2003 Server REMOTE ASSISTANCE Setup Help

Hi Guys,
I have a pretty big issue here and I'm hoping someone can help me. I'm running Windows 2003 Server R2 Standard with Active Dir and I'm trying to set up my users to where I can, as an admin, log on to their computer and view their session interactively along with them. I.E. They call me for assistance and I can log onto their screen, while they are still on it, and I can fix their issue. Or so I can simply view what they are doing. I know with Remote Desktop I can take over their computer but that logs them out. How do I set it up so I can interactively view their session. I see the options there when I set up a user and I've tried searching the entire 'net for DAYS, so I'm hoping someone can help.

Thanks in advance, I need to get this resolved as soon as possible because we are way behind in rolling this out.  Please reply if I am not clear at all.
TeknoSDSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KaliKoderCommented:
Hello TeknoSDS,

The feature you are looking for is called Remote Assitance, and comes built in with Windows XP. The following are excellent articles providing help and a step-by-step for this:

Using remote assitance when you need it:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/remoteassist/intro.mspx

Step by step guide to remote assitance:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx

How to use Remote Assitance in Windows XP:
http://www.windowsnetworking.com/j_helmig/wxprmass.htm

Apart from Remote Assistance, you can also try using third party products like PCAnywhere or VNC. But give remote assitance a try first.

Thanks and Good Luck!
0
Jeff BeckhamEngineerCommented:
The feature that you're looking for is Remote Assistance.

HOW TO: Enable Remote Assistance in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;305608&sd=tech

Even more interesting from a administrator's point of view is something called Offer Remote Assistance.  Regular remote assistance  requires that your use initiate the help by either MSN IM, e-mail or by getting an invitation to you some other way.  Offer allow you as the expert, to connect to their computer for view/control access.

For more information on Offer Remote Assistance see:
http://support.microsoft.com/?kbid=308013

Here's how to create a shortcut (as the expert) for quicker offers:
http://msmvps.com/blogs/javier/archive/2004/11/13/19044.aspx

If you're using Windows XP SP2, you'll need to reconfigure the firewall to allow Offer Remote Assistance:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555179&Product=winxp
0
TeknoSDSAuthor Commented:
Does the user have to AGREE to be viewed?

0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

TeknoSDSAuthor Commented:
Additionally, the first link from MS on Offer Remote Assistance is for XP to XP communication. I am running Server 2003 Standard w/ Active Dir. Wouldn't I need to remotly connect to my server, then connect offer the assistance? If that's the case, the article doesn't specify whether I can use Server 2003 to connect.

Thanks in advance for helping.
0
Jeff BeckhamEngineerCommented:
Yes, offer remote assistance does require that the user to agree to you connecting in.

The shortcut option works for both Windows XP and Windows Server 2003.  The only requirement is that you be logged on as the user that you've setup to allow offer remote assistance from.
0
TeknoSDSAuthor Commented:
I tried just doing the Offer and it is stating: "Access to the requested resource has been disabled by your administrator." Does that mean that the expert computer has incorrect settings or the novice computer? FYI - On the expert (Win 2003 Server Std), I'm logged on as the only admin.
0
TeknoSDSAuthor Commented:
jebeckham: Is there a way to not allow them the option of agreeing for me to connect, because *I* am the admin?
0
Jeff BeckhamEngineerCommented:
You'll need to setup the novice's computer to accept (unsolicited) inbound offers for remote assistance.  See: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx#ENHAC

I'm sorry that I didn't provide that link earlier.

I don't think that there's a way to allow you as the expert to connect without the user knowing about it.
0
TeknoSDSAuthor Commented:
I followed those instructions and I still get the "Access to the requested resource has been disabled by your administrator"

Any ideas??
0
KaliKoderCommented:
Look in Active directory for the users account properties. In the remote tab, it would show you the "enable" remote assitance, it would also show you the option of simply taking over their session without them saying yes or no (their permission).

0
KaliKoderCommented:
Double click the user in Active Directory, look at the Remote Control tab, there set your options.
0
TeknoSDSAuthor Commented:
Those have already been set up. "Enable Remote Control" is checked." Require User's Permission" is unchecked. Under Level of Control "Interact with Session" is selected.

Based on the article, I'm supposed to enable the "Offer Remote Asisstance" in the Group Policy Object Editor on the LOCAL machine. I did that on both the novice and expert computer. I specified the helper using the format of <DOMAIN>/<USER> and still same error.

