Удаленный рабочий стол: разрешение доступа к компьютеру извне его сети Remote Desktop — Allow access to your PC from outside your PC’s network

Применяется к: Windows 10, Windows Server 2016 Applies to: Windows 10, Windows Server 2016

При подключении к своему компьютеру с помощью клиента удаленного рабочего стола вы создаете одноранговое подключение. When you connect to your PC by using a Remote Desktop client, you’re creating a peer-to-peer connection. Это означает, что требуется прямой доступ к компьютеру (иногда его называют «узлом»). This means you need direct access to the PC (sometimes called «the host»). Если вам нужно подключить к компьютеру извне сети, в которой он работает, необходимо разрешить этот доступ. If you need to connect to your PC from outside of the network your PC is running on, you need to enable that access. Доступно несколько вариантов: использовать перенаправление портов или настроить виртуальную частную сеть (VPN). You have a couple of options: use port forwarding or set up a VPN.

Включение перенаправления портов на маршрутизаторе Enable port forwarding on your router

Перенаправление портов просто сопоставляет порт для IP-адреса маршрутизатора (вашего общедоступного IP-адреса) с портом и IP-адресом компьютера, к которому необходимо получить доступ. Port forwarding simply maps the port on your router’s IP address (your public IP) to the port and IP address of the PC you want to access.

Конкретная последовательность действий для включения перенаправления портов зависит от маршрутизатора, который вы используете, поэтому необходимо найти в Интернете инструкции для своего маршрутизатора. Specific steps for enabling port forwarding depend on the router you’re using, so you’ll need to search online for your router’s instructions. Общие сведения об этих действиях см. на странице wikiHow How to Set Up Port Forwarding on a Router (Как настроить перенаправление портов на маршрутизаторе). For a general discussion of the steps, check out wikiHow to Set Up Port Forwarding on a Router.

Прежде чем сопоставить порт, потребуется следующее. Before you map the port you’ll need the following:

Внутренний IP-адрес компьютера. Найдите его, выбрав Параметры > Сеть и Интернет > Состояние > Просмотр свойств сети. PC internal IP address: Look in Settings > Network & Internet > Status > View your network properties. Найдите конфигурацию сети с состоянием «Работает» и получите IPv4-адрес. Find the network configuration with an «Operational» status and then get the IPv4 address.

Общедоступный IP-адрес (IP-адрес маршрутизатора). Your public IP address (the router’s IP). Существует много способов узнать его. Можно выполнить поиск «my IP» (в Bing или Google) или просмотреть свойства сети Wi-Fi (для Windows 10). There are many ways to find this — you can search (in Bing or Google) for «my IP» or view the Wi-Fi network properties (for Windows 10).

Номер сопоставляемого порта. Port number being mapped. В большинстве случаев это 3389 — порт по умолчанию, используемый подключениями к удаленному рабочему столу. In most cases this is 3389 — that’s the default port used by Remote Desktop connections.

Административный доступ к маршрутизатору. Admin access to your router.

Вы открываете свой компьютер для доступа из Интернета, так что убедитесь, что на нем установлен надежный пароль. You’re opening your PC up to the internet — make sure you have a strong password set for your PC.

После сопоставления порта вы сможете подключаться к компьютеру узла извне локальной сети, подключаясь к общедоступному IP-адресу маршрутизатора (см. второй пункт выше). After you map the port, you’ll be able to connect to your host PC from outside the local network by connecting to the public IP address of your router (the second bullet above).

Вы можете изменить IP-адрес маршрутизатора. Ваш поставщик услуг Интернета (ISP) может назначить новый IP-адрес в любое время. The router’s IP address can change — your internet service provider (ISP) can assign you a new IP at any time. Чтобы избежать этой проблемы, рассмотрите возможность использования динамических DNS-имен. Это позволит подключаться к компьютеру с помощью легко запоминающегося доменного имени, а не IP-адреса. To avoid running into this issue, consider using Dynamic DNS — this lets you connect to the PC using an easy to remember domain name, instead of the IP address. Маршрутизатор автоматически обновит службу DDNS, если IP-адрес изменится. Your router automatically updates the DDNS service with your new IP address, should it change.

