Remote Access to Win Server based on ip and username


Recommended Posts

Hello Guys,

 

I have a VPS Server running Windows Server 2008 R2 Standard. I access it using Remote Desktop Connection. I have admin rights so I can login and do my stuff. I wanted to give restricted access to 1 more guy so I created his normal user account and configured it so that he can also access it.

 

But I wanted that his access is restricted by IP address so he can only access from work. To do this I configured the firewall so that connections only from specific IP is allowed. Though it worked, it is applied for everyone which means even if I try to access it from some other IP I can't. How can I restrict login via specific ip this for only his account ?

 

I would be glad if anyone can help me.

 

Thank you,

 

Jack

"How can I restrict login via specific ip this for only his account ?"

On the firewall you don't - you need to setup your firewall rule to allow both your IP and his IP.

I didn't understand what you guys are trying to say. If I configure RDC rule in firewall and specify IP address then it accepts login from only that ip. Though it does the job but the problem is 1. my ip is not static 2. it applies to all accounts (and I want his only).

Remote programs like Teamviewer or VNC does not work properly in Windows Server. As long as the RDC window is open it will work and the moment that window is minimized or closed teamviewer stop working. Whats the point of teamviewer when I can anyways see the desktop through RDC.

Does not work properly on server...that is interesting because I use programs like them all the time to remotely connect to servers to administrate them. What is this "does not work properly" you are referring to?

Very specifically I manage over 500 servers with logmein.

"1. my ip is not static 2. it applies to all accounts (and I want his only)."

How would other accounts becoming from his IP? And even if they did, they would still need his account info to login? So confused as to how 2 is an issue?

As to 1, but his is? Where are you coming from - yeah not having a static IP can be an issue with trying to create firewall rules that limit by IP ;)

as to

"Remote programs like Teamviewer or VNC does not work properly in Windows Server"

Your confused for sure - both teamviewer and vnc work just fine on all flavors of windows.

http://www.teamviewer.com/en/help/38-Which-operating-systems-are-supported.aspx

Which operating systems are supported?

TeamViewer 9 is available for the following operating systems:

Windows

Windows Millennium Edition / NT(Service Pack 6a, at least IE 5.5) / 98 *

Windows 8 / 7 / Vista / XP

Windows Server 2012 / 2008R2 / 2008 / 2003

Windows Home Server / Home Server 2011

http://www.realvnc.com/products/vnc/tech-specs/

Supported platforms

Windows

x86 and x64 architectures supported, where available:

8.x

7

Vista

XP

2000

Server 2012

Server 2008 R2

Server 2008

Server 2003

NT 4 (SP6a)

Thank for your help. I think there is some confusion and I will clear it.

 

1) I have admin access and the other person is a standard user. I wanted him to access the VPS server from work only. But the problem is at my workplace the IP is dynamic so restricting access on the basis of ip isn't possible. Plus if I create a firewall rule and restrict by ip it applies to all accounts in that server. (please note that the vps server is located somewhere in the planet and not at my workplace)

 

2) When I said teamviewer does not work properly I meant that teamviewer in server works only if the RDC connection is open. This is a problem because why would I need teamviewer if RDC is open, I might very well use the RDC. If RDC closes teamviewer doesn't work and this destroys the very purpose itself.

 

I hope this helped.

"I meant that teamviewer in server works only if the RDC connection is open."

What??? Nonsense, Teamviewer or logmein or vnc have nothing to do with remote desktop being available or not. Nothing!

"But the problem is at my workplace the IP is dynamic"

So his public IP is dynamic? I find this unlikely to be honest.. At most what a pool of a couple of public IPs, so limit it to the public IPs of your work. This is server at some host somewhere on the planet right not your work network.

Now I agree we don't want anyone from the internet to be able to access port 3389 and maybe guess a username or password to login. So you create a firewall rule that only allows the public IP address of your work, lets call it 1.2.3.4 for example.

Now only someone from work can access your VPS via remote desktop. That your place of work allows 3389 outbound to the public internet is an issue for another discussion ;) Who at work would have his user name and password, are you worried about someone at work knowing your VPS ip address, and username and password to access remote desktop?

Lets say work owns 1.2.3.0/24 and you don't really know what IP address he might come from - it could be 1.2.3.1 or 1.2.3.254 or anything between. So just allow 1.2.3.0/24 Your still blocking 99.9999999999999999999999% of the rest of the internet.

