Remote Assistance and Remote Desktop
This TechNote covers the "Configure,
manage, and troubleshoot Remote Assistance and Remote Desktop"
exam objective. These two handy features are similar to each
other but are used in different situations. They both rely
on the Terminal Server service in Windows XP and the RDP protocol.
Back to top
Remote Assistance allows a user
to request help from a remote user over the Internet. The
user in need for assistance sends an invitation (by
Messenger, E-mail, or file) to a helper (friend, IT support).
If the helper accepts the invitation, he or she can establish
a remote session to view the user's screen and chat with the
user, and optionally, control mouse and keyboard input. Note
that Remote Assistance requires an active Internet connection.
default, users are allowed to send Remote Assistance invitations.
If you do not want this, you should disable the option on
the Remote tab of the System Properties.
In a domain environment, this option can be disabled by using
a Group Policy setting. The Remote Assistance Settings,
accessible thru the Advanced button on the Remote
tab of the System Properties, allow you to put limitations
on the use of Remote Assistance and the expiration period
If you disable the Allow this computer
to be controlled remotely option, remote users can only
provide assistance by viewing the screen output of this computer
and chatting with the user, but cannot request remote control
of mouse and keyboard. The default expiration period of invitations
is 30 days.
Remote Assistance Invitations
Back to top
Remote Assistance invitations can be send
in three different ways:
- Email - The recipient (helper/expert) will receive
a message with an attachment called 'RCBuddy.msrcincident'.
When the recipient executes that file, a remote session will
be attempted. The user requesting help will have to accept
the session before the remote user can view the screen and/or
control the computer.
- File - This option allows you to save the invitations
on a floppy disk for example, or better, compress and encrypt
it and then email it.
- Messenger - The
process for Messenger is very similar and somewhat easier
because remote assistance can be requested directly from Messenger,
during a chat session with a help desk for example.
All three options are available from the
Help and Support center in Windows XP (click Invite
a friend to connect to your computer with Remote Assistance).
When you select the delivery method of the invitation, you
can type in a short message to go with the invitation, you
can change the default expiration period, and you can assign
a password that the recipient will need to start the Remote
Assistance session. A relative secure way of communicating
the password, is to use the phone (when you actually know
the person and can identify him or her by voice). Use email
only as a last resort or use email encryption.
If the recipient accepts (executes) the invitation,
his or her client will try to establish a Remote Assistance
session with this computer. The helper will have to enter
the password that we set when we created the invitation. If
the password is correct and the connection successful, a dialog
box will appear on this computer, providing the user on this
computer with the option to deny or accept the session.
If the session is accepted, the helper will
be able to view the user's screen and chat with the user.
The helper can press the Take Control button to request
permission to control mouse and keyboard input. This obviously
provides a convenient way to solve a problem on a remote computer.
Remote Assistance Offers
Back to top
the Windows XP clients are part of a domain environment, the
'Remote Assistance - Offer Remote Assistance' policy
setting can be configured in a domain to allow certain users
or groups to send Remote Assistance Offers, in other
words: to offer a Remote Assistance session without actually
being invited. The user receiving the offer will still have
the option to deny or accept the session before it starts.
Both the helper and the user in need for help must be members
of the same domain, or members of trusted domains.
Back to top
Remote Desktop is similar to the
Remote Assistance feature, but instead of responding to an
invitation, Remote Desktop allows a user (with the proper
permissions) to start a session from a remote computer whenever
needed. On a server, Remote Desktop is often used by sys admins
to administer the server remotely, without having to walk
to the server room. A typical use of Remote Desktop on a Windows
XP client is remotely controlling a computer at work from
home or vice versa.
Remote Desktop is the server component. It's
basically the same as running Terminal Services in Administration
mode on a Windows 2000 server. The client component is
called Remote Desktop Connection, which was called
Terminal Services client before Windows XP/2003.
To be able to connect to a remote computer running Remote
Desktop, you need a LAN, VPN, or dial-up connection that supports
the Remote Desktop Protocol (RDP).
Remote Desktop can be enabled on the Remote
tab of the System Properties, where we can also add
users that should be allowed remote access. Users we add on
the Remote tab are actually added to a default group
called Remote Desktop Users. Members of this special group
are granted the right Allow logon through terminal services
on this computer. Remember that although they logon
remotely, they are working on this computer locally, as if
they were sitting in front of it. If they were actually sitting
in front of it, they would not be able to log on (which requires
the right to log on locally).
Back to top
The most common problems with both Remote
Assistance and Remote Desktop are caused by firewalls and
NAT, particularly when the user requesting assistance or running
Remote Desktop is behind a firewall. Remote Assistance and
Remote Desktop both rely on the Terminal Services service
and the Remote Desktop Protocol. When the remote
computer is protected by a firewall, the port for RDP (3389)
might very well be blocked, preventing a successful connection.
This is also the case when Internet Connection
Firewall (ICF) is enabled on the remote computer. On
the Services tab of the Advanced Settings
of the ICF, you can select the services running on the local
computer or the internal network, which external users need
to be able to access. Several common services such as HTTP,
FTP, Telnet, and also Remote Desktop can be enabled with a
out our free training CBT about Remote Assistance and Remote