В большинстве маршрутизаторов может определить, какой исходный IP-адрес или исходная сеть может использовать сопоставление портов. With most routers you can define which source IP or source network can use port mapping. Поэтому, если известно, что вы собираетесь подключаться только с работы, можно добавить IP-адрес для своей рабочей сети. Это позволит избежать открытия порта для всего Интернета. So, if you know you’re only going to connect from work, you can add the IP address for your work network — that lets you avoid opening the port to the entire public internet. Если на узле, которые вы используете для подключения, используется динамический IP-адрес, задайте ограничение источника, чтобы разрешить доступ из целого диапазона адресов, определенного поставщиком услуг Интернета. If the host you’re using to connect uses dynamic IP address, set the source restriction to allow access from the whole range of that particular ISP.

Также рассмотрите возможность настройки статического IP-адреса на своем компьютере, чтобы внутренний IP-адрес не менялся. You might also consider setting up a static IP address on your PC so the internal IP address doesn’t change. Если это сделать, то перенаправление портов маршрутизатора всегда будет указывать на правильный IP-адрес. If you do that, then the router’s port forwarding will always point to the correct IP address.

Использование VPN Use a VPN

При подключении к локальной сети с помощью виртуальной частной сети (VPN) не нужно открывать доступ к компьютеру из общедоступного Интернета. If you connect to your local area network by using a virtual private network (VPN), you don’t have to open your PC to the public internet. Вместо этого при подключении к VPN клиент удаленного рабочего стола действует так, будто он является частью той же сети и имеет доступ к компьютеру. Instead, when you connect to the VPN, your RD client acts like it’s part of the same network and be able to access your PC. Существует несколько служб VPN — можно найти и использовать ту, которая лучше всего подходит для вас. There are a number of VPN services available — you can find and use whichever works best for you.

Remote Desktop — Allow access to your PC

Applies to: Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

You can use Remote Desktop to connect to and control your PC from a remote device by using a Microsoft Remote Desktop client (available for Windows, iOS, macOS and Android). When you allow remote connections to your PC, you can use another device to connect to your PC and have access to all of your apps, files, and network resources as if you were sitting at your desk.

You can use Remote Desktop to connect to Windows 10 Pro and Enterprise, Windows 8.1 and 8 Enterprise and Pro, Windows 7 Professional, Enterprise, and Ultimate, and Windows Server versions newer than Windows Server 2008. You can’t connect to computers running a Home edition (like Windows 10 Home).

To connect to a remote PC, that computer must be turned on, it must have a network connection, Remote Desktop must be enabled, you must have network access to the remote computer (this could be through the Internet), and you must have permission to connect. For permission to connect, you must be on the list of users. Before you start a connection, it’s a good idea to look up the name of the computer you’re connecting to and to make sure Remote Desktop connections are allowed through its firewall.

How to enable Remote Desktop

The simplest way to allow access to your PC from a remote device is using the Remote Desktop options under Settings. Since this functionality was added in the Windows 10 Fall Creators update (1709), a separate downloadable app is also available that provides similar functionality for earlier versions of Windows. You can also use the legacy way of enabling Remote Desktop, however this method provides less functionality and validation.

Windows 10 Fall Creator Update (1709) or later

You can configure your PC for remote access with a few easy steps.

1. On the device you want to connect to, select Start and then click the Settings icon on the left.
2. Select the System group followed by the Remote Desktop item.
3. Use the slider to enable Remote Desktop.
4. It is also recommended to keep the PC awake and discoverable to facilitate connections. Click Show settings to enable.
5. As needed, add users who can connect remotely by clicking Select users that can remotely access this PC.
   1. Members of the Administrators group automatically have access.
6. Make note of the name of this PC under How to connect to this PC. You’ll need this to configure the clients.