So I wold take it you can connect from this place of work as well, so that firewall rule covers both of you. Now guess you want to able to access it from Home as well, right - so create a rule that allows your home IP as well. Do you want to access it from your local starbucks, then go to your local starbucks and look to see what their public IP is via something like whatsmyip.org and set a rule to allow access from there.

Just because home users get their IPs via dhcp from their isp does not mean they change hourly.. I have had the same IP address for year something. And I can tell you for example that the public Ip address at starbucks is not going to change very often.

As to what sc302 is saying, is allow vpn connection from ANY IP.. This is going to be a secure connection requiring more than just username and IP.. I would suggest say openvpn with TLS auth, so user has to have KEY to access your server..

edit: So here is me connected to a windows server os 2k8r2, it has remote desktop disabled.. See where I point that out in the screenshot via my teamviewer connection to it ;)

post-14624-0-39754700-1384137328.png

  On 11/11/2013 at 02:22, BudMan said:

"I meant that teamviewer in server works only if the RDC connection is open."

What??? Nonsense, Teamviewer or logmein or vnc have nothing to do with remote desktop being available or not. Nothing!

"But the problem is at my workplace the IP is dynamic"

So his public IP is dynamic? I find this unlikely to be honest.. At most what a pool of a couple of public IPs, so limit it to the public IPs of your work. This is server at some host somewhere on the planet right not your work network.

Now I agree we don't want anyone from the internet to be able to access port 3389 and maybe guess a username or password to login. So you create a firewall rule that only allows the public IP address of your work, lets call it 1.2.3.4 for example.

Now only someone from work can access your VPS via remote desktop. That your place of work allows 3389 outbound to the public internet is an issue for another discussion ;) Who at work would have his user name and password, are you worried about someone at work knowing your VPS ip address, and username and password to access remote desktop?

Lets say work owns 1.2.3.0/24 and you don't really know what IP address he might come from - it could be 1.2.3.1 or 1.2.3.254 or anything between. So just allow 1.2.3.0/24 Your still blocking 99.9999999999999999999999% of the rest of the internet.

So I wold take it you can connect from this place of work as well, so that firewall rule covers both of you. Now guess you want to able to access it from Home as well, right - so create a rule that allows your home IP as well. Do you want to access it from your local starbucks, then go to your local starbucks and look to see what their public IP is via something like whatsmyip.org and set a rule to allow access from there.

Just because home users get their IPs via dhcp from their isp does not mean they change hourly.. I have had the same IP address for year something. And I can tell you for example that the public Ip address at starbucks is not going to change very often.

As to what sc302 is saying, is allow vpn connection from ANY IP.. This is going to be a secure connection requiring more than just username and IP.. I would suggest say openvpn with TLS auth, so user has to have KEY to access your server..

edit: So here is me connected to a windows server os 2k8r2, it has remote desktop disabled.. See where I point that out in the screenshot via my teamviewer connection to it ;)

attachicon.gifteamviewer.png

 

Thanks buddy for your inputs. Lets solve this one topic at a time:

 

1) Team Viewer

I don't know how teamviewer worked in your server but read below a mail I got from teamviewer when I told them that I am unable to connect if RDC is off.

------------------------------

Pasting email contents

------------------------------

Dear Sir,

Thank you for your reply.

Basically if there is no active RDC connection to a user profile then there will no active desktop generated for TeamViewer to connect to. Hence in regards to "How to use teamviewer if my RDC window is not connected/closed." this is not possible to due to software limitations.

Also please excuse my colleagues statement as it may be misleading for your scenario. TeamViewer does not replace RDC connections, it only enhances it (more functionality plus allows multiple users to see the same screen).

If you have any further questions or require further information, please do not hesitate to contact us.

P.S.: TeamViewer 9 is ready - Secure your introductory discount now!

www.teamviewer.com/version9

Best Regards,

William Luu

-Support Technician-

------------------------------

TeamViewer Pty Ltd * www.teamviewer.com

 

--------------------------------------------------------------

 

2) So his public IP is dynamic? I find this unlikely to be honest. <----- come on, do you think I am making this up.

 

3) I did understand your login behind the IP thing.

