Simon336697
asked on
Remote Assistance and Access Level
Hhi guys hope you are well and can assist.
Guys, we have an AD 2003 environment with Windows XP and Windows 7.
We are using Remote Assistance but do not want the helpers of Remote Assistance to have local admin access.
We want them to be able to do stuff, so the group policy we have set is as follows:
Computer Configuration >> Administrative Templates >> System >> Remote Assistance >> Offer Remote Assistance
There are 2 options in here to set the degree of access for these helpers:
1) Allow helpers to remotely control the computer
2) Allow helpers to only view the computer.
My question is this.
We have selected option 1) above.
Does that mean that the helper has FULL LOCAL ADMIN access to the machine in which they help, regardless of whether the helper is a member of the local admins group on the destination computer in which they help?
Basically, we want to allow certain users to offer help by way of Remote Assistance but NOT allow them FULL LOCAL ADMIN access to the machine.
Any help greatly appreciated.
Guys, we have an AD 2003 environment with Windows XP and Windows 7.
We are using Remote Assistance but do not want the helpers of Remote Assistance to have local admin access.
We want them to be able to do stuff, so the group policy we have set is as follows:
Computer Configuration >> Administrative Templates >> System >> Remote Assistance >> Offer Remote Assistance
There are 2 options in here to set the degree of access for these helpers:
1) Allow helpers to remotely control the computer
2) Allow helpers to only view the computer.
My question is this.
We have selected option 1) above.
Does that mean that the helper has FULL LOCAL ADMIN access to the machine in which they help, regardless of whether the helper is a member of the local admins group on the destination computer in which they help?
Basically, we want to allow certain users to offer help by way of Remote Assistance but NOT allow them FULL LOCAL ADMIN access to the machine.
Any help greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As per following: http://support.microsoft.com/kb/300692
"...Terminal Services on the Expert computer passes the credentials for the HelpAssistant account to the GINA on the Novice's computer. If the credentials are accepted, the Expert logs on to the Novice's computer using the HelpAssistant account.
Remote Assistance displays a message asking the Novice if they want to start a Remote Assistance session with the Expert at that time. If the Novice is logged on to multiple sessions, each session receives this prompt...."
"...Terminal Services on the Expert computer passes the credentials for the HelpAssistant account to the GINA on the Novice's computer. If the credentials are accepted, the Expert logs on to the Novice's computer using the HelpAssistant account.
Remote Assistance displays a message asking the Novice if they want to start a Remote Assistance session with the Expert at that time. If the Novice is logged on to multiple sessions, each session receives this prompt...."
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I thought that the Remote Assistance helpers actually log on to the destination machine by activating the Help Assistant account, which is a Terminal Service account.
as per below: http://support.microsoft.com/kb/305898
".............Because Remote Assistance uses the Terminal Service account of Help Assistant, the permissions of the account have some effects on Remote Assistance..."
I see this account on XP systems, but do not see this on Windows 7 machines.