Tuesday, July 12, 2005

Control a PC for Free

You really can be in two places at once. With a remote control solution, you sit in front of one computer and view the desktop of another computer in a window. Your mouse movements and keystrokes are sent over your network connection to the distant PC, which responds as though you were there in person, letting you run programs, manipulate files, or whatever else you need to do.

Remote-control software lets you access your home computer while you're at work (or vice versa) or use either your home or your work machine remotely while you're traveling. But it's also useful for long-distance troubleshooting (fixing your kid's PC while she's at college) and over-the-phone tutoring (showing a client in another town how to create a crosstab in Access). And with a remote PC connected to a projector, a 15-minute presentation across the country no longer requires a layover in Lubbock.

To make this work, you need a remote PC (the computer you want to control) and a local PC (the one you want to use to do the controlling). Sometimes these PCs are also called the host and the guest, respectively. You also need special software (which you may already have) installed on each machine. But there are two big hurdles that often make it difficult to get remote control working at all: dynamic IP addresses and firewalls.

Enter the Software

Remote control software has two components: a server that runs on the remote computer, and a client (sometimes called a viewer) used on the local computer to control the server. You'll need to set up the server component before you can run the client.

Remote Desktop
Microsoft includes a very good, though basic, remote-control program called Remote Desktop with Windows XP Professional. (It also comes with Windows 2000 and Server 2003, but there it's called Terminal Services.) You can control the PC from any system running Windows 95 or later.

To start the Remote Desktop server, right-click on My Computer in the Start menu and select Properties. This gets you to the Systems control panel. Choose the Remote tab. Turn on the Allow users to connect remotely option, and click on OK.

To control the system from another Windows XP Professional system, click on your Start menu and select All Programs | Accessories | Communications | Remote Desktop Connection. The client software is also available on the Win XP Professional and Home Edition CDs. Type the IP address, name (if it's on your local network), or host name (if you're using dynamic DNS) of the remote computer, and click on Connect. Click on Options to save your settings into a file for quick access next time.

With any luck, you should be prompted with a log-on box. Remote Desktop uses the same authentication system as Windows, so you'll need to enter the username and password for an existing user on the remote system. (Go to Control Panel | User Accounts to create a new user or configure a password for an existing user.) If the remote PC has an account with the same username and password as the current user on the local PC, you'll be logged on automatically.

Since Remote Desktop is meant to help you access another one of your machines, it blanks out the screen of the remote computer when you connect (unless you're controlling a PC running Windows 2000/2003 Server), so people walking by won't be able to see what you're doing. This means you can't use it for presentations or tutoring. For that, Microsoft offers Remote Assistance, which is similar to Remote Desktop but clumsier; it's available through Win XP's Help & Support Center. For further security, Remote Desktop requires the owner of the remote PC to log on again when the remote session is over.

Remote Desktop lets you control performance, screen size, and device sharing, and it even enables you to launch specific programs on connection. It provides more than pure remote control; it offers file transfer as well, by mapping your local drives to the server.

If Remote Desktop's limitations are too restrictive, consider VNC, a free, open-source solution that runs on just about every platform in existence. (You can, for instance, control Mac OS X from your Windows box, or even control Windows from your Palm-powered PDA, and there are no restrictions for Win XP Home.) There are several varieties of VNC available, but the most secure flavor is arguably TightVNC, available from www.tightvnc.com.

Although the option is available in most VNC types, VNC doesn't automatically blank out the screen, so two people—one local and one remote—can simultaneously control the same desktop, and each can see what the other is doing.

Another convenient aspect of VNC is that the viewer (client) software is only a single (about 300KB) EXE file. It doesn't need to be installed, so you can run it just about anywhere, including on public PCs and ones at the office that have been locked down to prevent software installation. VNC's major limitation is that it doesn't offer file transfer. For that, its users often resort to e-mail and FTP.

If you choose to use Remote Desktop or VNC, you'll probably need to figure out how to circumvent private and dynamic IP addresses and firewall restrictions. We show you how to do this below. But users of Windows 98 or later have another good, free alternative, LogMeIn Free. This remote-control solution lacks the file-transfer and synchronization capabilities of the fee-based versions of LogMeIn, but unlike Remote Desktop and VNC, it runs as a service, so the client can be run from anywhere that you can access LogMeIn's Web site, and the tool is able to circumvent most difficult networking issues.

Devil in the Details

Because Remote Desktop and VNC don't have any service acting as an intermediary, your local and remote PCs and their networks must be set up to allow a direct connection between the two computers. Here's what you need to do.

Desktop Within a DesktopFor computers to be able to talk to each other across the Internet, each needs a public IP address. This address is typically assigned to the router on the network that the PC is connected to; the router then assigns a private IP address to the system. (In most cases, the address will look something like 192.168.1.xxx) The router uses Network Address Translation (NAT) to let its PCs interact with systems on the Internet.

