Monday, November 10, 2014

Maintaining access to PC while away from home (plus nuclear backup option)

This is fairly straight forward and takes roughly 30 to 45 minutes to configure. If you hadn't done it before, I'd say it'll take about 2 hours.

Problem:
You are going to Abu Dhabi, but you still want to access your home (windows) PC.

Solution:

a) Create backup user (just in case)
b) Enable remote desktop (RDP).
c) Install and configure DNS client to have a stable 'dial-home' address.
d) Configure WOL (wake on LAN) on PC.
e) Configure router to allow remote connections and WOL
f) Configure Scheduled task
g) Configure Power Management
h) Test (also make sure you have whatever notes you need).
z) Plan Z

A) Create backup user

Right click on My Computer, select manage, select users.
There will be a link somewhere to create a user, or just click on a blank space below existing users.
Select New user.
Enter username - something not super obvious like "backup". Instead, make it 'remote' or 'alex2'
Give it a password, check box for 'password never expires', check box for 'user cant change password'. Go to groups, and add 'administrator' group to the list. Click OK.
If you are prompted to enable Firewall rules to allow remote user, click 'yes'
If your antivirus says something, read it, and select whatever options would allow connections.

B) Enable remote desktop (RDP)

Right click on My Computer, select properties, select remote tab, check the box to enable remote access.
Click users button, and add the 'remote' user you created in Step A.

C) Install and configure DNS client to have a stable 'dial-home' address.

Since your ISP can change your IP address (and will change it almost daily) you need a way to find your computer. This is why we install DNS client. It will update your IP every time your computer starts, and map it to a public DNS address which you will use from Zimbabwe or wherever.

My all time favorite app 'DynDNS' is now a paid app, so it instantly seised to be my favorite app.
I've tried Duckdns.org and it seems to work really well. It also allows you google signin, which is nice /borat.
So..

Install - go to Duckdns.org, sing in, and install the client.
Pick a name and enter it in a white box next to "domains". This will be the consistent 'stable' DNS name that you will use to connect to your home PC.
Now, go ahead and start the DuckDNS if it's not already started. It will show up in your task bar (bottom right).
Right click on it, and pick settings.
Enter the DNS name and token 
- DNS you chose (may be the whole name, I am writing this from memory) - somename.duckdns.org 
- Token is available on the top of the webpage after you login.
Make sure you can click OK and things are green, and update works.

Testing via ping wont work, DuckDNS guys protect you from discovery, which is also very nice /borat. 

D) Configure WOL (wake on LAN) on PC and Wake on Timer.

Probably your PC is not configured for Wake on LAN. Most are not.
You will also enable a 'backup' plan to make sure your PC is awake during certain hours.
You will have to reboot the PC, go into BIOS, enable it and save the change.

WOL settings
Reboot PC.
Press DEL key or F2 or F10 like 7000 times. Start mashing the button as soon as you hear a *beep*.
Once inside look either in Power Settings or Network, or Advanced for "WOL" or "Wake-on-Lan" or "Magic packet".
Enable it.
If you have an option for password, enable it as well, and set some easy password, like 'sparky'.
Write the password down.
Save

Setting Wake on Timer
While looking for WOL you may have seen 'Alarm' or 'Timer' or 'Wake on Event' or 'Schedule' or 'Wake on Schedule' or any other permutation of words indication that something will happen at a particular point in time or on event.

Once you find it - Probably under Power Management (might be under advanced).
Set the Wake up timer to around 8am of the timezone where you'll be at.
Save
Exit

E) Configure router to allow remote connections and WOL 

Once Windows boots back up. Go to your router config page.
If you hadn't changed any of the default settings on your router, you most likely have a sticker with all of the info on the back of the router. If you have changed defaults, you probably know what you're doing.

Create 2 rules - one for RDP, another for WOL

RDP
Go to config page - http://192.168.1.1 or something like that
Login
Go to port forwarding page, or Advanced section and then port forwarding.
You should see a button to create a new rule.
Create a rule -
- Name it something descriptive like 'home pc RDP'.
- under trigger or incoming port (usually this is either on the left side or on top of the new rule box) enter some random 5 digit number below 65000. (example 49381 - write it down)
-- we pick a random incoming port instead of mapping 3389 to 3389 to create a tiny bit of security against random port scans. Call it security through obscurity. Every little bit helps.
- for destination port enter 3389
- for destination pc you may either have a drop-down or a list of computers. Best way is to pick a MAC address if you have it. Otherwise Pick a name. If neither of these is available, pick an IP.
-- IP is generally a bad idea, because your router can reassign IP address to your PC if you lose power or if it decides it's a good idea. If you are feeling comfortable in this arena, dig through the settings and see if you can assign a static IP to your computer somewhere to keep this from happening.
Click Save.

WOL
Your router *may* have a specific setting for WOL but I rarely seen this. If it does, enable it, and you're golden.
Using the steps above, you will create 2 additional rules for WOL  - one for port 7, another for port 9.
I think there is a much lesser need to remap ports here, but you still can.

