Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


August 2003

Remote Assistance in the Corporation

Give users personal, hands-on support without leaving your desk
From the August 2003 Edition
of Windows IT Pro
Ed Roth
Windows Client
InstantDoc #39531
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Active Directory (AD) Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Configuring Remote Assistance
You can configure Remote Assistance through the System Properties dialog box's Remote tab. To let a user request help from someone, select the Allow Remote Assistance invitations to be sent from this computer check box on the user's workstation. Clicking Advanced presents the Remote Assistance Settings dialog box, which Figure 1 shows. If you clear the Allow this computer to be controlled remotely check box, you can restrict Remote Assistance sessions to view-only mode. To shorten the window of opportunity for unscrupulous invitation interceptors, you can limit the amount of time an invitation is active.

Group Policy also lets you specify users in your organization who can offer Remote Assistance without receiving an invitation. Group Policy's Computer Configuration\Administrative Templates\System\Remote Assistance\Solicited Remote Assistance setting lets you set the same options that you can set on the Remote tab of the System Properties dialog box. The wording and method of selecting view-only or remote control mode differ slightly from that on the Remote tab, but the results are identical.

The Computer Configuration\Administrative Templates\System\Remote Assistance\Offer Remote Assistance setting presents functionality that's available only through Group Policy. The Offer Remote Assistance setting lets you authorize users to initiate a session without having received an invitation. When setting the Offer Remote Assistance properties, which Figure 2 shows, you should specify Allow helpers to remotely control the computer unless you want to allow view-only mode. You also need to specify who within your organization can initiate Remote Assistance offers. To specify those users, first click Show, then use the Domain\User or Domain\Group syntax to add entries to the list of helpers. You won't get a chance to verify that the information you entered is accurate, so double-check each name before you add it to the helpers list.

Offering Remote Assistance
After support professionals are added to the helpers list on designated computers, they can initiate a Remote Assistance session provided that both their system and the end user's system are running XP and that both the support professional and the end user are members of the same domain or of domains that have a trust relationship. The typical method of offering a Remote Assistance session is as follows:

  1. Click Start, Help and Support.
  2. Click the Tools link, then select the Offer Remote Assistance tool in the left-hand pane.
  3. In the right-hand pane, click Connect, select the name of the user you want to assist from the drop-down list, then click Start Remote Assistance.

The session will proceed just as if it were initiated by a user invitation.

If you expect to offer Remote Assistance frequently, you might want to use a more streamlined method of creating the offer. Create a shortcut that has as its target the URL hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/unsolicited/unsolicitedrcui.htm. Clicking this shortcut launches the Help and Support Center and displays the pane that lets you specify the machine to connect to. You can distribute this shortcut to support professionals in your organization.

Firewalls and Remote Assistance
Because Terminal Services technology uses RDP for communication between systems, port 3389 must be open on your firewall. You can provide an extra measure of security by blocking outbound traffic on port 3389 so that users won't be able to use Remote Assistance to communicate with systems outside the firewall.

Using Network Address Translation (NAT) with Remote Assistance is a complex topic that's outside the scope of this article. For information about the behavior of Remote Assistance in various firewall and NAT environments, see the Microsoft article "Supported Connection Scenarios for Remote Assistance" (http://support.microsoft.com/?kbid=301529).

Working Around Limitations
If you're using Remote Assistance in a corporate scenario, you'd ideally like to limit or disable users' ability to solicit Remote Assistance help from unauthorized people. Unfortunately, disabling Solicited Remote Assistance also disables the ability to accept offered Remote Assistance. Until Microsoft addresses this inconsistency, the only way to work around this problem is through user training. After you create an infrastructure through which your support professionals can initiate Remote Assistance, train end users to use that infrastructure rather than sending invitations for Assistance. If you must rely on the invitation model, require your users to use strong passwords with reasonable expiration times on invitations and establish a consistent method for everyone in your organization to use for invitation delivery.

End of Article

   Previous  1  [2]  Next  


Reader Comments
I get the following error when offering RA on a pc I know I've enabled RA for myself on:

"Access to the requested resource has been disabled by your adminstrator"

Jim September 17, 2003

Remote Assistant is not working properly if your behind a non pnp firewall cause it's not only opening port 3389 as Microsoft claims but also a high port between 30.000 and 40.000.

hans straat January 22, 2004

create a shortcut with this target to launch it without first opening internet explorer: %windir%\PCHealth\HelpCtr\Binaries\helpctr.exe /url hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/unsolicited/unsolicitedrcui.htm

Guy April 20, 2004

Was this error finalised? If so, what is the response? I'm getting the same error. I get the following error when offering RA on a pc I know I've enabled RA for myself on: "Access to the requested resource has been disabled by your adminstrator"

Miriam May 19, 2004

Terrific!

Jeanette Ortega May 20, 2004

Miriam and Jim, Did you use Group Policy to configure Remote Assistance? The article states "The Computer Configuration\Administrative Templates\System\Remote Assistance\Offer Remote Assistance setting presents functionality that's available only through Group Policy". You can use Local Policy to configure this if you aren't using company-wide Group Policy.

Ed Roth May 26, 2004

Same error here. No solution yet. I'm trying this feature for weeks now. I've created a hugh document on this issue, read every newsgroup post, forums, kb, technet, google, etc... No answer. I do know that Service Pack 2 will change some structure to RA, but I doubt the above problem gets a adequate solution.

MindfluX May 27, 2004

The reason why you guys get this error message is that group policy has to be applied to the TARGET machine not to the computer that you are trying to send "Remote Assistance" request from. If you set "Offer Remote Assistance" (Solicited Remote Assistance can be left alone) to "enable" in Group Policy of TARGET computer it will work just fine. Don't forget to close and open again "Offer Remote Assistance" Wizard in Help and Support Center after you have made changes to group policy, otherwise it's not going to work.

Sharapov June 02, 2004

I finally found the solution after weeks for the error in the topic starter. With an un-solicited you first need to start the sessmgr.exe. You can do this by settings the services "Remote Desktop Help Session Manager" to Automatic. And if you would like to keep your existing logon session, please start it manually after changing the Startup Type.

Wooo Haaa! (Al Pacino)

MindfluX June 14, 2004

Did anyone find a solution for this. We also want to use Remote Assistance, and it seems to be working on some systems but not others. I'm pushing the change out using a company-wide GPO, so it should work for everyone. I'm baffled.

Paul Steele June 15, 2004

 See More Comments  1   2 

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
WinInfo Short Takes: Week of November 9, 2009

An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Windows 7 Sets Sales Record

Microsoft CEO Steve Ballmer described Windows 7's first ten days of sales as "fantastic" while in Japan yesterday. ...
Active Directory (AD) Whitepapers Meeting Compliance Objectives in SharePoint

Email Controls and Regulatory Compliance
Related Events WinConnections and Microsoft® Exchange Connections

Troubleshooting Active Directory

Check out our list of Free Email Newsletters!
Active Directory (AD) eBooks The Essentials Series: Active Directory 2008 Operations

Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
EMC SAN vs. DAS Exchange 2007 Calculator
Calculate your savings now!

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Disaster Recovery Strategies – Tips and Tricks
Determine how you can achieve your DR objectives as simply and cost-effectively as possible.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement