remote assistance in server 2008

i have server 2008 and xp machin ,and i want to allow offer assistance to my client
how can i configure it using gpo on server 2008
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Windows Firewall Settings [Program Exceptions]
%SystemRoot%\system32\msra.exe:*:enabled:Remote Assistance
%windir%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance
%windir%\PCHealth\HelpCtr\Binaries\helpsvc.exe:*:Enabledffer Remote Assistance
%windir%\system32\sessmgr.exe:*:Enabled:Remote Assistance XP


Windows Firewall Settings [Port Exceptions]

135:TCP:*:Enabledffer Remote Assistance

Offer Remote Assistance: Enabled

Permit remote control of this computer: Allow helpers to remotely control the computer

Some security group you choose.
ywainbergAuthor Commented:
it only works when firewall is off and only on ip address no net bios name
then you have issues in the firewall config and dns resolving, netbios resolving shouldn't be used anymore.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

is tcp 3389 open also?
ywainbergAuthor Commented:
how do i add it to gpo?add "3389:TCP:*:Enabledffer Remote Assistance" to the same location as 135?
There are many ways to offer remote assistance. You mention your server but I'm not sure how you want to involve your server.  Please clarify how the server is being used in this situation.  Also take note that windows remote desktop feature is not secure and is one of the most hacked ports on the internet. (3389) I would recommend going to a encrypted connection or at least changing the windows remote desktop port to something else. You can google the info on how to do it. Its a simple registry entery change.

If you're wanting others to be able to connect to your server then create and account or group that has the correct access.  You don't need to edit the group policies directly for that.  However they will have to use passwords as the server will not allow any kind of remote access without one.
yes ywainberg you can add something like that, maybe with another desc
ywainbergAuthor Commented:
i insert all the rules but it still does not work with firewall on ,only with firewall off
windows server will not allow any remote connection without a password.  This means you have to have a password on an account.  If the firewall is blocking you, then you don't have the required ports open. Microsofts network sharing ports are 135, 136, 137,138 and 139 both udp and tcp type connections. If you are using microsofts vpn connections then several other ports are required to be open also.Standard port usage is 1723 for PPTP.  You might also need to configure your router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. There are other ports also if you are not using windows vpn type connections...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ywainbergAuthor Commented:
can you be more specific?which port should be open in the firewall for remote assistance to work?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.