Admin to help Admin! - Remote Assistance

osaddictosaddict London, UK
edited January 2010 in Science & Tech
I just tried remote assistance again (as bundled with Vista) to assist a colleague.

In the past this has been a pain, as prompts for me to enter domain admin credentials result in the screen being blacked out and a white pause sign in the top left corner. So I can only assist with non admin tasks, grr.

So, being more careful this time I notice a popup - allow <admin name> to respond to UAC prompts (or words to that effect), HOWEVER, to click yes to this dialogue box requires that you're an admin on the PC (shield over the yes button).

Bizzare that you need to be an admin to allow admin to help you! - Does anyone know a way around this?!

Comments

  • kryystkryyst Ontario, Canada
    edited January 2010
    you have to enable that on the machine as an administrator a head of time, like when you deploy it. Then in the future they can request help. It's a safety feature.

    Alternatively try a program called Gencontrol. It's a VNC based remote program that doesn't require a vnc client to be installed on the other machine.
  • osaddictosaddict London, UK
    edited January 2010
    Ah, is that something I can alter now via group policy? - If not, how does one go about changing that setting now?

    I tried Gencontrol a while back and it just didn't play ball on our network / with out workstations, persisted for quite a while I seem to remember.
  • kryystkryyst Ontario, Canada
    edited January 2010
    Yes you can change that in Group Policy. Typically it requires two re-boot cycles for that policy to roll through, the first reboot picks up the new policy rule then the second reboot enforces it.

    Computer Configuration>Administrative Templates>System>Remote Assistance.
  • osaddictosaddict London, UK
    edited January 2010
    Kryyst, that sounds very useful, however, I can't seem to find those options in group policy. I'm using Server 2008 by the way not sure if that may have different options or what?

    Attached is a screen dump of the options we have from the location you pointed me to. I looked in a few other locations and nothing jumped out.

    On a slight side issue I also looked for the options to change remote settings so that 'allow remote assistance connections to this pc' could be ticked and 'allow connections from computers running any version of remote desktop' but I couldn't find those either.

    Group policy newbie, but I thought they would be fairly easy to find, and pretty fundamental!

    Thanks for your help :)
    GPR.JPG 93.3K
  • kryystkryyst Ontario, Canada
    edited January 2010
    Solicit remote assistance and Offer remote assistance are the two policies you want enabled. Those two policies explain how they work and what you need to do from the user end also.
  • osaddictosaddict London, UK
    edited January 2010
    I did read both of those (offer remote assistance is enabled anyway) and I couldn't see how they would be relevant to the issue in hand. Despite this I enabled the solicit remote assistance option anyway.

    I'm testing this using my machine to offer assistance - (Vista) to a Laptop (Win7) with a non admin user logged on.

    Despite rebooting the laptop 3 or 4 times, and doing a gpupdate /target:computer /force too, it still refuses to play ball.

    The issue is just when the user ticks the allow user to respond to UAC prompts the yes button has a sheild on it (indicated admin rights are required).

    Not sure if the GP is different under Win7 or anything but even so I still don't see how the policies change what I'm after.

    This is the policy (solicited) that I've just enabled, still don't see how it could allow the UAC bypass.
    This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer.

    If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.

    If you disable this policy, users on this computer cannot use e-mail or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.

    If you don't configure this policy, users can enable or disable Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.

    If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."

    The "Maximum ticket time" setting sets a limit on the amount of time that a Remote Assistance invitation created by using e-mail or file transfer can remain open.

    The "Select the method for sending e-mail invitations" setting specifies which e-mail standard to use to send Remote Assistance invitations. Depending on your e-mail program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your e-mail message). This setting is not available in Windows Vista since SMAPI is the only method supported.

    If you enable this policy you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
  • kryystkryyst Ontario, Canada
    edited January 2010
    Are you trying to use RDP to just take over their computer or are they sending you a request and you aren't able to respond to it?
Sign In or Register to comment.