Windows Server 2008 introduced a really great new feature called Fine-Grained Password Policies. This feature allows you to create a password policy separate from the Domain level one and apply it to an Active Directory group. This is really handy for doing things like creating a stricter password policy for Domain Administrators. The problem is you have to go in via ADSI Edit to set it up making it not for the faint of heart. Parhelia Tools makes a really nice GUI front-end for Fine-Grained Password Policies called Password Policy Manager (PPM). Best of all PPM is available free. You can download it from:
Windows Server 2008 introduced a new service called Terminal Services Gateway. It was renamed Remote Desktop Gateway in Windows Server 2008 R2. Its main purpose is to tunnel RDP traffic from a Remote Desktop Client to a Terminal Server farm. However you can also use it as an endpoint for any Windows workstation or server with Remote Desktop enabled via a single public IP address.
All you have to do is add all computers that you wish to remotely access to the TS RAP (resource allocation policy) in the TS Gateway configuration. Install an SSL certificate and publish the TS Gateway server out to the Internet allowing port 443 into it.
Then on the Remote Desktop Client click on Advanced tab and then the Settings button under “Connect from anywhere”. Finally enter the server name that you published out for the TS Gateway server. You can now go back to the General tab and enter any computer name that you added to the TS RAP policy and connect.
That’s it. No VPN’s, only a single publishing rule on your firewall and everything is encrypted via SSL.