First, you need to determine the IP address of the remote PC. If both computers are on the same home or office network, you can use the remote PC's local address. Open a Command Prompt window on the remote system (Start | Run | cmd and click on OK), type ipconfig, and press Enter. (Or, in Windows 9x/Me, go to Start | Run | winipcfg.)

In order to access the PC over an Internet connection, you'll need to find its network's public address. Fire up a Web browser on the remote PC and go to www.annoyances.org/ip; here, you'll see the IP address of your computer as it is seen on the Internet (e.g. (If you're controlling someone else's PC, you'll have to request this information; just ask your partner on the other end to read or e-mail the IP address to you.)

The catch is that most IP addresses are dynamic; routers assign IPs to PCs when they boot, so a single machine may have different addresses from one day to the next. And your DSL or cable provider likely gives you a new IP every time you connect to the Internet (the same is true for dial-up service, but you'd never want to try controlling a PC remotely over a 56K modem). If you want to use remote control regularly, you'll need to make your settings more permanent.

Set and Forget

If the remote PC is connected to a router, you can assign a static (non-changing) IP address to the PC. (This address only has meaning within the remote PC's local network.) Go to Control Panel | Network Connections>, right-click on the connection that you'll be using, and select Properties. Highlight Internet Protocol (TCP/IP), click on Properties, and then select Use the following IP address. In the dialog box that comes up, type the local IP address you got in the last step (for example, 192.168.1.xxx), then enter for the subnet mask and the IP address of your router (usually for the gateway. You should be able to get the addresses of your DNS servers from your router's status screen; otherwise, contact your ISP. Click on OK when you're done.

The IP address of your Internet connection is a different matter, though. Usually the only way to make a dynamic Internet IP address static is to upgrade to a more expensive service, so unless you feel like paying an extra $25 each month, you'll want to sign up with a free "dynamic DNS" service such as www.no-ip.com or www.dyndns.org. The provided software, which updates the service with your current address, lets you connect to your computer with a steady host name like "karp.homeip.net" and forget about any fly-by-night IP addresses.

Poking Holes in the Remote Firewall

The next hurdle is the firewall (and, for most people, the router) that has been dutifully keeping your remote-control software from working.

Firewalls are designed to protect a computer by blocking unwanted network traffic. In order to use most remote-control software, you'll have to create an exception manually in the remote PC's firewall to permit two-way communication. (If you don't have physical access to the remote computer, you'll have to contact whoever does and walk him or her through this process.)

If the remote computer is running Windows XP SP2, the built-in Windows Firewall is likely active. Go to Control Panel | Windows Firewall and, if the firewall is enabled, choose the Exceptions tab. You need to know the port number your software uses; for instance, Microsoft Remote Desktop uses TCP port 3389, and VNC typically uses 5800, 5801, 5900, or 5901. Click on Add Port, type the port number, come up with a name for the exception, and click on OK. There should already be an exception set up for Remote Desktop here (otherwise, create one); just place a checkmark next to any exception to permit it, and click on OK when you're done.

We recommend the use of a more powerful software alternative to the Windows Firewall, such as ZoneAlarm Pro 5.5, PC Magazine's Editors' Choice, especially if a router is not present. If you're using ZoneAlarm, you'll need to add the IP address and subnet of the local computer (or the router's IP address or range of addresses the router assigns) to its Trusted Zone. Follow the directions in the Help index under adding | to the Trusted Zone.

For any other software firewalls, check the program's documentation for exclusion instructions.

Next comes your router. If you don't yet have one for your home or SOHO network, get one. They're cheap and provide strong protection to supplement a software firewall; we recommend using one even if you only have a single PC. Open your router's setup screen, typically a Web page located at (check the documentation), and go to the Port Forwarding screen (sometimes called Applications & Gaming). Each entry on this page represents a different service to be routed; simply add a new one, specifying the appropriate port number along with the IP address of the PC to be controlled. (This is why the PC needs to have a static IP address.) Finally, give the entry a name (e.g. "remote" or "Dimitri"), and click on Save Settings. These exceptions somewhat compromise the security of your firewall, so don't leave them open when you're not using them.

If you're trying to access a PC that's behind a corporate firewall, you probably won't be able to create any exceptions unless you're chummy with the administrator, which leaves you with two choices: Either to dial into your company's VPN network (again, talk to the IT people) and control the remote PC from the firewall, or to use a Web-based product.

Paid Web-based solutions such as GoToMyPC or LogMeIn Pro combine great features and ease of use, but among Remote Desktop, VNC, and LogMeIn's free product, most users should be able to find an effective way to access their desktop remotely without spending a cent.

No comments: