>>Yes, but the fact that it's handy (Win remote desktop) doesn't change the fact that you have to expose lots of nasty, easy to exploit ports in ways that aren't trivial to fix (ACL's work, but if we're looking for BASIC, hardly an easy solution).
Just one port, TCP 3389. LJS