This site requires JavaScript to be enabled

How to Get Started with Windows Remote Desktop Connection

2936 views

UC Berkeley Information Security Policy does not allow broad access to a remote desktop from the public Internet. Best practices is to restrict access with the use of the Campus Remote Desktop Gateway service. The following guide explains how to configure a computer to connect to a Windows computer using the Campus Remote Desktop Gateway service.

Table of Contents

First, Configure a Windows Computer to Allow Remote Access

1a) Enable Remote Desktop Protocol (RDP) Using the BigFix Offer on a Managed Computer (Berkeley Desktop)

If you self-manage your computer, skip to step 1b).

The BigFix offer on Berkeley Desktops will enable RDP, allow the user remote access, and set appropriate firewall rules.  If a customer can accept this offer, you do not need to configure remote access manually.

  1. Look for the blue "b" in your system tray.
    Hidden Icons.png
  2. In the BigFix Support Center, search for "remote desktop."
  3. Select the offer for "Remote Desktop Activation (RDP)" and click Accept. Wait for the offer to complete.

1b) Enable Remote Desktop Protocol (RDP) on a self-managed Computer

Skip this step if you were able to use the self-service offer in step 1a).

Allow RDP Connections

  1. Click the Windows button and type sysdm.cpl to open System Properties.
  2. Enter your administrator credentials to edit properties.
  3. In the System Properties Window, click the Remote tab and select "Allow remote connections to this computer."
  4. Click Select Users.
    image2021-8-5_10-42-29.png
  5. Add your username to the list.

Configure Windows Defender Firewall to only allow connections from the Campus Remote Desktop Gateway service

  1. Click the Windows button and type wf.msc to open Windows Defender Firewall.
  2. Enter administrator credentials to edit firewall settings.
  3. Select "Inbound Rules" in the left window, then "Remote Desktop - User Mode (TCP-In)". Under Actions menu on the right, select "Properties."
    RDP Inbound
  4. On the "General" tab, click the box for "Enabled".
  5. On the "Scope" Tab, under "Remote IP address", select "These IP Addresses:". Then click the "Add..." button.
    RDP Scope
  6. Select "This IP address or subnet:" and enter the subnet address for the Campus Remote Desktop Gateway network: 169.229.164.0/24.
    RDP IP Address
  7. Select OK for the "IP Address" window and the "Properties" window.  If the rule is enabled there will now be a green check mark beside it.

2) Set the Computer to Never Sleep

  1. Click the Windows button and type "sleep" to reveal and select the "Power & sleep" settings.
  2. Set screen to lock after 10 minutes and Sleep to "Never."
    image2021-8-5_10-18-21.png

3) Configure Socreg to Give the Computer a Dynamic DNS Hostname

  1. Log in to socreg.berkeley.edu and register your device or find your device registration (Socreg device registration guide).
  2. Add a DDNS hostname, typically the Service Tag of your computer.
    image2022-2-25_10-6-56.png

Next, Connect to a Remote Windows Computer using Microsoft Remote Desktop

To connect, ITCS recommends using Microsoft Remote Desktop (Windows) or the Windows App (macOS) due to its ease of use, however other Remote Desktop Clients can be configured in a similar way.

1) Configure the Connection Using the Campus Gateway

  1. Open Microsoft Remote Desktop from the Start menu (Windows) or the Windows App from the Applications folder or a Spotlight Search (macOS).
  2. Click the "Add PC" button.
  3. In the "PC name" field, type the address of a remote desktop. Then, in the "Gateway" field, select "Add Gateway..."
  4. In the "Add a Gateway" pop-up window, enter the Gateway name as "gateway.berkeley.edu" and the Friendly name as "Campus Gateway Service." In the "User Account" field, select "Add User Account..."
  5. In the "Add a User Account" pop-up window, enter the user's CalNetID in the "Username" field as "campus\CalNetID" and ask them to enter their CalNet passphrase. Enter and easily recognizable "Friendly name."
  6. Click "Add" in the "Add a User Account" pop-up window.  This will return you to the "Add a Gateway" pop-up window
  7. Verify the user account "Friendly Name" is in the "User Account" field and click "Add."
  8. Finally, click "Add" in the "Add PC" window to complete the configuration.

2) Connect to the Remote Desktop

  1. To connect to the computer, double-click the computer icon.

  2. The user associated with the gateway configuration above will receive a Duo prompt on the Duo phone app. Click "Approve."
  3. Enter login credentials for the remote PC when prompted.
  4. You may receive a warning that "The certificate couldn't be verified back to a root certificate." If you are sure you are connecting to the correct PC, click "Continue."
  5. You have connected to the remote desktop computer!

3) To Save your Credentials for Future Connections

  1. Right-click a PC icon and click “Edit”. Then click the "User account" dropdown and select “Add User Account.”

  2. Enter credentials, type a friendly name if you would like, and click Add.

    This set of credentials will now be available from the user account dropdown in any PC you are connecting to.
  3. To use these credentials each time you connect to this particular PC, click the save button.
Revised by Noah McGee
Last modified 2024-09-27 09:57:51