Allow Helpdesk staff start a solicited Remote Assistance session to any workstation within our domain. (All workstations are running Windows 7 or Windows 8.)
Enable the Remote Assistance
Enable the firewall exception on the workstations
Add the "Helpdesk Staff" group to the local "Offer Remote Assistance Helpers" group on all the workstations.
Once this is complete, I can type "msra /offerRa <computername>", and it will start a Remote Assistance on the remote <computername>. The end user doesn't have to initiate the Remote Assistance tool.
I created a GPO (using Restricted Groups) to add the "Helpdesk staff" to the local "Offer Remote Assistance Helpers" group on the workstations. The GPO applies successfully...but...the "Offer Remote Assistance Helpers" group membership keeps getting wiped out.
Found the culprit:
After a few hours of troubleshooting,I found a scheduled task called "RemoteAssistanceTask" (located under "Task Scheduler Library\Microsoft\Windows\
stance". The task is triggered when Group Policy is applied; the task runs this command: "%windir%\system32\RAServe
r.exe /offerraupdate". I'm not sure what the command does - but it definitely removes the membership of the "Offer Remote Assistance Helpers" group.
I disabled the task, and ran GPUpdate /force, and the group membership was updated as I expected. ...and it didn't change.
I want to apply this GPO to all the workstations in the domain, but the scheduled task keeps "un-doing" the GPO change!!
I could disabled that task...but:
The task is there by default, but don't know what it does,
I don't want to touch each computer
...and I want to make this work!
Anyone have any input on that scheduled task? Why is it there? How do I manage the membership of the "Offer Remote Assistance Helpers" on all the domain computers?