Click add rule
Name - WOL_7
Source port - 7 (or whatever 5 digit number below 65000 - make sure to write it down)
Destination port 7
Destination PC - Your PC by MAC / Name / IP
Save

Click add rule
Name - WOL_9
Source port - 9 (or whatever 5 digit number below 65000 - make sure to write it down)
Destination port 9
Destination PC - Your PC by MAC / Name / IP
Save

F) Configure Scheduled task

In 'Wake on Timer' section we set our PC to wake up at 8am every day.
Now we don't want the PC to run non-stop all day, but we also don't want it to go to sleep, because I've seen WOL fail if PC is sleeping. So instead, we are going to shut it down after 2 hours.

Click Start, type task, count to 3, and you will see 'Scheduled Task' appear.
Select it
Select tasks from the left side
Select 'new task'
Name it something descriptive like - Shut down PC after 2 hours of being awake.
Under Triggers tab, click 'add' or 'new' specify the time 2 hours after you've set it to automatically wake up.
Under Actions tab, click add.
- command will be 'cmd' (no quotes)
- switches will be '/c shutdown /s /t 30 /f' (no quotes)
-- cmd will open command prompt. /c will close it after command executed. /s is to shutdown /t 30 is to wait 30 seconds - if you're logged in, you'll get a warning and a chance to abort it. /f is to force - in case some app is stuck.
Under Advanced
- specify options to run the task if scheduled time was missed.
- specify to kill task if ran for more than 2 hours
- specify other options if may find relevant
- click check box to run using higher privileges.
When you press OK enter your password.

G) Configure Power Management

Press Start
Type power, count to 3, you will see "power management" appear towards the top of the list.
At the main menu, specify turn off monitors after 1 minute - you wont need them since you're connecting remote.
Under sleep specify never - you'll be turning PC off after 2 hours via task above
Under hibernate specify never - same reason as above
Click Advanced
Select 'performance plan'
Click OK till you exit

H) Test it.

Remote login and DNS
You can test it from the same PC, or if you have another one, test it from there.
**If you're testing from the computer you're connecting to, you wont be able to actually login, but if you get the login box, you're in a good place.

Open command prompt - Start+R, type CMD, press enter
type mstsc /v:yourdns.duckdns.org:RDPportNumber
-- mstsc is a program for remote desktop
-- /v is a switch for address
-- : yourdns.duckdns.org is the DNS name you chose yourself
-- RDPportNumber is the port in your router that will forward to 3389
-- example command :    mstsc /v:alexisawesome.duckdns.org:49381

you should get a login box.
-- If you get login box 99% of the stuff you configured is working.
You will see username and password and under domain you will have a name of the box you're presently on, not the name of the box you're connecting to.
Enter username as <computer name you're connecting to>\username
-- example: ALEX-PC\Alex2
Enter password
Press OK
Gold.

Testing WOL

Turn computer OFF.
On another computer or cellphone, go to http://www.wakeonlan.me/ 
-- I've used it for years, but I dont actually know anything about them, or if it still works today
Enter necessary info
-- At this point you will realize you dont have a MAC address because I never told you to write it down.
-- Obtain and write down your MAC address

IP or Hostname - yourdns.duckdns.org:WOL9portNumber
-- example - alexisawesome.duckdns.org:9
MAC will be your MAC 
-- example - 01-23-45-67-89-ab
Password / schedule / zone are optional
Press "Wake up my pc!" button

Count to 3 or maybe 42
Your PC should turn on.

Testing Wake on Schedule

You can either wait until the scheduled time and see if PC turns on
or
You can go back into the BIOS and change the wake up timer to around 2 minutes in the future.
Save
Exit
Turn off PC
Count to 120
PC should turn on
Go into BIOS and Change the timer back to Zimbabwe 8am
Save
Exit

Testing Scheduled task

Go to Windows
Start
Task
Right click on your task
Click Run
Count to 30
PC should turn off

Obligatory funny -


Plan Z

This is my new favorite recommendation because it works, but it's definitely the heavy handed approach.
- Make an account at https://manage.opscode.com/signup (hosted chef - main url here https://www.getchef.com/)
- Download and Install chef-client. Make sure to check the service check-box. 
-- Get files from https://www.getchef.com/download-chef-client/ (main url - http://downloads.getchef.com/ )
- Connect (chef term is bootstrap) your home PC to your hosted Chef account.
-- This is probably the most 'complicated' step in the whole process. Best and simplest way is to head over to http://learn.getchef.com/windows/bootstrap-your-node/ instead of me retyping same same stuff here.

Plan Z in action:
Once your PC is connected to Chef server, you will be able to add items to be executed on your PC from anywhere on the planet without actually ever having to connect to your PC. If your router changes, your PC gets stolen. As long as it's working and has access to internet, you can execute commands on it.

No comments:

Post a Comment

Comments are welcomed and appreciated.