TeknoSDS
asked on
2003 Server REMOTE ASSISTANCE Setup Help
Hi Guys,
I have a pretty big issue here and I'm hoping someone can help me. I'm running Windows 2003 Server R2 Standard with Active Dir and I'm trying to set up my users to where I can, as an admin, log on to their computer and view their session interactively along with them. I.E. They call me for assistance and I can log onto their screen, while they are still on it, and I can fix their issue. Or so I can simply view what they are doing. I know with Remote Desktop I can take over their computer but that logs them out. How do I set it up so I can interactively view their session. I see the options there when I set up a user and I've tried searching the entire 'net for DAYS, so I'm hoping someone can help.
Thanks in advance, I need to get this resolved as soon as possible because we are way behind in rolling this out. Please reply if I am not clear at all.
I have a pretty big issue here and I'm hoping someone can help me. I'm running Windows 2003 Server R2 Standard with Active Dir and I'm trying to set up my users to where I can, as an admin, log on to their computer and view their session interactively along with them. I.E. They call me for assistance and I can log onto their screen, while they are still on it, and I can fix their issue. Or so I can simply view what they are doing. I know with Remote Desktop I can take over their computer but that logs them out. How do I set it up so I can interactively view their session. I see the options there when I set up a user and I've tried searching the entire 'net for DAYS, so I'm hoping someone can help.
Thanks in advance, I need to get this resolved as soon as possible because we are way behind in rolling this out. Please reply if I am not clear at all.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Does the user have to AGREE to be viewed?
ASKER
Additionally, the first link from MS on Offer Remote Assistance is for XP to XP communication. I am running Server 2003 Standard w/ Active Dir. Wouldn't I need to remotly connect to my server, then connect offer the assistance? If that's the case, the article doesn't specify whether I can use Server 2003 to connect.
Thanks in advance for helping.
Thanks in advance for helping.
Yes, offer remote assistance does require that the user to agree to you connecting in.
The shortcut option works for both Windows XP and Windows Server 2003. The only requirement is that you be logged on as the user that you've setup to allow offer remote assistance from.
The shortcut option works for both Windows XP and Windows Server 2003. The only requirement is that you be logged on as the user that you've setup to allow offer remote assistance from.
ASKER
I tried just doing the Offer and it is stating: "Access to the requested resource has been disabled by your administrator." Does that mean that the expert computer has incorrect settings or the novice computer? FYI - On the expert (Win 2003 Server Std), I'm logged on as the only admin.
ASKER
jebeckham: Is there a way to not allow them the option of agreeing for me to connect, because *I* am the admin?
You'll need to setup the novice's computer to accept (unsolicited) inbound offers for remote assistance. See: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx#ENHAC
I'm sorry that I didn't provide that link earlier.
I don't think that there's a way to allow you as the expert to connect without the user knowing about it.
I'm sorry that I didn't provide that link earlier.
I don't think that there's a way to allow you as the expert to connect without the user knowing about it.
ASKER
I followed those instructions and I still get the "Access to the requested resource has been disabled by your administrator"
Any ideas??
Any ideas??
Look in Active directory for the users account properties. In the remote tab, it would show you the "enable" remote assitance, it would also show you the option of simply taking over their session without them saying yes or no (their permission).
Double click the user in Active Directory, look at the Remote Control tab, there set your options.
ASKER
Those have already been set up. "Enable Remote Control" is checked." Require User's Permission" is unchecked. Under Level of Control "Interact with Session" is selected.
Based on the article, I'm supposed to enable the "Offer Remote Asisstance" in the Group Policy Object Editor on the LOCAL machine. I did that on both the novice and expert computer. I specified the helper using the format of <DOMAIN>/<USER> and still same error.
I'm stumped. !
Based on the article, I'm supposed to enable the "Offer Remote Asisstance" in the Group Policy Object Editor on the LOCAL machine. I did that on both the novice and expert computer. I specified the helper using the format of <DOMAIN>/<USER> and still same error.
I'm stumped. !
What about the Domain Group Policy ? Have you checked that ? Is that where it is overriding it ? A Domain GP would override any local policies
This question might look a bit stupid, but is the workstation running XP home or Pro ?
When you say you enabled it in local group policy, did you go and look at:
Computer Configuration -> Administrative Templates -> System, Remote
Assistance and than enable "Offer Remote Assistance" and
also set the helpers ?
Computer Configuration -> Administrative Templates -> System, Remote
Assistance and than enable "Offer Remote Assistance" and
also set the helpers ?
