Troubleshooting Windows XP Professional with the Remote
Assistant, Part 1
|
November
21, 2001 By Greg Shultz (This article was originally published on the 8wire Web
site and is reprinted on TheWinWiz
with permission.) Rolling out a new
operating system, such as Windows XP Professional, in a corporate environment
takes a lot of planning and testing - and you'll more than likely do a lot of
both. However, you can rest assured that no matter how much planning and
testing you do, you're going to run into some glitches and gremlins here and
there once Windows XP Professional is actually in use on your network. While
some of the problems that crop up may be serious, many of them will probably
be based on user error - a misunderstanding of a new feature or just plain
unfamiliarity with the new user interface. Whatever the cause,
troubleshooting and fixing problems on Windows XP Professional systems will
be much easier for help desk personnel thanks to a new feature called Remote
Assistance. This function lets help desk personnel remotely take full control
of a user's computer and troubleshoot the problem firsthand without leaving
their own office - no more wasted time spent running across the building, or
campus, just to solve a simple computer problem. As you can imagine, the
Remote Assistance feature can save a tremendous amount of time and money when
supporting the rollout of a new operating system. In this article, I'll
explain in more detail how Remote Assistance works and will show you how to
configure a Windows XP Professional system to accept a Remote Assistance
request. Along the way I'll point out some helpful tips and some traps to
avoid. Two Modes of Operation
Before I get started,
it's important that you understand that there are actually two modes of
operation for the Remote Assistance feature built into Windows XP
Professional, which for purposes of this article I've termed the Internet
mode and the network mode. The Internet mode is officially known
as Solicited Remote Assistance and the network mode is officially known as
Offer Remote Assistance. (The Remote Assistance feature in Windows XP Home
Edition only provides the Internet mode of operation.) Chances are good that
you've already heard a lot about the Internet mode of Remote Assistance, as
this is the mode that Microsoft calls attention to in their promotional
material. Under Internet mode, novice users can request assistance from
experts over the Internet via Windows Messenger or Outlook Express and invite
them to connect to their computers and interactively help solve a problem. On the other hand is
the little-known network mode of Remote Assistance, which is designed to work
on a network running either a Windows NT or Windows 2000 domain. Under the
network mode of operation, both the expert and the novice user are running
Windows XP Professional and are members of the same domain or members of
trusted domains. In this scenario, help desk experts, or anyone with
Administrators group privileges, can directly offer assistance to novice
users without having to first receive an official Remote Assistance invitation
from the novice via Windows Messenger or Outlook Express. The default method of
operation for network mode assumes that there is already an official system
in place for the corporate help desk to receive requests for assistance from
network users. Security Concerns
As you can imagine,
under the Internet mode of operation, Remote Assistance carries with it
certain security concerns, because a novice user may be giving total control
of their system to a complete stranger on the Internet who purports to be a
Windows XP expert. Once that expert is granted full control over the system,
he or she can delete crucial files, upload viruses, or give bad advice
concerning changes to crucial system configuration settings. As such, when
using the Internet mode of operation it's extremely important that you
personally know the expert or can verify their credentials with a reputable
source. However, under network
mode, you don't need to be as concerned with security since the expert will
be an employee of, or contractor for, your company and must have a valid
account on the same or a trusted Windows domain to access a novice's system.
As such, you can be assured of the expert's credentials. It's also important to
note that even though the network mode doesn't require an official invitation
from the novice via the Remote Assistance program, an expert isn't
immediately granted full access to a novice user's system. There are actually
two stages to receiving access to the novice user's system for a remote
access session and both require that the novice be present to accept the
request from the expert. Furthermore, the novice has the ability to end the
remote access session at any time. Bandwidth Concerns
Another thing to keep
in mind is that remote control tools such as Windows XP Professional's Offer
Remote Assistance feature tend to use a large amount of network bandwidth.
This is because the connection between the two systems is open the entire
time that the program is running. Besides traffic generated by any interaction
between the expert and the novice, the biggest portion of traffic in a Remote
Assistance session comes from the transmission of the novice user's screen to
the expert's Remote Assistance window. While Microsoft has put
a lot of effort into making this screen transmission as efficient as
possible, such as only transmitting the portion of the screen that changes
during mouse movements and windows manipulation rather than transmitting the
entire screen, there still might enough extra traffic to stress an already
congested network. Fortunately, there are
some tricks that you can use to further reduce the amount of extra traffic
generated by a Remote Assistance session. Before you, as an expert, initiate
a remote assistance session, have the novice make a few changes to their
system:
Configuring a System to Accept Offers
for Remote Assistance
For a novice's Windows
XP Professional system to be able to accept offers of remote assistance from
an expert on the network, the Offer Remote Assistance feature must be enabled.
