We have a RDS server in production that a majority of our users need access to. This is about 40-50 people that use RDS daily. About 60% of these users are here at our hub, the other 40% are at one of two sites that are connected to our hub via a MPLS; these clients resolve the private/internal IP and do not use the WAN/public IP to remote to RDS.
However, there are small group of people (about 10-12) that sometimes work from home, myself included. To accomplish this, RDPport 3389 was opened on the firewall and forwarded to the RDS server.This was done before I started working here, otherwise I would have fought against it. Now I want to close the port externally and configure a VPN or other solution like TeamViewer, but my boss said "no." I wasn't thrilled at the idea of working on people's home PCs, but this needs to change...
As it is...