 

a) i am not worried that someone else from work will access it using his username or password (it wont happen)

b) all I want is for him not to access the RDC from any other location (except work)

c) the ip at work is dynamic so it changes frequently (i.e. maybe one a day or once in few days or if router is restarted)

d) I dont know how your dynamic ip didnt change for months or an year but here it changes within days if not earlier.

e) I cannot restrict by public ip as it changes (mentioned above) plus it applies to all accounts. The last thing I want is that i myself cannot login.

f) Same case for my home as its ip is also dynamic.

g) Because the ip changes completely I cannot form a pool or state from 1-10.

 

I hope this helped.

No none of it helps because all your stating is gibberish nonsense.

What did you email them when you got that email back for starters? No **** you can not teamview to profile that is not active. If you wanted to support someone. If teamviewer is running as s service or you are consoled in when running it then you can teamviewer to it. But no you would not be able to teamviewer in if the software is not running.

This was your question?

"How to use teamviewer if my RDC window is not connected/closed." What was the rest of it? No you would not be able to teamviewer in and help someone that only has remote desktop access to something.. etc.. Since how would they run tv, etc. Which has NOTHING to do if tv is installed as a service on the machine.

So where is the question you asked them in detail?

2) Yeah I do!! Lets say they reboot the router daily, lets say that isp changes the IP address on purpose.. Your still going to be inside a network block of a.b.c.0/mask so there will be a range of ips, be it 254, be it 2k be it 4k, etc. That you will fall into.. So lock it down to this and your done.. This person can only access the remote desktop from that location or if he vpns into that location, or for some crazy reason he lives in the area and has the same ISP.

But a place of business would normally have a static anyway, other than small ma and pop shops with home internet type connections. So I take it this is a ma and pop shop?

b) if you limit the ip range to who can access he wont.

c) makes no matter to the solution allow the netblock as already went over in great detail!

d) Because of how dhcp works, there is a lease time.. You get the IP address for a specific amount of time. Even if you shut off your device that lease is still yours until it expires. Only once the lease has expired does the IP address go back into a pool for reissue. So even if off for length of time, that IP address is still under lease and you will get it back when you comeback online. These leases are normally for hours if not days.

post-14624-0-74481400-1384262663.png

So there is my lease from my router.. Notice the time of the lease 345600 seconds = 4 Days.. So I could turn off my router and would have somewhere short of 4 days before my IP address would be returned. Since you renew it at the 50% would have min of 2 days on the clock. This is how you keep the same address even if dynamic.. You keep renewing it if on, and even if off you need to be off for longer than the lease to loose the Ip address you had. Work you would think would be on 24/7/365 --- keep in mind not talking about your local rfc1918 address that your work dhcp hands out, since this has nothing to do with anything your talking about.

e) already answered in great detail as well - use a netblock

f) Again netblock!!! What do you not understand about a range of addresses? An ISP can only hand you an address they own, so its going to be a very small range.. If you see in the above lease.

option subnet-mask 255.255.248.0;

so /21 or 2046 addresses.. How is that not good enough restriction??

g) more gibberish!

edit: Here you go - look accessing via tv, remote desktop not running. Can access whatever profile I want, etc. So your problem with what tv sent you was how you asked the question. Because clearly I am remoted to this machine, can login to whatever profile would be available on the machine and remote desktop is not running - look no 3389 port even listening

post-14624-0-13956100-1384265166.png

post-14624-0-89127600-1384265171.png

post-14624-0-64098800-1384265174.png

So here I now see it on my computers TV interface of machines I can connect too.

post-14624-0-02124600-1384265178.png

Here is the windows login screen where I could pick what account I want to access.

post-14624-0-19902400-1384265182.png

Here is me connected via tv, when clearly remote desktop is not running on this machine!

post-14624-0-17838100-1384265184.png

So how is that remote desktop has to be running for TV to work??

  On 12/11/2013 at 13:31, BudMan said:

No none of it helps because all your stating is gibberish nonsense.

What did you email them when you got that email back for starters? No **** you can not teamview to profile that is not active. If you wanted to support someone. If teamviewer is running as s service or you are consoled in when running it then you can teamviewer to it. But no you would not be able to teamviewer in if the software is not running.

This was your question?

"How to use teamviewer if my RDC window is not connected/closed." What was the rest of it? No you would not be able to teamviewer in and help someone that only has remote desktop access to something.. etc.. Since how would they run tv, etc. Which has NOTHING to do if tv is installed as a service on the machine.