Configuring a Windows XP Professional system to use the Offer Remote
Assistance feature is pretty straightforward - once you know where and how to
find the hidden settings. The Offer Remote
Assistance settings are found in the local Group Policy. As such, to enable
and configure the Offer Remote Assistance feature, you'll begin by launching
the Microsoft Management Console (MMC) Group Policy snap-in. To do so, access
the Run dialog box, type Gpedit.msc in the Open text box, and click OK. Once
you see Group Policy window, open each of the following folders in
succession:
As soon as you open the
Remote Assistance folder, you'll see two settings - Solicited Remote
Assistance and Offer Remote Assistance - in the details pane, as shown in
Figure 1. As you can see, the Offer Remote Assistance setting is disabled by
default. (I'll come back to the Solicited Remote Assistance setting in a
moment.)
To continue,
double-click the Offer Remote Assistance setting. When you see the Offer Remote
Assistance Properties dialog box, select the Enabled radio button, as shown
in Figure 2.
As soon as you enable
the Offer Remote Assistance setting, the Permit Remote Control Of This
Computer panel becomes active and you'll find two settings in the drop down
list: Allow Helpers To Remotely Control The Computer and Allow Helpers To
Only View This Computer. The default setting allows the expert (referred to
here as a helper) to take full control of the computer and the other setting
only allows the expert to view the computer. You should leave the default
setting for full control enabled. At this point, you need
to designate which users or groups will be considered experts and allowed to
use the Offer Remote Assistance feature to access this computer. To do so,
click the Helpers: Show button to open the Show Contents dialog box. Then
click the Add button and type the name of a user or group in the Add Item
dialog box. When you do, you need to use the following formats:
For example, if you
wanted to give members of the Help Desk group in the GCS domain the ability
to use the Offer Remote Assistance feature to access this computer, you'd
fill in the Add Item dialog box as shown in Figure 3. (I should note that in
some of my tests on a Windows NT Server 4.0 domain, I had to specify a
specific user account name in addition to the group that the user belonged
to.)
After you've finished
specifying users and groups, click OK twice - once to close the Show Contents
dialog box and once to close the Offer Remote Assistance Properties dialog
box. The Solicited Remote Assistance Setting
When you return to the
Group Policy window, you'll see that the Solicited Remote Assistance setting
is listed as Not Configured. This setting pertains to the Internet mode of
operation and as such really doesn't come into play in the network mode of
operation, so you can leave it as it is or you can enable it - it really
doesn't matter. At this point, you
might be thinking that since you're configuring this system to use the
network mode of operation, you would want to disable the Solicited Remote
Assistance setting so that a novice user won't be able to request assistance
from an outside source. But that's not really necessary, as the Solicited
Remote Assistance feature won't work from behind a firewall without special
network configuration changes, such as opening TCP/IP Port 3389. However, it's important
to keep in mind that if you disable the Solicited Remote Assistance setting,
you won't be able to use the Offer Remote Assistance feature to access this
computer. If you disable the Solicited Remote Assistance setting and then
attempt to use the Offer Remote Assistance feature to access this computer
from an expert system, you'll receive a vague error message stating that a
program failed to start. To complete the
configuration, click OK to close the Group Policy window. Once you do, the
system is configured to receive offers of remote assistance. An Alternate Configuration Point
If you're logged on to
a novice user's Windows XP Professional system as an Administrator, you can
also configure the Internet mode of operation from the Remote tab in the
System Properties dialog box. The only reason this is important when
discussing the network mode is that the System Properties' Remote tab
contains a check box labeled Allow Remote Assistance Invitations To Be Sent
From This Computer. If you clear this check box, the result will be the same
as disabling the Solicited Remote Assistance setting in the Group Policy
window: it will disable the Offer Remote Assistance feature, thus preventing
access to this computer. Requirements for Offering Remote Assistance
Once the Offer Remote
Assistance feature is configured on a Windows XP Professional system that
will be used by a novice, the system is ready to accept offers for remote
assistance from qualified experts running Windows XP Professional in the
domain. To offer remote assistance, no special configuration of the expert's
Windows XP Professional system is required. A qualified expert must
be a member of the same domain as the novice or be a member of trusted
domain. In addition, the expert must have Administrators group privileges or
be specifically identified by account name or by group membership as a
designated Helper in the Offer Remote Assistance setting in the Group Policy
on a computer configured to accept offers for remote assistance. Conclusion
At this point, you
should have a good understanding of how the network mode of Remote Assistance
works and know how to configure a novice user's Windows XP Professional
system to receive requests for remote assistance. In Part 2 of this series,
I'll show you how to use the Offer Remote Assistance feature from an expert's
system to access a novice user's system on a corporate network. |
|
