Not sure if I can make it clear, feel free to ask questions. So I have a PC which is connected in a corporate network. I can access that PC from my home through VPN by Remote Desktop Connection.
Now I will have another computer connected to the office PC via LAN cable. Will I be able to Remote Desktop that LAN connected PC via my Office PC from home?
The main PC and new PC have 2 RJ-45 port in rear side.
The new PC is for personal projects, approved by the IT dept but can not go online. So I was thinking maybe I can login to my main PC from home and then connect to the new PC through main PC.
Current situation:
You are able to access WORK PC through HOME PC via VPN
INTERNET ——- CORPORATE NETWORK ——- WORK PC
INTERNET ——- HOME PC
Your new situation:
You are connecting a new WORK PC to the current WORK PC using a LAN cable
INTERNET ——- CORPORATE NETWORK ——- WORK PC <—LAN CABLE—> NEW WORK PC
The answer is NO
You need to connect the NEW WORK PC directly to the CORPORATE NETWORK unless you setup a DHCP in your current WORK PC
The current and new situation you illustrated is correct!
If one can use Remote Desktop in a LAN network (No Internet at all), why cant I connect to the new PC from main PC? BTW, the main PC has and new PC has Dual network card.
That is because the LAN network router generates a DHCP address (local IP address) for each computer connected to the router. If there is no DHCP server, your new WORK PC has no address, how to send a letter to someone with no address. Now you mentioned, your current WORK PC has two network cards -> two LAN ports? or a WiFI & a LAN port?
Okay so how do I set that up?
@bargainaus:
Wait, let me clarify something first. You said the new WORK PC is approved, but not allowed to go online, what do you mean? Can it even connect to the WIFI or anything?
UPDATE
If there are two network cards in the main WORK PC:
(1) is connected to the corporate network
(2) is connected to the new WORK PC
You can enable ICS on (1) and share it with whatever is connected to (2)
But I am not sure about your company policy, by doing this, it is as if the new WORK PC is connected to the corporate network via your main WORK PC (well, you may be able to do it quietly)
@brokenglish: If it goes online, that has to be IT dept approved. They will install loads of crapware and would like to have absolute control over that PC (like all other PC in the network), preventing me from having admin privilege. The new PC is for scientific number crunching and nothing else, no need to go online. By using it totally offline, we are having no intrusion from IT dept.
I'm actually not sure if it has dual network card, but there is 2 RJ-45 port in rear side. Its a HP Z820 Workstation, if that helps.
@bargainaus:
This VPN that you are using, who set it up? Is it the company VPN?
If that's the case, you can't access the new WORK PC, because the VPN server (corporate nerwork) can't detect anything not connected to it - your new WORK PC.
If you setup your own VPN server on your main WORK PC, it may be possible…
How about I set up a LAN network between Main PC and new PC and disable internet sharing from main PC, then connect to main PC from home and then connect to new PC via LAN through main PC???
@bargainaus:
That's what I am about to say but I'm currently testing the idea, one sec…
UPDATE
I just tried:
WORK PC -> VPN to HOME PC -> VPN to WORK PC -> try to locate/ping the OFFLINE PC connected to my WORK PC
This doesn't work.
HOWEVER
If you use VPN from home to remote desktop your main WORK PC, and from your WORK PC, you remote desktop to the OFFLINE PC
This will work
Remote desktop-ception will work~
Make sure in your main WORK PC, there are two LAN adapters
What is the OS?
If you go to Network and Sharing Center (right click from internet icon or from Control Panel)
Top left, choose Adapter Settings
You should see TWO Local Area Network Adapters
@brokenglish: Well I stuffed up, just realized that the new PC (HP Z820) has 2 RJ45 port in rear, but the main work PC (HP Z220 CMT) has just 1 RJ45 port. I am not sure about dual network card.
Here is a similar HP Z220 CMT - http://www.graysonline.com/lot/0001-2129594/computers-and-it…
I am more than happy to be able to connect from home to work, no need to connect fro work to home.
@bargainaus:
That is sad…
If you desperately need to access the new WORK PC from home and willing to spend a few dollars, you can get a cheap wifi router and a wifi dongle for your main WORK PC
@brokenglish: That will make the new PC online, which I don't want. Should I buy an Ethernet hub to connect both work PC and new PC into it?
@bargainaus:
Yes I know, that cheap wifi router doesn't need to go online…
Ethernet hub? Your main PC has no extra LAN port, how do you connect your main WORK PC to the ethernet hub ._.