So where is the question you asked them in detail?

2) Yeah I do!! Lets say they reboot the router daily, lets say that isp changes the IP address on purpose.. Your still going to be inside a network block of a.b.c.0/mask so there will be a range of ips, be it 254, be it 2k be it 4k, etc. That you will fall into.. So lock it down to this and your done.. This person can only access the remote desktop from that location or if he vpns into that location, or for some crazy reason he lives in the area and has the same ISP.

But a place of business would normally have a static anyway, other than small ma and pop shops with home internet type connections. So I take it this is a ma and pop shop?

b) if you limit the ip range to who can access he wont.

c) makes no matter to the solution allow the netblock as already went over in great detail!

d) Because of how dhcp works, there is a lease time.. You get the IP address for a specific amount of time. Even if you shut off your device that lease is still yours until it expires. Only once the lease has expired does the IP address go back into a pool for reissue. So even if off for length of time, that IP address is still under lease and you will get it back when you comeback online. These leases are normally for hours if not days.

attachicon.gifleasetime.png

So there is my lease from my router.. Notice the time of the lease 345600 seconds = 4 Days.. So I could turn off my router and would have somewhere short of 4 days before my IP address would be returned. Since you renew it at the 50% would have min of 2 days on the clock. This is how you keep the same address even if dynamic.. You keep renewing it if on, and even if off you need to be off for longer than the lease to loose the Ip address you had. Work you would think would be on 24/7/365 --- keep in mind not talking about your local rfc1918 address that your work dhcp hands out, since this has nothing to do with anything your talking about.

e) already answered in great detail as well - use a netblock

f) Again netblock!!! What do you not understand about a range of addresses? An ISP can only hand you an address they own, so its going to be a very small range.. If you see in the above lease.

option subnet-mask 255.255.248.0;

so /21 or 2046 addresses.. How is that not good enough restriction??

g) more gibberish!

edit: Here you go - look accessing via tv, remote desktop not running. Can access whatever profile I want, etc. So your problem with what tv sent you was how you asked the question. Because clearly I am remoted to this machine, can login to whatever profile would be available on the machine and remote desktop is not running - look no 3389 port even listening

attachicon.giftv1.png

attachicon.giftv2.png

attachicon.giftv3.png

So here I now see it on my computers TV interface of machines I can connect too.

attachicon.giftv4.png

Here is the windows login screen where I could pick what account I want to access.

attachicon.giftv5.png

Here is me connected via tv, when clearly remote desktop is not running on this machine!

attachicon.giftv6.png

So how is that remote desktop has to be running for TV to work??

 

Though my knowledge on the networking side is limited but there are its crazy how you assumed some of the things.

 

1) Team Viewer

 

I acknowledge that you are able to run team viewer (as shown in images above) but when I said I am unable to run it, it didn't mean that I had RDC window open/closed only and that's it. This is what I did :

 

-> I installed team viewer, chose option Install to control this computer later from remote. Then I ran team viewer and took a note of id and password. (Teamviewer service and program is running). Then I just closed the RDC window. After that when I tried to connect and it failed. Then I opened the RDC window and then I tried to connect and it succeeded. This is what happened and when I emailed this to the TV support guys I got a reply which I pasted in the post above. After reading that reply what would you think ?

 

2) I am sorry but I need a bit of clarification on this front :

Your still going to be inside a network block of a.b.c.0/mask so there will be a range of ips, be it 254, be it 2k be it 4k, etc. That you will fall into.. So lock it down to this and your done.. This person can only access the remote desktop from that location or if he vpns into that location, or for some crazy reason he lives in the area and has the same ISP.

 

| Does this mean that if my ip is 120.59.180.190 then will only last few sets change or what does the above mean ?

 

-> This is a small business and to be honest we never required a static ip so far.

 

3) how fast the ip changes does not matter to me as I cant keep a track and update it in the ip list frequently. Please re explain me the netblock thing.

 

Thank you.

"Then I ran team viewer and took a note of id and password. "

You ran it - the password changes, and as soon as you logged out, it would stop running. You need to setup unattended access

http://www.teamviewer.com/en/res/pdf/first_steps_unattended_access_en.pdf

3) Who said anything about updating a list? Set it and forget it.

