[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

2003 Server REMOTE ASSISTANCE Setup Help

Posted on 2006-03-22
29
Medium Priority
?
890 Views
Last Modified: 2008-03-17
Hi Guys,
I have a pretty big issue here and I'm hoping someone can help me. I'm running Windows 2003 Server R2 Standard with Active Dir and I'm trying to set up my users to where I can, as an admin, log on to their computer and view their session interactively along with them. I.E. They call me for assistance and I can log onto their screen, while they are still on it, and I can fix their issue. Or so I can simply view what they are doing. I know with Remote Desktop I can take over their computer but that logs them out. How do I set it up so I can interactively view their session. I see the options there when I set up a user and I've tried searching the entire 'net for DAYS, so I'm hoping someone can help.

Thanks in advance, I need to get this resolved as soon as possible because we are way behind in rolling this out.  Please reply if I am not clear at all.
0
Comment
Question by:TeknoSDS
  • 13
  • 11
  • 5
29 Comments
 
LVL 11

Assisted Solution

by:KaliKoder
KaliKoder earned 750 total points
ID: 16261073
Hello TeknoSDS,

The feature you are looking for is called Remote Assitance, and comes built in with Windows XP. The following are excellent articles providing help and a step-by-step for this:

Using remote assitance when you need it:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/remoteassist/intro.mspx

Step by step guide to remote assitance:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx

How to use Remote Assitance in Windows XP:
http://www.windowsnetworking.com/j_helmig/wxprmass.htm

Apart from Remote Assistance, you can also try using third party products like PCAnywhere or VNC. But give remote assitance a try first.

Thanks and Good Luck!
0
 
LVL 9

Expert Comment

by:Jeff Beckham
ID: 16261080
The feature that you're looking for is Remote Assistance.

HOW TO: Enable Remote Assistance in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;305608&sd=tech

Even more interesting from a administrator's point of view is something called Offer Remote Assistance.  Regular remote assistance  requires that your use initiate the help by either MSN IM, e-mail or by getting an invitation to you some other way.  Offer allow you as the expert, to connect to their computer for view/control access.

For more information on Offer Remote Assistance see:
http://support.microsoft.com/?kbid=308013

Here's how to create a shortcut (as the expert) for quicker offers:
http://msmvps.com/blogs/javier/archive/2004/11/13/19044.aspx

If you're using Windows XP SP2, you'll need to reconfigure the firewall to allow Offer Remote Assistance:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555179&Product=winxp
0
 

Author Comment

by:TeknoSDS
ID: 16261360
Does the user have to AGREE to be viewed?

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:TeknoSDS
ID: 16261398
Additionally, the first link from MS on Offer Remote Assistance is for XP to XP communication. I am running Server 2003 Standard w/ Active Dir. Wouldn't I need to remotly connect to my server, then connect offer the assistance? If that's the case, the article doesn't specify whether I can use Server 2003 to connect.

Thanks in advance for helping.
0
 
LVL 9

Expert Comment

by:Jeff Beckham
ID: 16261435
Yes, offer remote assistance does require that the user to agree to you connecting in.

The shortcut option works for both Windows XP and Windows Server 2003.  The only requirement is that you be logged on as the user that you've setup to allow offer remote assistance from.
0
 

Author Comment

by:TeknoSDS
ID: 16261499
I tried just doing the Offer and it is stating: "Access to the requested resource has been disabled by your administrator." Does that mean that the expert computer has incorrect settings or the novice computer? FYI - On the expert (Win 2003 Server Std), I'm logged on as the only admin.
0
 

Author Comment

by:TeknoSDS
ID: 16261512
jebeckham: Is there a way to not allow them the option of agreeing for me to connect, because *I* am the admin?
0
 
LVL 9

Expert Comment

by:Jeff Beckham
ID: 16261708
You'll need to setup the novice's computer to accept (unsolicited) inbound offers for remote assistance.  See: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx#ENHAC

I'm sorry that I didn't provide that link earlier.

I don't think that there's a way to allow you as the expert to connect without the user knowing about it.
0
 

Author Comment

by:TeknoSDS
ID: 16261839
I followed those instructions and I still get the "Access to the requested resource has been disabled by your administrator"

Any ideas??
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16261871
Look in Active directory for the users account properties. In the remote tab, it would show you the "enable" remote assitance, it would also show you the option of simply taking over their session without them saying yes or no (their permission).

0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16261917
Double click the user in Active Directory, look at the Remote Control tab, there set your options.
0
 

Author Comment

by:TeknoSDS
ID: 16261977
Those have already been set up. "Enable Remote Control" is checked." Require User's Permission" is unchecked. Under Level of Control "Interact with Session" is selected.

