Re: using remote assistance without being domain admin ?
- From: "Xavier" <xminet@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 26 Feb 2006 18:28:46 +0100
OK, this is working fine. But in the procedure described below, the call is
initiated by the novice user. Is there a way for the expert to use something
similar to the "offer remote assistance" feature of SBS without having to
log on the server ?
Thanks for your help,
Xavier
""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:jG4J1%23qNGHA.2336@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Xavier,
Thanks for using the SBS newsgroup.
From your description, I understand that you have some questions about
remote assistance feature. If I am off base, please don't hesitate to let
me know.
The expert user must be a member of the Local Administrators group on the
computer of the novice rather than the domain admin group.
To configure the computer of the novice user to accept Remote Assistance
offers, you must make sure that the following requirements are met:
1. The Group Policy on the computer of the novice user must be configured
to enable Remote Assistance offers.
2. The computers of the novice and expert users must be members of the
same
domain or members of trusted domains.
3. Both computers must have Windows XP or Windows 2003 installed.
4. The expert user must be a member of the Local Administrators group on
the computer of the novice.
I. To configure the Group Policies for the Remote Assistance tool, you
need
a list of expert users from which the computers of the novice users can
accept Remote Assistance offers. This list must contain Domain User groups
and Domain User accounts.
II. Configure Offer Remote Assistance policy setting in XP workstation
1. Start the Microsoft Management Console (MMC) Group Policy snap-in. To
do
this, click Start, and then click Run. In the Open box, type: gpedit.msc.
Then, click OK.
2. In the Local Computer Policy\Computer Configuration\Administrative
Templates\System\Remote Assistance folder, locate and double-click Offer
Remote Assistance.
3. On the Offer Remote Assistance Properties dialog box, click Enable.
4. Select an option from the list to determine which of the following
actions the expert users can take
** View the computer of the novice user
** View and control the computer of the novice user
*Note: This setting is for the entire group that is listed. The Offer
Remote Assistance policy setting does not provide a mechanism that lets
one
group of users view the computer of the novice user, and also lets a
second
group of users view and control the computer of the novice user. There can
be only one expert group.
5. Click Show. The Show Contents dialog box opens.
6. Click Add to add the Domain Users and Domain User Groups.
7. Click OK to close the Show Contents dialog box, and then click OK to
close the Offer Remote Assistance Properties dialog box.
8. Quit the MMC Group Policy snap-in.
These policies are effective immediately. You do not have to restart the
computer.
***Important: Use caution when you populate the properties of the Offer
Remote Assistance Group Policy because you cannot verify the domain
accounts that you enter. We recommend that you extensively test this
policy
setting before you perform a large policy roll out.
*Note: The Offer Remote Assistance policy is not available in Microsoft
Windows XP Home Edition.
*Note: Remote Assistance uses DCOM. In Windows XP and Windows 2003, the
DCOM entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
The String value of the DCOM entry is EnableDCOM = Y. If this value is set
to 'N' or if this value is missing, Remote Assistance will not work.
III. Configure Windows Firewall for offer-based Remote Assistance in XP
workstation
To update your Group Policy objects with the new Windows Firewall
settings,
follow these steps:
1. Log on to your Window XP SP2-based computer as a member of the Domain
Administrators security group, of the Enterprise Administrators security
group, or of the Group Policy Creator Owners security group.
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, click the Standalone tab,
and then click Add.
4. In the Available Standalone Snap-ins list, click Group Policy Object
Editor, and then click Add.
5. In the Select Group Policy Object dialog box, click Browse.
6. In Browse for a Group Policy Object, click the Group Policy object that
you want to update with the new Windows Firewall settings, and then click
OK.
7. Click Finish to complete the Group Policy Wizard.
8. In the Add Standalone Snap-in dialog box, click Close.
9. In the Add/Remove Snap-in dialog box, click OK.
10. In the console tree, expand Computer Configuration, expand
Administrative Templates, expand Network, expand Network Connections, and
then click Windows Firewall.
11. Use the Group Policy Object Editor snap-in to locate Windows Firewall
Group Policy settings. To do this, click Start, click Run, type gpedit.msc
in the Open box, and then click OK.
*Note: The Group Policy settings are located in the following Group Policy
Object Editor folders:
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall/ Domain Profile
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall/ Standard Profile
12. For each snap-in path that you located in step 11, add the following
entry to the Windows Firewall: Define port exceptions setting:
135:TCP:*:Enabled:Offer Remote Assistance
13. For each snap-in path, add the following entries to the Windows
Firewall: Define program exceptions setting:
o %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance
o %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote
Assistance
o %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote
Assistance - Windows Messenger and Voice
More information:
Overview of Remote Assistance in Windows XP
http://support.microsoft.com/kb/300546/EN-US/
Supported connection scenarios for Remote Assistance
http://support.microsoft.com/?id=301529
300692 Description of the Remote Assistance Connection Process
http://support.microsoft.com/?id=300692
Hope above information helps! I am happy to be of assistance to you and
look forward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
From: "Xavier" <xminet@xxxxxxxxxxxxxxxxxxxxxxx>domain
Subject: using remote assistance without being domain admin ?
Date: Mon, 20 Feb 2006 15:11:12 +0100
Lines: 14
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Message-ID: <#V#CDeiNGHA.516@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: host-85-27-60-127.brutele.be 85.27.60.127
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:245822
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hello,
I do have an external vendor who has admin rights on my workstations. I
would like this person to be able to use the remote assistance feature in
order to help end-users. However the documentation seems to imply that for
using this feature, the vendor should be made member of the domain admin
group which is something I do not want. Is there a way to avoid this
admin membership condition (SBS2003 SP1 - XP SP2 workstations).
Thanks,
Xavier
.
- Follow-Ups:
- Re: using remote assistance without being domain admin ?
- From: "Jenny wu [MSFT]"
- Re: using remote assistance without being domain admin ?
- References:
- using remote assistance without being domain admin ?
- From: Xavier
- RE: using remote assistance without being domain admin ?
- From: "Jenny wu [MSFT]"
- using remote assistance without being domain admin ?
- Prev by Date: Re: New kid, please help
- Next by Date: Re: New kid, please help
- Previous by thread: RE: using remote assistance without being domain admin ?
- Next by thread: Re: using remote assistance without being domain admin ?
- Index(es):
Relevant Pages
|