Look and your IP is going to stay with in a range of addresses.. so for example 192.168.1.0/24 says that this network is 192.168.1.1, .2, .3 up to .254 and .255 is the broadcast address while .0 is the actual wire and not used. Depending on that mask 255.255.255.0 etc.. tells you how big the network is what part of the address is hosts, which part is network. So look on your router and see what IP your isp gave you and what mask.. From the mask you can see how big the network is, then in your firewall allow that range.

ISP don't just hand out addresses willy nilly, they only own specific address ranges, they only use specific addresses in an area. So if you think your public address is changing all the time, then watch it you will notice it always falls inside a specific network. And I again doubt it changes as much as you think.. We are talking the public IP of your router, not what your local machines address are via the routers internal dhcp server to your machines. And those as well should stay the same unless your turning off machines for longer than your lease period you have set on your dhcp server you run locally.

example

post-14624-0-69096800-1384345688.png

Now keep in mind on your VPS are you talking the local firewall of the vps, or does your host give you option for other firewall?

Notice the local ips on the rule, if its a vps and public it once you allow access its local subnet is going to be allowed as well.. So for example if your vps had an IP address of

4.5.6.0/23

This would mean that 4.5.6.0 - 4.5.7.255 would be able to access since that is your local subnet. You would need to look at the ipconfig /all of your vps to see what its netmask is and therefore what network your on.

Is that address you gave yours or close via the fist 2 numbers? Or did you just make up numbers? I show that owned by

inetnum: 120.56.0.0 - 120.63.255.255

netname: MTNLISP

descr: MTNL CAT B ISP

country: IN

irt: IRT-MTNL-IN

address: Jeevan Bharati Building

address: Tower 1, 12th Floor, 124, Connaught Circus, New Delhi

Is that your ISP? Worse case call them and ask what range of address you could be assigned. Then set your rules in your vps firewall to only allow those networks.

  On 13/11/2013 at 09:03, ChuckFinley said:

I'm really surprised no one said just tie it down with Windows firewall.

That is what we are trying to get him to do - have you not read the thread? He does not understand the concept of a netblock or range or subnet, and says his IP keeps changing so that he can not do that, etc. etc.

that turned into a side topic, since he somehow got the impression that tv does not run on server versions, or that it only works if remote desktop is being used, etc.

Been like pulling teeth to get him to believe that tv runs just fine without remote desktop, and runs on server versions just fine, etc.

I think TV would prob be a better solution for him in security then opening up remote desktop to the public internet, since he does not seem to understand how to lock it down to a range of IPs, and he is convinced that his works public IP changes like every day or something. Which ok his IPs change, then just lock it down to that network - he does not want his 1 user to be able to access the vps from anything other than his place of work?? Not sure the reason for that to be honest. Seems pointless to me to restrict user you trust to access to only be able to access from one location? I personally don't see a reason for such a thing. I don't think this would be possible with TV, other than locking it down to specific partner ID, and installing it on his work machine - and then locking it down to that ID.

  • 2 weeks later...

Phew,

 

1) TeamViewer confusion seems to have been solved. Basically I had to setup unattended access and I did not do that. I tried to login by noting down the current id and password it gave and that didnt work once rdc window was closed. (Y)

 

2) Give me a few days to keep a track of my public ip and then I will get back to you. This way I will know how fast or how much it changes. True, I am not so good on the networking side but before I posted in this forum I did specify my public ip in the windows firewall specific ip address list. But after a day or 2 the ip changed and I myself got locked out. Thus I contact the the systems admin guys (vps hoster) and they had to fix it.

 

3) Standard users are not allowed to change date/time. Since I have admin account I made a change for that user and now he is allowed to change date/time. So can applications running on his account also change date/time or they are not allowed. ??

 

I really apprecicate your support. :yes:

 

Thank you,

 

Jack

Ok I have to ask - why would they need to change date or time on your vps?? At a complete and utter loss, does your vps not sync its time with ntp source? Why should you ever need to change this???

And why would you be worried about an application that he runs changing the time? What???

But yes if a process is running as user X, and user X has permissions to do Y -- then sure with common sense that process can do Y as well. But without some actual details of what your concerns are they are hard to address. Why would you be worried about his applications changing the system time?

  On 22/11/2013 at 13:30, BudMan said:

Ok I have to ask - why would they need to change date or time on your vps?? At a complete and utter loss, does your vps not sync its time with ntp source? Why should you ever need to change this???

