70-270 Windows XP TechNotes
Remote Assistance and Remote Desktop


- Remote Assistance
-- Invitations
-- Offers
-Remote Desktop
- Troubleshooting

Remote Assistance and Remote Desktop

This TechNote covers the "Configure, manage, and troubleshoot Remote Assistance and Remote Desktop" exam objective. These two handy features are similar to each other but are used in different situations. They both rely on the Terminal Server service in Windows XP and the RDP protocol.


Remote Assistance allows a user to request help from a remote user over the Internet. The user in need for assistance sends an invitation (by Messenger, E-mail, or file) to a helper (friend, IT support). If the helper accepts the invitation, he or she can establish a remote session to view the user's screen and chat with the user, and optionally, control mouse and keyboard input. Note that Remote Assistance requires an active Internet connection.

By default, users are allowed to send Remote Assistance invitations. If you do not want this, you should disable the option on the Remote tab of the System Properties. In a domain environment, this option can be disabled by using a Group Policy setting. The Remote Assistance Settings, accessible thru the Advanced button on the Remote tab of the System Properties, allow you to put limitations on the use of Remote Assistance and the expiration period of invitations.

If you disable the Allow this computer to be controlled remotely option, remote users can only provide assistance by viewing the screen output of this computer and chatting with the user, but cannot request remote control of mouse and keyboard. The default expiration period of invitations is 30 days.

Remote Assistance Invitations

Remote Assistance invitations can be send in three different ways:
- Email - The recipient (helper/expert) will receive a message with an attachment called 'RCBuddy.msrcincident'. When the recipient executes that file, a remote session will be attempted. The user requesting help will have to accept the session before the remote user can view the screen and/or control the computer.
- File - This option allows you to save the invitations on a floppy disk for example, or better, compress and encrypt it and then email it.
- Messenger - The process for Messenger is very similar and somewhat easier because remote assistance can be requested directly from Messenger, during a chat session with a help desk for example.

All three options are available from the Help and Support center in Windows XP (click Invite a friend to connect to your computer with Remote Assistance). When you select the delivery method of the invitation, you can type in a short message to go with the invitation, you can change the default expiration period, and you can assign a password that the recipient will need to start the Remote Assistance session. A relative secure way of communicating the password, is to use the phone (when you actually know the person and can identify him or her by voice). Use email only as a last resort or use email encryption.

If the recipient accepts (executes) the invitation, his or her client will try to establish a Remote Assistance session with this computer. The helper will have to enter the password that we set when we created the invitation. If the password is correct and the connection successful, a dialog box will appear on this computer, providing the user on this computer with the option to deny or accept the session.

If the session is accepted, the helper will be able to view the user's screen and chat with the user. The helper can press the Take Control button to request permission to control mouse and keyboard input. This obviously provides a convenient way to solve a problem on a remote computer.

Remote Assistance Offers

If the Windows XP clients are part of a domain environment, the 'Remote Assistance - Offer Remote Assistance' policy setting can be configured in a domain to allow certain users or groups to send Remote Assistance Offers, in other words: to offer a Remote Assistance session without actually being invited. The user receiving the offer will still have the option to deny or accept the session before it starts. Both the helper and the user in need for help must be members of the same domain, or members of trusted domains.


Remote Desktop is similar to the Remote Assistance feature, but instead of responding to an invitation, Remote Desktop allows a user (with the proper permissions) to start a session from a remote computer whenever needed. On a server, Remote Desktop is often used by sys admins to administer the server remotely, without having to walk to the server room. A typical use of Remote Desktop on a Windows XP client is remotely controlling a computer at work from home or vice versa.

Remote Desktop is the server component. It's basically the same as running Terminal Services in Administration mode on a Windows 2000 server. The client component is called Remote Desktop Connection, which was called Terminal Services client before Windows XP/2003. To be able to connect to a remote computer running Remote Desktop, you need a LAN, VPN, or dial-up connection that supports the Remote Desktop Protocol (RDP).

Remote Desktop can be enabled on the Remote tab of the System Properties, where we can also add users that should be allowed remote access. Users we add on the Remote tab are actually added to a default group called Remote Desktop Users. Members of this special group are granted the right Allow logon through terminal services on this computer. Remember that although they logon remotely, they are working on this computer locally, as if they were sitting in front of it. If they were actually sitting in front of it, they would not be able to log on (which requires the right to log on locally).


The most common problems with both Remote Assistance and Remote Desktop are caused by firewalls and NAT, particularly when the user requesting assistance or running Remote Desktop is behind a firewall. Remote Assistance and Remote Desktop both rely on the Terminal Services service and the Remote Desktop Protocol. When the remote computer is protected by a firewall, the port for RDP (3389) might very well be blocked, preventing a successful connection.

This is also the case when Internet Connection Firewall (ICF) is enabled on the remote computer. On the Services tab of the Advanced Settings of the ICF, you can select the services running on the local computer or the internal network, which external users need to be able to access. Several common services such as HTTP, FTP, Telnet, and also Remote Desktop can be enabled with a single click.


Current related exam objectives for the 70-270 exam:

Implementing, Managing, and Troubleshooting Network Protocols and Services

Configure, manage, and troubleshoot Remote Desktop and Remote Assistance.

Date: Monday, October 18, 2004
Author: Johan Hiemstra
MCSE NT4 MCSA 2000/2003