubleshoot issues, access files, and so much more. Here’s how to set up a remote desktop in Windows 10 and how to remotely access another computer over the internet.

How to Set Up Remote Desktop Windows 10

On Windows 10, the Windows Remote Assistance tool is a little hidden. You can still find it by opening the Start menu, searching for “Remote Assistance”, and clicking the “Invite someone to connect to your PC and help you, or offer to help someone” option. Now from the other machine with Windows 10, where you want to access the computer, press the Windows button, type RDP, and then click on the Remote Desktop Connection option. The dialog box appears to type the computer box’s target computer IP address and the Computer Username in the second box.

To set up a remote desktop in Windows 10, go to Settings > System > Remote Desktop. Then turn on the slider for Enable Remote Desktop. Next, search Settings for Allow an app through Windows firewall and enable the Remote Desktop app for Private and Public.

Note: You can only run the Remote Desktop Connection app if you are using Windows 10 Professional or Enterprise. If you are using Windows 10 Home edition, check out our guide on how to use Quick Assist to remotely control a computer.

  1. Click the Windows Start button. This is the button with the Windows logo in the bottom-left corner of your screen. Do this from the host computer (or the computer you will be trying to access remotely).
  2. Then click Settings. This is the gear-shaped icon just above the power button.
  3. Next, click System.
  4. Then click Remote Desktop in the left sidebar. You can find this by scrolling down. It is the icon that looks like greater than and less than signs pointing at each other.
  5. Next, click the slider next to Enable Remote Desktop. This will cause a new window to pop up.
  6. Then click Confirm. A pop-up box appears asking you if you would like to enable remote desktop. It also reminds you that doing so will allow you and other users in your User accounts to connect to the PC remotely. Then you will need to change your firewall settings in order to access another computer over the internet.
  7. Next, type firewall into the search bar of the Settings window. You can do this by clicking the search box that says Find a setting at the top of the left sidebar. Once you type firewall, you will see search results populated under the search bar.
  8. Then choose Allow an app through Windows firewall. If you don’t see this option, click Show All, and then select it from the list.
  9. Then click Change settings. Initially, the apps and the checkboxes beside them will be grey or disabled. Once you click Change settings, they will turn black and become enabled.
  10. Tick the Private and Publiccheckboxes to the right of Remote Desktop. Make sure both that the boxes under the Private and Public columns are checked.
  11. Finally, click OK.

Once you enable your remote desktop and allow the app to communicate through your firewall, you can access that computer over the internet. Here’s how:

How to Remotely Access Another Computer Over the Internet

There are two ways you can remotely access another computer over the internet – depending on whether you’re on the same network or not. If you are accessing another computer within the same network, you just need to know the PC name. If otherwise, you need to know your public IP and set up port forwarding.

Remote Desktop Tool Windows 10 Pro

How to Remotely Access Another Computer Over the Internet Within Your Network

To remotely access another computer within your network over the internet, open the Remote Desktop Connection app and enter that computer’s name, and your username and password.

  1. Click the magnifying glass icon in the bottom-left corner of your screen. Do this from the computer you want to access over the internet.
  2. Then type About into the search bar and click Open.
  3. Next, copy your computer’s name. You can find this next to Device name. You can either write this name down, or copy and paste it into a text document, an email, or any other method that you want.

    Note: If this name is too complicated, you can click the Rename this PC button below. This lets you choose your own name for your PC.

  4. Then open the Windows search bar and type remote desktop connection. This is the magnifying glass icon in the bottom-left corner of your screen.Do this from the client computer or the computer that you will use to establish the remote connection.
  5. Next, click Open.
  6. Then click Show Options. You can see this in the bottom-left corner of the window.
  7. Next, enter the computer’s name. This is the name that you copied down in the previous steps.
  8. Also, enter the username. If this information is filled in already, make sure it is correct. You can find your username by going to Settings > Accounts. Then you will see your username under your profile image.
  9. Then click Connect.

    Note: You can also change additional settings by clicking the Display, Local Resources, Experience, and Advanced tabs.

  10. Next, enter your computer’s password and click OK. This is the password that you use to sign in to the computer when you are on the lock screen.

    Note: You might encounter a prompt asking you if you want to connect even if the identity of the remote computer cannot be identified. Just click on Yes.

  11. Finally, wait for the remote connection to be configured. After the step above, you will see a green progress bar. Wait for it to complete. Briefly, you will see a black window which turns to blue. Once the remote connection is successfully established, you will see a view of the computer you’re trying to access.

How to Remotely Access Another Computer Outside Your Network

Remote Desktop Tool Windows 10 Download

  1. Open a web browser. Do this from the host computer or the computer you will be trying to access remotely.
  2. Then type what is my IP into the address bar.
  3. Next, copy the public IP address listed. Your public IP address will be a series of numbers separated by periods.

    Note: Do not share your public IP address with anyone you don’t trust. They can use this information to hack your computer and steal your personal information, such as bank details.

  4. Then open TCP port 3389 on your router. If you don’t know how to do this, check out our step-by-step guide on how to port forward.

    Note: You should also set a static IP address for the computer you are trying to access. If you want to know how to set a static IP address for your Windows 10 PC, check out our step-by-step guide here.

  5. Next, open the Remote Desktop Connection app. Do this from the client computer (or the one you will use to remotely control the host computer).
  6. Enter your public IP address in the Computer field. This will be the public IP address you copied down earlier.
  7. Then click Connect.
  8. Enter your credentials. On the Windows Security page, type in the username and password of your remote server.
  9. Click OK.

    Note: You might encounter a prompt asking you if you want to connect even if the identity of the remote computer cannot be identified. Just click on Yes.