And why would you be worried about an application that he runs changing the time? What???

But yes if a process is running as user X, and user X has permissions to do Y -- then sure with common sense that process can do Y as well. But without some actual details of what your concerns are they are hard to address. Why would you be worried about his applications changing the system time?

 

I run an application which downloads some data from the internet in real time. At times it need to adjust the time (not date) to work properly. That's why I asked that since user has permission then application also gets it automatically. This is the way that application works and has been doing so for years.

I have never seen such an application - and have been in the business 30 years. What is the time source for this application? You see new stuff all the time - what is the name of this application, you have me curious!

You do understand that if time is a factor that a Virtual machine is prob not the best thing to be running an application on that is time sensitive.. You should prob be on actual hardware.

  On 23/11/2013 at 10:36, BudMan said:

I have never seen such an application - and have been in the business 30 years. What is the time source for this application? You see new stuff all the time - what is the name of this application, you have me curious!

You do understand that if time is a factor that a Virtual machine is prob not the best thing to be running an application on that is time sensitive.. You should prob be on actual hardware.

 

This application gets stock data from internet and only sometimes adjusts the clock by a few seconds. Why do you say that running it on Win Server isn't a great idea? It's been running okay for last few weeks since I have been running it.

 

I need some advice to fine tune my server (to speed it up a bit) by probably not running unwanted services. So if I do something from my admin a/c will it affect all accounts or just mine and I had to find another way.

 

Back to our old topic, this is how my IP changes : (date is in dd/mm/yy format)

 

1XX.176.216.187  - 22/11/13 12 pm

1XX.176.128.90    - 22/11/13 5 pm

1XX.176.196.218  - 23/12/13

1XX.176.244.193  - 25/12/13

1XX.176.142.128  - 26/11/13

 

As you see the last two masks are changing. What do you say?