Based on the article, I'm supposed to enable the "Offer Remote Asisstance" in the Group Policy Object Editor on the LOCAL machine. I did that on both the novice and expert computer. I specified the helper using the format of <DOMAIN>/<USER> and still same error.

I'm stumped. !

0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16262309
What about the Domain Group Policy ? Have you checked that ? Is that where it is overriding it ? A Domain GP would override any local policies
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16262319
This question might look a bit stupid, but is the workstation running XP home or Pro ?
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16262352
When you say you enabled it in local group policy, did you go and look at:
Computer Configuration -> Administrative Templates -> System, Remote
Assistance and than enable "Offer Remote Assistance" and
also set the helpers ?
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16262464
Are you still having trouble ? Did you look at the Group Policies I had asked..? Here is a step by step on how to do it:

http://www.petri.co.il/enable_remote_assistance_offering_in_xp_2003.htm#top
0
 

Author Comment

by:TeknoSDS
ID: 16262480
1) My Domain Group Policy is set the same as the local policy, so either way it wouldn't matter
2) The Workstation is XP Pro
3) Yes, I did. This is killing me. Even when I am on the local machine and I send an offer to myself I get that "Access to the requested resource has been disabled by your administrator"

- Frustrated! :(
0
 
LVL 9

Accepted Solution

by:
Jeff Beckham earned 750 total points
ID: 16262510
I'm testing in a couple of VMs and I don't believe unchecking the "Require user's permission" option effects remote assistance.

TeknoSDS: Is the Windows XP firewall enabledon the machine?  If so, try temporarily disabling it and try again.  When I have the XP firewall enabled in testing I get an error about the machine not being found, not the one regarding it being disabled by the administrator, but give it a shot anyway.

Also, if you've made the policy change at the local level (via gpedit.msc) it should take effect immediately.  If you've made the policy change via an AD GPO, you might need to manually replicate the GP change (if you have more than one domain controller) and reboot the machine (sometimes twice) in order for the policy to take effect.
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16262526
Then I suggest you try this from another workstation, first from using the same user account, then using a different user account. If you still have the same problem, then its not that machine specific, its domain specific. In that case, I would recommend you use Resultant Set of Policy or GPResult on one of the machine. Even better GPMC (Group Policy management console)

Good Luck!
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16262555
For the GP change, if you have a single DC, you dont need to reboot the workstation, just type "gpupdate /force" and it would get the new policy. Also, I believe the Firewall is not the issue here, cuz if it was, the error message that the user is getting would be different. I do suggest you go through the steps I mentioned above.

Thanks
0
 

Author Comment

by:TeknoSDS
ID: 16271507
I did all of that and I did get it working.

jebeckham: My question is what does the "Require user's permission" option if it doesnt effect remote assistance? Why does Server 2003 even give you these options if the user will always have to give me permission? It seems odd. I was always under the assumption that with Windows 2003 Server Std I could view a user's machine without their permission.

What do you think?
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16271551
Yes, you can view the users machine without permission if that setting is enabled. Good that its working for you now
0
 

Author Comment

by:TeknoSDS
ID: 16271888
KaliKoder: that's not true. The user still has to give me permission even when that setting is enabled. Anything else u can think of?
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16272015
The only other reason I can think of, is maybe there is a Group Policy in place thats requiring it to do so
0
 

Author Comment

by:TeknoSDS
ID: 16272294
Have you gotten it to work without requesting permission??
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16272613
currently, i dont have a way to test right away, but in the past I have seen this, it was pre sp2 days though..
0
 
LVL 9

Expert Comment

by:Jeff Beckham
ID: 16273705
I found this text at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/adminra.mspx#ELEAC:

"Although a helper can offer Remote Assistance without being asked, the user must give permission before the helper can see the user's computer. In addition, the user must give explicit permission before the helper can control the user's computer (if that feature is enabled)."

There no mention of being able to disable this aspect of RA in this article and I haven't been able to locate anything via online searches.  I believe this is possible with true Terminal Services, but not RA.
0
 

Author Comment

by:TeknoSDS
ID: 16275285
Disappointing at the very least.

Any good resources on best practices what policies to implement via GPO for a corporate networking environmment?

Thanks everyone for all of your help!
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 16275456
If you want, there are a lot of third party and even free remote control applications such as VNC (free):

http://www.tightvnc.com/
http://www.tightvnc.com/faq.html
http://www.realvnc.com/
http://www.realvnc.com/what.html

PCAnywhere (not free):
http://www.symantec.com/home_homeoffice/products/remote_pc_fax/pca12/index.html

Thanks and Good Luck!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question