Are you still having trouble ? Did you look at the Group Policies I had asked..? Here is a step by step on how to do it:
http://www.petri.co.il/enable_remote_assistance_offering_in_xp_2003.htm#top
http://www.petri.co.il/enable_remote_assistance_offering_in_xp_2003.htm#top
ASKER
1) My Domain Group Policy is set the same as the local policy, so either way it wouldn't matter
2) The Workstation is XP Pro
3) Yes, I did. This is killing me. Even when I am on the local machine and I send an offer to myself I get that "Access to the requested resource has been disabled by your administrator"
- Frustrated! :(
2) The Workstation is XP Pro
3) Yes, I did. This is killing me. Even when I am on the local machine and I send an offer to myself I get that "Access to the requested resource has been disabled by your administrator"
- Frustrated! :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then I suggest you try this from another workstation, first from using the same user account, then using a different user account. If you still have the same problem, then its not that machine specific, its domain specific. In that case, I would recommend you use Resultant Set of Policy or GPResult on one of the machine. Even better GPMC (Group Policy management console)
Good Luck!
Good Luck!
For the GP change, if you have a single DC, you dont need to reboot the workstation, just type "gpupdate /force" and it would get the new policy. Also, I believe the Firewall is not the issue here, cuz if it was, the error message that the user is getting would be different. I do suggest you go through the steps I mentioned above.
Thanks
Thanks
ASKER
I did all of that and I did get it working.
jebeckham: My question is what does the "Require user's permission" option if it doesnt effect remote assistance? Why does Server 2003 even give you these options if the user will always have to give me permission? It seems odd. I was always under the assumption that with Windows 2003 Server Std I could view a user's machine without their permission.
What do you think?
jebeckham: My question is what does the "Require user's permission" option if it doesnt effect remote assistance? Why does Server 2003 even give you these options if the user will always have to give me permission? It seems odd. I was always under the assumption that with Windows 2003 Server Std I could view a user's machine without their permission.
What do you think?
Yes, you can view the users machine without permission if that setting is enabled. Good that its working for you now
ASKER
KaliKoder: that's not true. The user still has to give me permission even when that setting is enabled. Anything else u can think of?
The only other reason I can think of, is maybe there is a Group Policy in place thats requiring it to do so
ASKER
Have you gotten it to work without requesting permission??
currently, i dont have a way to test right away, but in the past I have seen this, it was pre sp2 days though..
I found this text at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/adminra.mspx#ELEAC:
"Although a helper can offer Remote Assistance without being asked, the user must give permission before the helper can see the user's computer. In addition, the user must give explicit permission before the helper can control the user's computer (if that feature is enabled)."
There no mention of being able to disable this aspect of RA in this article and I haven't been able to locate anything via online searches. I believe this is possible with true Terminal Services, but not RA.
"Although a helper can offer Remote Assistance without being asked, the user must give permission before the helper can see the user's computer. In addition, the user must give explicit permission before the helper can control the user's computer (if that feature is enabled)."
There no mention of being able to disable this aspect of RA in this article and I haven't been able to locate anything via online searches. I believe this is possible with true Terminal Services, but not RA.
ASKER
Disappointing at the very least.
Any good resources on best practices what policies to implement via GPO for a corporate networking environmment?
Thanks everyone for all of your help!
Any good resources on best practices what policies to implement via GPO for a corporate networking environmment?
Thanks everyone for all of your help!
If you want, there are a lot of third party and even free remote control applications such as VNC (free):
http://www.tightvnc.com/
http://www.tightvnc.com/faq.html
http://www.realvnc.com/
http://www.realvnc.com/what.html
PCAnywhere (not free):
http://www.symantec.com/home_homeoffice/products/remote_pc_fax/pca12/index.html
Thanks and Good Luck!
http://www.tightvnc.com/
http://www.tightvnc.com/faq.html
http://www.realvnc.com/
http://www.realvnc.com/what.html
PCAnywhere (not free):
http://www.symantec.com/home_homeoffice/products/remote_pc_fax/pca12/index.html
Thanks and Good Luck!
HOW TO: Enable Remote Assistance in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;305608&sd=tech
Even more interesting from a administrator's point of view is something called Offer Remote Assistance. Regular remote assistance requires that your use initiate the help by either MSN IM, e-mail or by getting an invitation to you some other way. Offer allow you as the expert, to connect to their computer for view/control access.
For more information on Offer Remote Assistance see:
http://support.microsoft.com/?kbid=308013
Here's how to create a shortcut (as the expert) for quicker offers:
http://msmvps.com/blogs/javier/archive/2004/11/13/19044.aspx
If you're using Windows XP SP2, you'll need to reconfigure the firewall to allow Offer Remote Assistance:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555179&Product=winxp