  10. Finally, wait for the remote connection to be configured. After the step above, you will see a green progress bar. Wait for it to complete. Briefly, you will see a black window which turns to blue. Once the remote connection is successfully established, you will see a view of the computer you’re trying to access.

If you’re looking for a less complicated way of accessing your computer remotely, check out our article on how to remotely control a Windows 10 or Mac computer.

Remote Desktop Tool Windows 10
Updated on March 26, 2021

Was this article helpful?

Related Articles

-->

Applies To: Windows 10, Windows Server 2016

This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.

The content in this topic applies to the versions of Windows that are designated in the Applies To list at the beginning of this topic. In these versions, smart card redirection logic and WinSCard API are combined to support multiple redirected sessions into a single process.

Smart card support is required to enable many Remote Desktop Services scenarios. These include:

Best Remote Access Windows 10

  • Using Fast User Switching or Remote Desktop Services. A user is not able to establish a redirected smart card-based remote desktop connection. That is, the connect attempt is not successful in Fast User Switching or from a Remote Desktop Services session.

  • Enabling Encrypting File System (EFS) to locate the user's smart card reader from the Local Security Authority (LSA) process in Fast User Switching or in a Remote Desktop Services session. If EFS is not able to locate the smart card reader or certificate, EFS cannot decrypt user files.

Remote Desktop Services redirection

In a Remote Desktop scenario, a user is using a remote server for running services, and the smart card is local to the computer that the user is using. In a smart card sign-in scenario, the smart card service on the remote server redirects to the smart card reader that is connected to the local computer where the user is trying to sign in.

Remote Desktop redirection

Notes about the redirection model:

  1. This scenario is a remote sign-in session on a computer with Remote Desktop Services. In the remote session (labeled as 'Client session'), the user runs net use /smartcard.

  2. Arrows represent the flow of the PIN after the user types the PIN at the command prompt until it reaches the user's smart card in a smart card reader that is connected to the Remote Desktop Connection (RDC) client computer.

  3. The authentication is performed by the LSA in session 0.

  4. The CryptoAPI processing is performed in the LSA (Lsass.exe). This is possible because RDP redirector (rdpdr.sys) allows per-session, rather than per-process, context.

  5. The WinScard and SCRedir components, which were separate modules in operating systems earlier than Windows Vista, are now included in one module. The ScHelper library is a CryptoAPI wrapper that is specific to the Kerberos protocol.

  6. The redirection decision is made on a per smart card context basis, based on the session of the thread that performs the SCardEstablishContext call.

  7. Changes to WinSCard.dll implementation were made in Windows Vista to improve smart card redirection.

RD Session Host server single sign-in experience

As a part of the Common Criteria compliance, the RDC client must be configurable to use Credential Manager to acquire and save the user's password or smart card PIN. Common Criteria compliance requires that applications not have direct access to the user's password or PIN.

Common Criteria compliance requires specifically that the password or PIN never leave the LSA unencrypted. A distributed scenario should allow the password or PIN to travel between one trusted LSA and another, and it cannot be unencrypted during transit.

When smart card-enabled single sign-in (SSO) is used for Remote Desktop Services sessions, users still need to sign in for every new Remote Desktop Services session. However, the user is not prompted for a PIN more than once to establish a Remote Desktop Services session. For example, after the user double-clicks a Microsoft Word document icon that resides on a remote computer, the user is prompted to enter a PIN. This PIN is sent by using a secure channel that the credential SSP has established. The PIN is routed back to the RDC client over the secure channel and sent to Winlogon. The user does not receive any additional prompts for the PIN, unless the PIN is incorrect or there are smart card-related failures.

Windows

Remote Desktop Services and smart card sign-in

Remote Desktop Services enable users to sign in with a smart card by entering a PIN on the RDC client computer and sending it to the RD Session Host server in a manner similar to authentication that is based on user name and password. Omnifocus inbox.

In addition, Group Policy settings that are specific to Remote Desktop Services need to be enabled for smart card-based sign-in.

To enable smart card sign-in to a Remote Desktop Session Host (RD Session Host) server, the Key Distribution Center (KDC) certificate must be present on the RDC client computer. If the computer is not in the same domain or workgroup, the following command can be used to deploy the certificate:

certutil -dspublish NTAuthCA 'DSCDPContainer'

The DSCDPContainer Common Name (CN) is usually the name of the certification authority.

Example:

certutil -dspublish NTAuthCA <CertFile> 'CN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=engineering,DC=contoso,DC=com'

Download Remote Desktop Windows 10

For information about this option for the command-line tool, see -dsPublish.

Remote Desktop Services and smart card sign-in across domains

To enable remote access to resources in an enterprise, the root certificate for the domain must be provisioned on the smart card. From a computer that is joined to a domain, run the following command at the command line:

certutil -scroots update

For information about this option for the command-line tool, see -SCRoots.

For Remote Desktop Services across domains, the KDC certificate of the RD Session Host server must also be present in the client computer's NTAUTH store. To add the store, run the following command at the command line:

certutil -addstore -enterprise NTAUTH <CertFile>

Where <CertFile> is the root certificate of the KDC certificate issuer.

For information about this option for the command-line tool, see -addstore.

Note If you use the credential SSP on computers running the supported versions of the operating system that are designated in the Applies To list at the beginning of this topic: To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel cannot be established without the root certification of the domain controller.

Sign-in to Remote Desktop Services across a domain works only if the UPN in the certificate uses the following form: <ClientName>@<DomainDNSName>

The UPN in the certificate must include a domain that can be resolved. Otherwise, the Kerberos protocol cannot determine which domain to contact. You can resolve this issue by enabling GPO X509 domain hints. For more information about this setting, see Smart Card Group Policy and Registry Settings.

Remote Desktop Tool Windows 10 Download

See also





Comments are closed.