Remote Assistance

[Parmb]

Hi all,

Ok we run 2 domains, NT4 and 2003 AD with a one way Trust.

I want to configure remote assistance on XP Pro machines which are in the NT4 Domain.

Basically i need to mannually

"Configure the Offer Remote Assistance policy setting"

as per

http://support.microsoft.com/default.aspx?kbid=301527

i can get RA working fine.


however i have over 150 desktops in the NT4 Domain, anyone know how i can script this gpedit? I understand i can enable the setting through regedit. but i still need to specify a security group who is allows to offer RA to the PC

Thanks in Advance,

ParmB

 

[bcastner]

Your KB article is for the Group Policies that govern solicited remote assistance offers.

Why not use instead unsolicited remote assistance offers?

. For the "Novice" computer, all that is required to accept unsolicited offers of remote assistance would be:
1. Start / Run / Sysdm.cpl / OK.
2. Select the Remote tab.
3. Check the Allow users to connect remotely to this computer box.
4. Press OK.

This process can be "pushed" as a registry file. Open notepad and copy/paste the below as enable_remote.reg :

--------- begin copy/paste below this line
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,­00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,­\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,­\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,­\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,­\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,6c,00,00,00,7c,00,00,00,00,00,00­,00,\
14,00,00,00,02,00,58,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,­\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,­\
00,01,00,00,00,00,00,00,24,00,1f,00,00,00,01,05,00,00,00,00,00,05,15,00,00,­\
00,fd,37,42,40,07,e9,94,2d,8a,a7,32,3f,f0,03,00,00,01,02,00,00,00,00,00,05,­\
20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00­,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,­\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,­\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,­\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"
"LegacyImpersonationLevel"=dword:00000003
"LegacyAuthenticationLevel"=dword:00000002


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityChec­kExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"


----------- end copy/paste above this line


. For the "Expert" computer, this KB explains what is required:
See:

http://support.microsoft.com/kb/308013/

. You can create a shortcut for the "Expert" computers and distribute it:

"%ProgramFiles%\Internet Explorer\iexplore" hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm

. You can have the "Novice" computers automaticly accept offers:

1. Open a notepad session and edit C:\windows\pchealth\HelpCtr\System\Remote @ssistance\helpeeaccept.htm

btnAccept.disabled = false;
btnDecline.disabled = false;
btnDecline.focus();

to this

btnAccept.disabled = false;
btnDecline.disabled = false;
btnDecline.focus();
// added line to allow automatic acceptance of RA offer
DoAccept();

Save.

2. Open notepad and edit C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm

idExpert1.innerText = vArgs[0];
idExpert2.innerText = vArgs[0];
idExpert3.innerText = vArgs[0];
// Added to allow take remote control of PC
onClickHandler(0)

Save

Distribute these two files to all the "Novice" users. What happens with these chnages is that the "Novice" computer will automaticly accept "unsolicited" Remote Assistance offers from your Domain only.

 

[bcastner]

I want to add to my Enable_Remote.reg file above:

------ add to .reg file listed above:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsNT\Terminal Services]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsNT\Terminal Services]
"Shadow"=dword:00000002

----------------- end addition

 

[linney]

301527 - How to configure a computer to receive Remote Assistance offers in Windows XP and Windows 2003

http://support.microsoft.com/default.aspx?kbid=301527&FR=1

306496 - How to configure or disable Solicited Remote Assistance in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;306496&FR=1&PA=1&SD=HSCH

300546 - Overview of Remote Assistance in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;300546&FR=1&PA=1&SD=HSCH

306045 - Remote Assistance Session Cannot Connect

http://support.microsoft.com/default.aspx?scid=kb;en-us;306045&FR=1&PA=1&SD=HSCH

To offer remote assistance type the following in the start run box -

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/unsolicited/unsolicitedrcui.htm