You need a wifi dongle that connects to the wifi router and that router connects to your new WORK PC
@brokenglish: How about I increase Ethernet connections from 1 to 2 sockets - http://www.ebay.com.au/itm/271825431080
I will connect it on main PC and connect both the internet connection and new PC to it. Note that, with this or HUB, internet connection will not be direct to the main PC.
@bargainaus:
No, that splitter won't work, your main WORK PC can't assign an IP address to the new WORK PC if it's already connected to the CORPORATE NETWORK
If you are willing to spend something, get a new network card, you can get it cheap from MSY (idk where you are) for $13
I dont and never have tried using Ethernet Splitter. If you are cheapskate (sounds like you are), you can try
@brokenglish: Buying a new card crossed my mind but the IT dept will not allow it. I really appreciate your response here. :)
No, that splitter won't work, your main WORK PC can't assign an IP address to the new WORK PC if it's already connected to the CORPORATE NETWORK
Hmm, The new PC is not connected to the corporate network. Do you mean when I connect it to the Splitter?
@bargainaus:
Yes
Theoretically using ethernet splitter can work but I've never tested it
Your PC needs to be assigned a static IP from your corporate network though
@brokenglish: How about this then? :) - http://www.ebay.com.au/itm/272061871192
Main PC's RJ45 —-> Corporate network (Internet)
Main PC's USB —-> New PC's RJ45 (No Internet)
And since no splitter is used, there will be no concern over speed degrade.
@bargainaus:
Just did a little research, that won't work as well :(
By using this, you are erecting a USB cable from your main WORK PC to the RJ45 port of your new WORK PC.
There's nothing on your main WORK PC to regulate the IP address of the new WORK PC.
Answer is no…
@brokenglish: This article says its possible to connect to internet using USB RJ45 adapters - http://www.howtogeek.com/205097/ask-htg-how-can-i-add-an-eth…
Pardon my ignorance, but why can't it be then used to connect in a LAN network between to PC? Its worth noting that they used a different adapter - http://www.amazon.com/dp/B00484IEJS/
Edit: I think the important thing is whether or not the adapter has network chip built in, the above adapter from amazon seems to have chip in it, the smaller ebay one does not. In short, the chip one will come with driver CD. Its basically an external NIC. Bit discussion here - http://forums.whirlpool.net.au/archive/1638788
Looks like MSY has a similar one to Amazon - http://www.msy.com.au/vic/cheltenham/peripherals/15841--edim…
Or a cheaper one - http://www.msy.com.au/vic/cheltenham/peripherals/12269-partl…
@bargainaus:
The one you showed me before was USB FEMALE to RJ45 MALE -,- and that, is not possible
http://www.ebay.com.au/itm/272061871192
USB MALE TO RJ45 FEMALE is possible, because it will create a network adapter in your computer ._.
http://www.msy.com.au/vic/cheltenham/peripherals/15841--edim…
They do different things man
@brokenglish: Your logic is literally broken. The second one will create a network because it has a network chip built into it, basically its an external NIC. The first one has no chip. USB Male/Female has nothing to do with it.
That's just plain wrong.
You can manually set up IP addresses on both machines to be on the same subnet.
You can also give a network adapter 2 different IP addresses so that they can all see each other.
mobile tethered as a network adapter and openssh
If you want a simple way to go about this using the above logic.
Now u should be able to vnp from home to your corporate network then rdp to your work pc.. From your work PC, just rdp to 172.16.0.2
done.
Yes that's what I was thinking to do, I did step 3 to 5 in my UNI days 10 years ago when we used to hookup PC's in dorm. The only new thing is the USB Ethernet dongle, and which one to buy.
BTW, what's crossover cable? Should not CAT 5 Ethernet cable do the job?
cross over cable, crosses the data and rec wires, when not connecting via a router, which does this for you… they were generally yellow.
networking is not my thing, i think its somewhat correct
Crossover cable is just a modified CAT5 ethernet cable designed to directly link common devices together, without having to go thru a switch or a router as a "go in between". A crossover ethernet cable is usually used for connecting eg NIC-NIC, HUB-HUB, SWITCH-SWITCH, etc.
However Modern NICS are smart enough these days to allow for whatever cable used, eg straight thru or crossover will both work.