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • GOG store introduces One-Click Mods feature with support for Fallout: London and others by Pulasthi Ariyasinghe The GOG store just announced a new feature to its platform that it is calling a new era for modding. Revealed at the PC Gaming Show, GOG One-Click Mods functions exactly like it sounds like, letting PC gamers browse, install, and play community creations easily and without jumping through hoops. "Mods are an essential part of video games preservation, allowing you to relive your favorite stories in countless possible ways," said the GOG team today. "Mods management, however – is not for everyone. Digging into game files, installing requirements, restarting the game thousands of times, making it crash every time… But no more." Unlike other modding platforms that let anyone upload their creations and let the user work out the details, GOG's version is a curated experience. By working directly with the modding teams, the popular DRM-free store's staff will be making sure that each of the mods available works instantly with the game, with no need for additional research or add-on installations. "From bug fixes, restored cut scenes, quests and characters, to completely freshly-made new content – we teamed-up with these community-driven projects creators to offer you this list of handpicked Mods," added the company. "Combining our strengths, these are now accessible right away, already installed within the base game for the smoothest experience!" Here are some of the mods available right now on the new platform: Horn of the Abyss for Heroes of Might and Magic 3: Complete. Horn of the Abyss is an expansion for Heroes of Might and Magic III that adds new factions, campaigns, creatures, artifacts, and numerous quality-of-life improvements, such as a working multiplayer lobby system. Phobos mod for DOOM 3. The Phobos Mod for DOOM is a prequel to the original game, delivering a narrative-driven, classic-style FPS experience with modern enhancements, set during the UAC's initial experiments on Mars' moon Phobos, adding many new gameplay hours. Vampire: The Masquerade – Bloodlines Unofficial Patch for Vampire: The Masquerade - Bloodlines. The Vampire: The Masquerade – Bloodlines Unofficial Patch does not only fixes numerous bugs left unresolved by the original developers but also restores and enhances cut content such as quests, levels, characters, and dialogue. Fallout: London One-Click experience for Fallout 4. You already had a chance to experience how great Fallout: London is – an alternate standalone storyline set in the United Kingdom, during the apocalypse events from Fallout 4. Now though, you can boot it with just one click – no launchers, no extra steps, just pure fun. Following that, the GOG team is working on introducing support for the Skyblivion total conversion mod when it releases later this year. This will let those who own The Elder Scrolls V: Skyrim Anniversary Edition on the platform install and jump into the modded Oblivion experience on the Skyrim engine easily. Check out the newly set-up mods platform on the GOG store by heading over here.
    • Anno 117: Pax Romana gets a November release date as Ubisoft unveils Governor's Edition by Pulasthi Ariyasinghe Ubisoft's long-running city-building and management franchise, Anno, was first revealed to be receiving another entry back in 2024. While it has taken some time, Anno 117: Pax Romana finally received a firm release date today during the 2025 PC Gaming Show event just as pre-orders open up. Catch the latest cinematic trailer above. Anno 117: Pax Romana lands on November 13, 2025, letting fans loose on the Roman settlement-building venture. The game's first gameplay was revealed just a few weeks ago as well, which you can watch by heading here. As new features, the title is adding a province selection mechanic at the start of each game, a religion system, a research tree, land combat, modular shipbuilding, and, most importantly, diagonal roads and building construction. Those who pre-order the game will also receive a Builder Pack from today. This will carry the Wolf player sigil, a matching battle standard, the Town Crier statue, as well as the Capitoline Wolf statue. At the same time, a Gold Edition is available for pre-order that bundles the Year 1 Pass with the base game. This will carry access to three DLC packs, and judging by the teaser image, it looks like players will be heading to Egypt for new adventures as part of the expanded content. For fans who may want something a little more comprehensive, Ubisoft also unveiled the Anno 117 Governor’s Edition. This special edition comes with these collector's items and digital goodies: Collector's items: Amphitheatre 3D Puzzle (36 x 31 x 13 cm) 84-page Artbook featuring concept art and behind-the-scenes content - cover design elected by community! Forged Anno Symbol (approx. 7 cm) Albion & Latium Coins Steelbook® case - design elected by community! Town Crier's Letter (21 x 30 cm) Tesserae Works Blueprint (42 x 59 cm) 3 Lithographs (30 x 15 cm) Digital Content: Base Game Year 1 Pass, including: 3 upcoming DLCs Additional in-game content The Builder Pack: 3 exclusive ornaments 1 player sigil Anno 117: Pax Romana is slated to hit Steam, Ubisoft Connect, Epic Games Store, Xbox Series X|S, and PlayStation 5 platforms. Pre-orders are now available starting at $59.99 for the standard edition. Ubisoft+ subscribers will also receive the title as a day-one drop. In addition to the base game, members will also receive access to the upcoming DLC packs at launch for no extra cost.
    • Once the first went to a full version number, some just egregiously long numbers with every iteration of compilations/dates/times... what have you, it was a landslide. Long gone are the days of IE version 6, 7... now it's Edge 137.0.3296.16. So, why not iOS 2026.18.8778.322.10.800? Shocked that Edge isn't 2025.137.0.3296.16... seriously. When Samsung went from S10 to S11, to S20... to S21... I thought they were just doing new iterations of the same/similar models, then the next would have logically been S30/S31... but nope. Oh well... better things to think about then version numbers, leave that to the devs.
    • The problem -- as pointed to by the PowerShell output I quoted above -- was that for some reason it couldn't download the NuGet provider. Here's what did work: (1) Download the raw nupkg file (set-inetpubfolderacl.1.0.0.nupkg) from https://www.powershellgallery....s/Set-InetpubFolderAcl/1.0; (2) Extract (e.g., via 7-Zip) the Set-InetpubFolderAcl.ps1 file into C:\Program Files\WindowsPowerShell\Scripts; (3) Run the script via PowerShell as described in the quite thorough instructions given at https://www.windowslatest.com/...t-on-windows-11-windows-10/ . That worked for me, or seemed to. Oh, relief!
    • I like the show's/comic's violence being represented here, as so many others avoid it. Timing is key with this release due to the Marvel Tokon title.
  • Recent Achievements

    • First Post
      George Almeyda earned a badge
      First Post
    • Reacting Well
      BlakeBringer earned a badge
      Reacting Well
    • Reacting Well
      Lazy_Placeholder earned a badge
      Reacting Well
    • Dedicated
      Epaminombas earned a badge
      Dedicated
    • Veteran
      Yonah went up a rank
      Veteran
  • Popular Contributors

    1. 1
      +primortal
      469
    2. 2
      +FloatingFatMan
      266
    3. 3
      ATLien_0
      236
    4. 4
      snowy owl
      218
    5. 5
      Edouard
      171
  • Tell a friend

    Love Neowin? Tell a friend!