I'm stumped. !

0
KaliKoderCommented:
What about the Domain Group Policy ? Have you checked that ? Is that where it is overriding it ? A Domain GP would override any local policies
0
KaliKoderCommented:
This question might look a bit stupid, but is the workstation running XP home or Pro ?
0
KaliKoderCommented:
When you say you enabled it in local group policy, did you go and look at:
Computer Configuration -> Administrative Templates -> System, Remote
Assistance and than enable "Offer Remote Assistance" and
also set the helpers ?
0
KaliKoderCommented:
Are you still having trouble ? Did you look at the Group Policies I had asked..? Here is a step by step on how to do it:

http://www.petri.co.il/enable_remote_assistance_offering_in_xp_2003.htm#top
0
TeknoSDSAuthor Commented:
1) My Domain Group Policy is set the same as the local policy, so either way it wouldn't matter
2) The Workstation is XP Pro
3) Yes, I did. This is killing me. Even when I am on the local machine and I send an offer to myself I get that "Access to the requested resource has been disabled by your administrator"

- Frustrated! :(
0
Jeff BeckhamEngineerCommented:
I'm testing in a couple of VMs and I don't believe unchecking the "Require user's permission" option effects remote assistance.

TeknoSDS: Is the Windows XP firewall enabledon the machine?  If so, try temporarily disabling it and try again.  When I have the XP firewall enabled in testing I get an error about the machine not being found, not the one regarding it being disabled by the administrator, but give it a shot anyway.

Also, if you've made the policy change at the local level (via gpedit.msc) it should take effect immediately.  If you've made the policy change via an AD GPO, you might need to manually replicate the GP change (if you have more than one domain controller) and reboot the machine (sometimes twice) in order for the policy to take effect.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KaliKoderCommented:
Then I suggest you try this from another workstation, first from using the same user account, then using a different user account. If you still have the same problem, then its not that machine specific, its domain specific. In that case, I would recommend you use Resultant Set of Policy or GPResult on one of the machine. Even better GPMC (Group Policy management console)

Good Luck!
0
KaliKoderCommented:
For the GP change, if you have a single DC, you dont need to reboot the workstation, just type "gpupdate /force" and it would get the new policy. Also, I believe the Firewall is not the issue here, cuz if it was, the error message that the user is getting would be different. I do suggest you go through the steps I mentioned above.

Thanks
0
TeknoSDSAuthor Commented:
I did all of that and I did get it working.

jebeckham: My question is what does the "Require user's permission" option if it doesnt effect remote assistance? Why does Server 2003 even give you these options if the user will always have to give me permission? It seems odd. I was always under the assumption that with Windows 2003 Server Std I could view a user's machine without their permission.

What do you think?
0
KaliKoderCommented:
Yes, you can view the users machine without permission if that setting is enabled. Good that its working for you now
0
TeknoSDSAuthor Commented:
KaliKoder: that's not true. The user still has to give me permission even when that setting is enabled. Anything else u can think of?
0
KaliKoderCommented:
The only other reason I can think of, is maybe there is a Group Policy in place thats requiring it to do so
0
TeknoSDSAuthor Commented:
Have you gotten it to work without requesting permission??
0
KaliKoderCommented:
currently, i dont have a way to test right away, but in the past I have seen this, it was pre sp2 days though..
0
Jeff BeckhamEngineerCommented:
I found this text at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/adminra.mspx#ELEAC:

"Although a helper can offer Remote Assistance without being asked, the user must give permission before the helper can see the user's computer. In addition, the user must give explicit permission before the helper can control the user's computer (if that feature is enabled)."

There no mention of being able to disable this aspect of RA in this article and I haven't been able to locate anything via online searches.  I believe this is possible with true Terminal Services, but not RA.
0
TeknoSDSAuthor Commented:
Disappointing at the very least.

Any good resources on best practices what policies to implement via GPO for a corporate networking environmment?

Thanks everyone for all of your help!
0
KaliKoderCommented:
If you want, there are a lot of third party and even free remote control applications such as VNC (free):

http://www.tightvnc.com/
http://www.tightvnc.com/faq.html
http://www.realvnc.com/
http://www.realvnc.com/what.html

PCAnywhere (not free):
http://www.symantec.com/home_homeoffice/products/remote_pc_fax/pca12/index.html

Thanks and Good Luck!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.