Windows 7 also brought a new version of Remote Assistance to the market. This built-in feature (installed on all Windows 7 PCs) is very handy and eliminates the need for paid third-party programs. The following tutorial describes how you can implement this solution.
Remote Assistance vs. Remote Desktop
Remote Assistance and Remote Desktop are features of Windows 7 that are used differently. Remote Desktop is a tool to log on to a device remotely. Per login a new user session is opened. Remote Desktop can also be used to log on to devices that do not have an active session open.
Remote Assistance on the other hand is a tool to provide interactive support to users. In order for a Remote Assistance connection to be established, the user and also the helpdesk employee must be present at the computer. After the connection is established, both participants see the same screen and the helpdesk employee can actively intervene.
Improved version of Remote Assistance in Windows 7
- Connection improvement through transparent NAT using Toredo and IPv6
- Improved user interface, for easy operation
- Improved footprint through bandwidth optimized display using RDP
- Full compatibility with the new security features of Win 7 (UAC)
- Group management policies for central administration of the functions
- Backward compatibility, thus also applicable for Windows XP
Remote Assistance IP ports and Windows Firewall
In an internal network with Windows Firewall disabled, there are no connection problems.
When using the Windows 7 default domain profile, the default firewall configuration is already set correctly and the remote maintenance option is active.
Ports used if access is to be made through the company firewall: (Not discussed further in this document):
Windows 7 to XP or Windows Vista to Windows XP Port 3389 TCP (local/remote) For DCOM connections Port 135 (TCP) More: KB Microsoft
Backward compatibility
With Windows Vista clients
Remote Assistance is fully backward compatible
With Windows XP clients
Remote Assistance from Windows 7 is backward compatible with Remote Assistance from Windows XP, but there are some limitations. The GUI on the Windows XP machine is not the same as Windows 7 and the custom messages set by GPO cannot be displayed. However, with XP you cannot give remote assistance to Windows 7 devices. This means that the helpdesk staff has to work with Windows 7 clients.
Implementation proposal
The MSRA.exe program is installed by default on all Windows 7 clients;
For helpdesk staff, therefore, only a shortcut needs to be created. Alternatively, it can also be called via the command line: msra.exe /offerRA
Group Policy Settings
In order for the clients to allow access, some group policy settings must be made.
Important: Group Policy must be set for Computer (Computer Configuration). GPO must be applied to a Computer object.
Policy Name: RemoteAssistance
Path: Computer Configuration -> Administrative Templates -> System -> Remote Assistance
1. Turn on session logging to Enable
For each session there is a log on the helpdesk staff member's PC under: Users\user_name\Documents\Remote Assistance Logs
2. Turn on bandwidth optimization
3. Customize Warning Messages
4. Solicited Remote Assistance on Disable
5. Offer Remote Assistance
Here you define the groups that are allowed to offer Remote Assistance.
You may encounter the following error message when connecting:
The support offer could not be sent
Check the following:
- Do you have the correct permissions for the remote computer?
- Is the remote computer turned on and connected to the network?
- Is there a network problem?
You still need to authorize the following Local Group.
Under: Computer Configuration/Preferences/Control Panel Settings/Local Users and Groups
Add Local Group
You now have to assign a user group to this local group, in which the users offering Remote Assistance are located.
For English operating systems you have to add group permissions to the following group: "Offer Remote Assistance Helpers"
Connection setup Remote Assistance / Application example
1. The helpdesk employee runs the Remote Assistance application by clicking on the shortcut or executing MSRA /offerRA and the following GUI appears:
2. if the target computer is on the network and a user is logged in, the connection is established:
3. the user on the desktop will now see the following message:
4. now it shows the user that the connection has been successfully established. In addition, for performance optimization, Windows Aero is turned off, the color depth is reduced to 16 bits, and the background image is disabled:
5. the helpdesk employee now has "desktop view" but cannot interact:
6. to take control the helpdesk employee must click on "Request control":
7. the user must now confirm this action again. The following message appears:
After that, the helpdesk employee can control the device remotely.
By closing the window (user and helpdesk staff side) the remote maintenance is terminated.