Assistance and Remote Desktop
TechNote covers the "Configure, manage, and troubleshoot Remote
Assistance and Remote Desktop" exam objective. These two handy
features are similar to each other but are used in different situations.
They both rely on the Terminal Server service in Windows XP and
the RDP protocol.
Assistance allows a user to request help from a remote user
over the Internet. The user in need for assistance sends an invitation
(by Messenger, E-mail, or file) to a helper (friend, IT support).
If the helper accepts the invitation, he or she can establish a
remote session to view the user's screen and chat with the user,
and optionally, control mouse and keyboard input. Note that Remote
Assistance requires an active Internet connection.
default, users are allowed to send Remote Assistance invitations.
If you do not want this, you should disable the option on the Remote
tab of the System Properties. In a domain environment,
this option can be disabled by using a Group Policy setting. The
Remote Assistance Settings, accessible thru the Advanced
button on the Remote tab of the System Properties,
allow you to put limitations on the use of Remote Assistance and
the expiration period of invitations.
you disable the Allow this computer to be controlled remotely
option, remote users can only provide assistance by viewing the
screen output of this computer and chatting with the user, but cannot
request remote control of mouse and keyboard. The default expiration
period of invitations is 30 days.
Remote Assistance Invitations
Assistance invitations can be send in three different ways:
- Email - The recipient (helper/expert) will receive a
message with an attachment called 'RCBuddy.msrcincident'. When the
recipient executes that file, a remote session will be attempted.
The user requesting help will have to accept the session before
the remote user can view the screen and/or control the computer.
- File - This option allows you to save the invitations
on a floppy disk for example, or better, compress and encrypt it
and then email it.
- Messenger - The process for Messenger is very similar
and somewhat easier because remote assistance can be requested directly
from Messenger, during a chat session with a help desk for example.
three options are available from the Help and Support center in
Windows XP (click Invite a friend to connect to your computer with
Remote Assistance). When you select the delivery method of the invitation,
you can type in a short message to go with the invitation, you can
change the default expiration period, and you can assign a password
that the recipient will need to start the Remote Assistance session.
A relative secure way of communicating the password, is to use the
phone (when you actually know the person and can identify him or
her by voice). Use email only as a last resort or use email encryption.
If the recipient accepts (executes) the invitation,
his or her client will try to establish a Remote Assistance session
with this computer. The helper will have to enter the password that
we set when we created the invitation. If the password is correct
and the connection successful, a dialog box will appear on this
computer, providing the user on this computer with the option to
deny or accept the session.
the session is accepted, the helper will be able to view the user's
screen and chat with the user. The helper can press the Take
Control button to request permission to control mouse and keyboard
input. This obviously provides a convenient way to solve a problem
on a remote computer.
the Windows XP clients are part of a domain environment, the 'Remote
Assistance - Offer Remote Assistance' policy setting can
be configured in a domain to allow certain users or groups to send
Remote Assistance Offers, in other words: to offer a Remote
Assistance session without actually being invited. The user receiving
the offer will still have the option to deny or accept the session
before it starts. Both the helper and the user in need for help
must be members of the same domain, or members of trusted domains.
is similar to the Remote Assistance feature, but instead of responding
to an invitation, Remote Desktop allows a user (with the proper
permissions) to start a session from a remote computer whenever
needed. On a server, Remote Desktop is often used by sys admins
to administer the server remotely, without having to walk to the
server room. A typical use of Remote Desktop on a Windows XP client
is remotely controlling a computer at work from home or vice versa.
Desktop is the server component. It's basically the same as running
Terminal Services in Administration mode on a Windows 2000
server. The client component is called Remote Desktop Connection,
which was called Terminal Services client before Windows
XP/2003. To be able to connect to a remote computer running Remote
Desktop, you need a LAN, VPN, or dial-up connection that supports
the Remote Desktop Protocol (RDP).
Desktop can be enabled on the Remote tab of the System
Properties, where we can also add users that should be allowed
remote access. Users we add on the Remote tab are actually
added to a default group called Remote Desktop Users. Members of
this special group are granted the right
Allow logon through terminal services on this computer.
Remember that although they logon remotely, they are working on
this computer locally, as if they were sitting in front of it. If
they were actually sitting in front of it, they would not be able
to log on (which requires the right to log on locally).
The most common problems with both Remote Assistance
and Remote Desktop are caused by firewalls and NAT, particularly
when the user requesting assistance or running Remote Desktop is
behind a firewall. Remote Assistance and Remote Desktop both rely
on the Terminal Services service and the Remote Desktop
Protocol. When the remote computer is protected by a firewall,
the port for RDP (3389) might very well be blocked, preventing a
This is also the case when Internet Connection
Firewall (ICF) is enabled on the remote computer. On the Services
tab of the Advanced Settings of the ICF, you can select
the services running on the local computer or the internal network,
which external users need to be able to access. Several common services
such as HTTP, FTP, Telnet, and also Remote Desktop can be enabled
with a single click.