Windows 7 and early version of Windows 10

To configure your PC for remote access, download and run the Microsoft Remote Desktop Assistant. This assistant updates your system settings to enable remote access, ensures your computer is awake for connections, and checks that your firewall allows Remote Desktop connections.

All versions of Windows (Legacy method)

To enable Remote Desktop using the legacy system properties, follow the instructions to Connect to another computer using Remote Desktop Connection.

Should I enable Remote Desktop?

If you only want to access your PC when you are physically using it, you don’t need to enable Remote Desktop. Enabling Remote Desktop opens a port on your PC that is visible to your local network. You should only enable Remote Desktop in trusted networks, such as your home. You also don’t want to enable Remote Desktop on any PC where access is tightly controlled.

Be aware that when you enable access to Remote Desktop, you are granting anyone in the Administrators group, as well as any additional users you select, the ability to remotely access their accounts on the computer.

You should ensure that every account that has access to your PC is configured with a strong password.

Why allow connections only with Network Level Authentication?

If you want to restrict who can access your PC, choose to allow access only with Network Level Authentication (NLA). When you enable this option, users have to authenticate themselves to the network before they can connect to your PC. Allowing connections only from computers running Remote Desktop with NLA is a more secure authentication method that can help protect your computer from malicious users and software. To learn more about NLA and Remote Desktop, check out Configure NLA for RDS Connections.

If you’re remotely connecting to a PC on your home network from outside of that network, don’t select this option.

Remote Desktop — Allow access to your PC from outside your PC’s network

Applies to: Windows 10, Windows Server 2016

When you connect to your PC by using a Remote Desktop client, you’re creating a peer-to-peer connection. This means you need direct access to the PC (sometimes called «the host»). If you need to connect to your PC from outside of the network your PC is running on, you need to enable that access. You have a couple of options: use port forwarding or set up a VPN.

Enable port forwarding on your router

Port forwarding simply maps the port on your router’s IP address (your public IP) to the port and IP address of the PC you want to access.

Specific steps for enabling port forwarding depend on the router you’re using, so you’ll need to search online for your router’s instructions. For a general discussion of the steps, check out wikiHow to Set Up Port Forwarding on a Router.

Before you map the port you’ll need the following:

PC internal IP address: Look in Settings > Network & Internet > Status > View your network properties. Find the network configuration with an «Operational» status and then get the IPv4 address.

Your public IP address (the router’s IP). There are many ways to find this — you can search (in Bing or Google) for «my IP» or view the Wi-Fi network properties (for Windows 10).

Port number being mapped. In most cases this is 3389 — that’s the default port used by Remote Desktop connections.

Admin access to your router.

You’re opening your PC up to the internet — make sure you have a strong password set for your PC.

After you map the port, you’ll be able to connect to your host PC from outside the local network by connecting to the public IP address of your router (the second bullet above).

The router’s IP address can change — your internet service provider (ISP) can assign you a new IP at any time. To avoid running into this issue, consider using Dynamic DNS — this lets you connect to the PC using an easy to remember domain name, instead of the IP address. Your router automatically updates the DDNS service with your new IP address, should it change.

With most routers you can define which source IP or source network can use port mapping. So, if you know you’re only going to connect from work, you can add the IP address for your work network — that lets you avoid opening the port to the entire public internet. If the host you’re using to connect uses dynamic IP address, set the source restriction to allow access from the whole range of that particular ISP.

You might also consider setting up a static IP address on your PC so the internal IP address doesn’t change. If you do that, then the router’s port forwarding will always point to the correct IP address.

Use a VPN

If you connect to your local area network by using a virtual private network (VPN), you don’t have to open your PC to the public internet. Instead, when you connect to the VPN, your RD client acts like it’s part of the same network and be able to access your PC. There are a number of VPN services available — you can find and use whichever works best for you.