Do you think normal CAT5 will be okay with this? - http://www.msy.com.au/vic/cheltenham/peripherals/15841--edim…
if you can remote desktop from your work prc to work pc2, can you not just do this, then go home, and remote desktop to work pc.
what o/s is it? what is it specifically for?
forge this, pc2 is not internet ( or is itb? )
if your it department wont let you put this on the internet through normal connection, wont they get angry if you do something dodgy?
why not just put a vm on your work pc?
OS is Win 7 64bits.
Work PC2 does not need to be online, and I want to keep it that way to avoid overlordship of IT dept. They are only good at this.
It is a common practice at our work place to have offline workstations to be used as number cruncher, we have several of them here. One colleague has 2!
if you can remote desktop from your work prc to work pc2, can you not just do this, then go home, and remote desktop to work pc.
I'll do exactly that but first need to get an external NIC since main work PC has just 1 RJ45 port and that is used to connect to the Internet.
I'm not sure how a VM helps in this case.
understand you needed a second NIC in your work pc, which wont happen
im not 100% sure if what i am saying is cr*p, just thought maybe a VM allows you to have a sandbox env, that cant do damage.
i guess if you need to compute power a 2nd pc is required, although i find when i run python scripts etc on my pc they only use at most 20% of cpu, so splitting the work between 3 instances of a script is more useful.
i do some insane aggregation using a cluster of pcs in a hadoop cluster, not sure if you do similar, but could be useful for you.
I bought a USB NIC today, works like charm on my main work PC as 2nd NIC.
I do some insane real world physics simulation, got the 20 core monster PC instead of cluster to take advantage of SMP. But still it takes weeks to finish one simulation run.
Team Viewer…..BOOOM everything is solved….thank me later…
You did not even read the thread properly. Its not a problem with Remote protocol (software end), it is a hardware connectivity issue.
Remote desktop into your VPN PC then use Team Viewer via LAN with the last PC…
By the way, I read previously that it needs to be set up correctly but I have never needed to use this method myself.
Edit: Work PC 1 and 2 has to be connected via xcable to get a lan connection. And also please update the opening post, it is quite unclear. Not everyone have time to go through all the discussion.
You don't need a Xover cable anymore unless your NIC is 10 years old +
Remote Desktop Connection is Microsoft's best business product. I use it to connect to a server. All users in the office log into Remote Desktop Connection wirelessly, so there's no cabling, no local programs to break, and the whole busines is in a single box.
IP, username /password takes me to any desktop in the conpany from anywhere in the world. There's even an apple version.
Assuming you are using mstsc.exe, try this link. It's XP but hopefully points the right way. Apologies if I am misdirecting you.
http://www.pchell.com/support/useremotedesktoptoaccessmultip…
You can do it.
Remote desktop to the first work computer. While you are on the first work computer remote desktop to the second.
What's the problem?
I do it all the time but I use VNC for the second computer I don't think RDP would be a problem
No it wouldn't be a problem. I wish I'd given your answer.
If you can connect to your new work PC from your existing work PC and you can connect from home to your existing work PC then this is the answer you are looking for. No need to install anything extra, no need to plug in unauthorised hardware.
Only minor draw back is the more RDPs within RDP the more lag.
anyone ever tried vnc to the same machine, its pretty funny.
i edited my colleagues host file mapping a server to his ip, he got confused
there is no connectivity between the pc and 2nd pc, as only one nic in main pc which is cnnected to LAN
You can do this as per the solution j03 gave you. The Edimax USB adapter you're looking at doesn't say it supports Auto MDIX (the ability to adjust for crossover or not) so I would use a crossover cable to be safe.
To have it 'offline' but remotely accessible. If you have a second NIC in your main computer you can do the following.
Enable RDP on the secondary machine
Give both PCs a local IP on a subnet that isn't used by your IT dept. i.e. 10.8.20.1 and 10.8.20.2 , leave gateways blank.
RDP over the VPN to your main PC, and then RDP across from this PC to the secondary PC.
Is there any reason why a mobile tethered as a network adapter with openssh wouldn't work? I'm assuming that if the machine is for "scientific" data crunching then you should only need a CLI for remote administration.
Then again, if its for pseudo-scientific purposes it would explain your blinkered focus on a convoluted solution.
I did not neg you buddy, chill.
All good. The negs are just representative of those who can't accept there's an easier working solution in the face of their Rube Goldberg contraption. First post was a solution in 8 words.
