We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


2003 Server REMOTE ASSISTANCE Setup Help

TeknoSDS asked
Medium Priority
Last Modified: 2008-03-17
Hi Guys,
I have a pretty big issue here and I'm hoping someone can help me. I'm running Windows 2003 Server R2 Standard with Active Dir and I'm trying to set up my users to where I can, as an admin, log on to their computer and view their session interactively along with them. I.E. They call me for assistance and I can log onto their screen, while they are still on it, and I can fix their issue. Or so I can simply view what they are doing. I know with Remote Desktop I can take over their computer but that logs them out. How do I set it up so I can interactively view their session. I see the options there when I set up a user and I've tried searching the entire 'net for DAYS, so I'm hoping someone can help.

Thanks in advance, I need to get this resolved as soon as possible because we are way behind in rolling this out.  Please reply if I am not clear at all.
Watch Question

Hello TeknoSDS,

The feature you are looking for is called Remote Assitance, and comes built in with Windows XP. The following are excellent articles providing help and a step-by-step for this:

Using remote assitance when you need it:

Step by step guide to remote assitance:

How to use Remote Assitance in Windows XP:

Apart from Remote Assistance, you can also try using third party products like PCAnywhere or VNC. But give remote assitance a try first.

Thanks and Good Luck!

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Jeff BeckhamEngineer

The feature that you're looking for is Remote Assistance.

HOW TO: Enable Remote Assistance in Windows XP

Even more interesting from a administrator's point of view is something called Offer Remote Assistance.  Regular remote assistance  requires that your use initiate the help by either MSN IM, e-mail or by getting an invitation to you some other way.  Offer allow you as the expert, to connect to their computer for view/control access.

For more information on Offer Remote Assistance see:

Here's how to create a shortcut (as the expert) for quicker offers:

If you're using Windows XP SP2, you'll need to reconfigure the firewall to allow Offer Remote Assistance:


Does the user have to AGREE to be viewed?


Additionally, the first link from MS on Offer Remote Assistance is for XP to XP communication. I am running Server 2003 Standard w/ Active Dir. Wouldn't I need to remotly connect to my server, then connect offer the assistance? If that's the case, the article doesn't specify whether I can use Server 2003 to connect.

Thanks in advance for helping.
Jeff BeckhamEngineer

Yes, offer remote assistance does require that the user to agree to you connecting in.

The shortcut option works for both Windows XP and Windows Server 2003.  The only requirement is that you be logged on as the user that you've setup to allow offer remote assistance from.


I tried just doing the Offer and it is stating: "Access to the requested resource has been disabled by your administrator." Does that mean that the expert computer has incorrect settings or the novice computer? FYI - On the expert (Win 2003 Server Std), I'm logged on as the only admin.


jebeckham: Is there a way to not allow them the option of agreeing for me to connect, because *I* am the admin?
Jeff BeckhamEngineer

You'll need to setup the novice's computer to accept (unsolicited) inbound offers for remote assistance.  See: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx#ENHAC

I'm sorry that I didn't provide that link earlier.

I don't think that there's a way to allow you as the expert to connect without the user knowing about it.


I followed those instructions and I still get the "Access to the requested resource has been disabled by your administrator"

Any ideas??
Look in Active directory for the users account properties. In the remote tab, it would show you the "enable" remote assitance, it would also show you the option of simply taking over their session without them saying yes or no (their permission).

Double click the user in Active Directory, look at the Remote Control tab, there set your options.


Those have already been set up. "Enable Remote Control" is checked." Require User's Permission" is unchecked. Under Level of Control "Interact with Session" is selected.

Based on the article, I'm supposed to enable the "Offer Remote Asisstance" in the Group Policy Object Editor on the LOCAL machine. I did that on both the novice and expert computer. I specified the helper using the format of <DOMAIN>/<USER> and still same error.

I'm stumped. !

What about the Domain Group Policy ? Have you checked that ? Is that where it is overriding it ? A Domain GP would override any local policies
This question might look a bit stupid, but is the workstation running XP home or Pro ?
When you say you enabled it in local group policy, did you go and look at:
Computer Configuration -> Administrative Templates -> System, Remote
Assistance and than enable "Offer Remote Assistance" and
also set the helpers ?
Are you still having trouble ? Did you look at the Group Policies I had asked..? Here is a step by step on how to do it:



1) My Domain Group Policy is set the same as the local policy, so either way it wouldn't matter
2) The Workstation is XP Pro
3) Yes, I did. This is killing me. Even when I am on the local machine and I send an offer to myself I get that "Access to the requested resource has been disabled by your administrator"

- Frustrated! :(
I'm testing in a couple of VMs and I don't believe unchecking the "Require user's permission" option effects remote assistance.

TeknoSDS: Is the Windows XP firewall enabledon the machine?  If so, try temporarily disabling it and try again.  When I have the XP firewall enabled in testing I get an error about the machine not being found, not the one regarding it being disabled by the administrator, but give it a shot anyway.

Also, if you've made the policy change at the local level (via gpedit.msc) it should take effect immediately.  If you've made the policy change via an AD GPO, you might need to manually replicate the GP change (if you have more than one domain controller) and reboot the machine (sometimes twice) in order for the policy to take effect.
Then I suggest you try this from another workstation, first from using the same user account, then using a different user account. If you still have the same problem, then its not that machine specific, its domain specific. In that case, I would recommend you use Resultant Set of Policy or GPResult on one of the machine. Even better GPMC (Group Policy management console)

Good Luck!
For the GP change, if you have a single DC, you dont need to reboot the workstation, just type "gpupdate /force" and it would get the new policy. Also, I believe the Firewall is not the issue here, cuz if it was, the error message that the user is getting would be different. I do suggest you go through the steps I mentioned above.



I did all of that and I did get it working.

jebeckham: My question is what does the "Require user's permission" option if it doesnt effect remote assistance? Why does Server 2003 even give you these options if the user will always have to give me permission? It seems odd. I was always under the assumption that with Windows 2003 Server Std I could view a user's machine without their permission.

What do you think?
Yes, you can view the users machine without permission if that setting is enabled. Good that its working for you now


KaliKoder: that's not true. The user still has to give me permission even when that setting is enabled. Anything else u can think of?
The only other reason I can think of, is maybe there is a Group Policy in place thats requiring it to do so


Have you gotten it to work without requesting permission??
currently, i dont have a way to test right away, but in the past I have seen this, it was pre sp2 days though..
Jeff BeckhamEngineer

I found this text at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/adminra.mspx#ELEAC:

"Although a helper can offer Remote Assistance without being asked, the user must give permission before the helper can see the user's computer. In addition, the user must give explicit permission before the helper can control the user's computer (if that feature is enabled)."

There no mention of being able to disable this aspect of RA in this article and I haven't been able to locate anything via online searches.  I believe this is possible with true Terminal Services, but not RA.


Disappointing at the very least.

Any good resources on best practices what policies to implement via GPO for a corporate networking environmment?

Thanks everyone for all of your help!
If you want, there are a lot of third party and even free remote control applications such as VNC (free):


PCAnywhere (not free):

Thanks and Good Luck!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.