@bargainaus: You have a few options and I'm sure you'll choose what's most suited to your needs.
There are many other solutions unmentioned. Your proposal is certainly valid but not make it more easier to implement if u have missing equipment and config required. The other solution will also work….but..in any proposed solution…
Your biggest problem will be if it contravenes your workplace policy.
You're probably violating IT & Company policy by connecting a device to the network that isn't meant to be there. because while you perceive this as being "offline" - it's not. It's now a networked computer/device. How it is networked is irrelevant. It is. You're introducing an insecure component to your business network.
Say your home PC becomes infected with malware. The security controls in place on your main workstation and the company network may prevent it from spreading from an untrusted source (eg your home network). However you've now created a connection between your home computer and an insecure device on your company network which has a trusted relationship to your actual work PC.
So just a warning. Because if some how you introduced a major issue or some how brought down the network due to your actions, it may cost you your job, and a lawsuit for costing the company in lost sales/productivity/reputation/whatever because you intentionally violated/bypassed the security policies.
Another reason why new PC should not connect to internet. It will connect to main PC via LAN to facilitate hundreds of GBs of data transfer after computation and to keep an eye on the computation solution progress from time to time. All 3 PCs have MalwareByte installed. It's not in violation of company policy if someone connects an external device.
@geoffellis is right, no matter now you say it, even if it just the screen sharing, your networks are connected.
More unfortunately, it is likely to give you a false sense of security.
We are not picking on you, we are worry for you as our fellow Ozbargainer who might ended up losing your job.
Better check your HR policies as well as IT department End User policies before even attempting this.
Good luck buddy.
I appreciate the good gesture offered by people here. All these monster machines have been purchased through the IT dept, and they don't bat an eye about how to use them. Only thing I see is when going online, hand in your admin privilege.
@bargainaus: Sure but consider the data set you are crunching contains SPI pertaining to your company/client. Perhaps your algorithm is valuable to the company. Taking into account a reasonable level of assumed knowledge given your activity in this post you put yourself at risk by circumventing the established security measures because your understanding of network security is not sound and you are implementing a solution to your level of knowledge.
With that being said, if you've crossed your ts and dotted your is and sure there's nothing of value to be had from said machine … then I'd ask how you got approval to purchase the machine in the first place. No in all honesty, just be careful.
@kywst: The machine costed 15,000$; so definitely not my money. :) Its pretty common to purchase a HPC system or even a cluster to do scientific number crunching at our place. Its been Approved, Paid and bought by the administration. You will be surprised how much beating these things go through. Right now 2 other HPC boxes are lying on the carpet 10 feet across from me, used by a colleague. Wanna know what he did to circumvent intrusion of the IT dept while connecting to Internet? He installed Open SUSE!
But you are right that there is certain IP concern when I think about going online, the Monster machine must not get compromised as it contains valuable research findings.
You seem to have missed the point.
It doesn't matter how you've obtained the machine. You were denied permission to connect it to the company infrastructure. You are attempting to bypass that and do it any ways.
It doesn't matter if it's connected to the PC first. That PC is part of the infrastructure. It is a networked component. You routing the connection through it does not automatically absolve you of any wrong doing simply because "it's not connected to the internet".
What you don't seem to understand, is that if your work PC is connected to the internet, and this machine is connected to your PC, then unless you know how to properly secure it (which I doubt), then the machine is also connected to the internet. You may not be able to access the internet directly, but a hacker, or some malware, may be able to by reconfiguring your PC.
It sounds to me that your organisation was led to believe that this system was to be air-gapped. Which is why they give you admin and let you do whatever you want, because an air-gapped computer can do no damage.
But it comes down to this: If you had permission, and your organisation thought that this was acceptable use - then you could have your IT department help you set this up. But you know the moment you tell them your intention they're going to turn around and tell you that you aren't allowed to do this. It's a security concern.
Bought the Edimax EU-4208 from MSY, along with 3m RITMO crossover cable. It works! Thanks guys.
Now can anybody tell me why the file transfer speed is 12MBPS only instead of 60MBPS standard 10/100 speed? It will take ages at this speed to transfer daily worked files.
12MiB/s is about right for a 100mb/s network.
100 / 8 is 12.5MiB plus some overhead which gives you roughly 10-12MiB/s
Aha, so 480mbps (60MB/s) is USB 2.0 standard, whereas 100mb/s is Ethernet standard, causing the bottleneck situation.
Now thinking whether I should have listened to j03 and bought the TP-Link UE300 for 12$ more, hmmm… Could have gotten 60MB/s or 125MB/s at least (depending on which one causes bottleneck, USB 2.0 or Gigabit Ethernet).
Yeah the 100mb/s Ethernet is causing the bottleneck in this situation. If you had gotten a Gigabit adapter, the USB 2.0 port would then become the bottleneck. The USB protocol carries a higher overhead so the real world speeds will be more like 20-30MiB/s which would still be significantly faster.
Yep I did suggest to get the usb 3 gigabit dongle as your HP Z220 come with USB3.0 ports that is more than enough to cater for the bandwidth requirement for the gigabit dongle. I certainly would't be happy with 12MB/s transfer rate if you have 200+GB data..
Did you sort out your unidentified network issue?
START | RUN | mmc
File | Add/Remove Snapin (or ctrl+M)
Group Policy Object Editor | Add | Local Computer | Finish | OK
Local COmputer Policy | Comp Config | Windows Settings | Security Settings | Network List Manager Pol |
Select which Network you want to alter. eg. Unidentified Network .. choose User Permission to be able to change.
Exit. Reboot.
PS: I'm not a fan of TPLINK. I'd rather get the edimax over tplink if those are the only choices.
I'll give that a try, but will that procedure make the LAN network visible to other users in the corporate network?
And how do I install the driver from Original chip manufacturer when the Windows 7 64-bit Driver version does not have any installer or exe? Link - AX88772B
Windows 7 32-bit/64-bit WHCK drivers setup program is available from URL you provided else you can install through Device Manager.
@bargainaus: Haven't really looked into it but a guess would be the drivers contain an *.inf and/or *.cab or *.dat. The driver installation program may require these files to be in the same directory as the setup program or it may prompt you to locate them. If you can't get the setup program to work then launch device manager and choose to manually install hardware -> nav through the prompts and browse for the *.inf.
I haven't touched Windoze in years though so I could be way off base.
Yes.
Yes what?
yes its possible you need to nat your pc on the firewall and enable it for rdp
hi bargainaus.
Is it possible the computer that 'cannot go online' be connected to a corporate LAN cable?
If so, then do that, but configure IP address manually(not DHCP) on the personal PC to be something completely different to the corporate LAN environment.
e.g. if you Corp LAN is 10.1.1.X, then setup this personal computer to be 15.1.2.10, subnet mask 255.255.255.0, no gateway.
Then, on the work computer, configure IP with an additional IP of 15.1.2.20, subnet mask 255.255.255.0, no gateway.
This way you can then rdp to personal computer(using the corp lan infrastructure) without it being on the web.
If connection to corp LAN not an option, get a cheap switch, plug all LAN cables into it, but still assign the IP's as above.
I have not tested it, but is a simple test and easy to configure. Just not sure if no gateway will restrict comms between the 2, but the principle here is to ensure the personal PC has no knowledge of anything outside of 15.1.2.x, being the corp lan or the web.
Hope this helps.
If you read the whole entirety, what the OP is doing is a very contentious exercise! I really believe that the term "ONLINE" is being misrepresented or only being interpreted to mean "connected to the internet". To me being online is a state of connectivity by which a machine currently have the mechanisms to be able to communicate with other machines (eg via modems, network devices, other pcs, etc). The fact that PC1 is able to be accessed by PC2 is already considered "online".
If the Companys policy strictly states that anything to do with IT Infrastructure requires you to go thru the IT Department and their approval, just why are you bypassing that policy? Perhaps you could've misunderstood the term "online" and what they really mean is that it should remain as a Stand Alone PC that can only be accessed locally and should not be accessible online (any network including the internet, corporate vpn, etc).
In all cases proposed here, it should really be going thru the company's IT Departments approval!
So should you try implementing @dlf73's proposed solution & it is not approved and end up introducing issues (eg. degrade the network due to conflicts and misconfiguration, security holes & breaches, bridge loops, bandwidth issues, etc etc) to the corporate network, then its your ass on the line. Depending on the infrastructure, any competent IT guys will be able to pin point the source of rouge/unapproved activity or configuration.
don't brush off wise pointers as ignoring them can get you in all sorts of trouble one day.
Does the main office PC have multiple network cards?
Why have you linked the 2nd computer directly to the first one? Can you not just plug it into another LAN port in the office and access it directly like you do with the main PC?