Chapter 8
Remote Desktop uses Windows XP Professional security features to grant or
deny access based on user permissions. Therefore, keep in mind the follow-
ing security considerations:
You cannot typically make a connection to an external, nondomain com-
puter outside your firewall because Remote Desktop uses Terminal
Services and Remote Assistance technology that requires a specific port,
TCP port 3389 by default, to be open for the connection to work.
Remote Desktop does not allow simultaneous remote and local access to
the Windows XP professional desktop.
Using Remote Assistance for
Remote Assistance enables a desktop support technician to view or share
control of a user’s computer running Windows XP. For remote assistance to
commence, either the “novice” must invite the “expert” to view or share con-
trol of the computer or the expert must “offer assistance” to the novice, who
must accept the offer.
The feature allows the user to invite a trusted person (the expert) to remote-
ly and interactively assist them. This feature is useful in situations where col-
laboration with a user is required to resolve remote computer problems.
Members of the Administrators and Domain Admins groups have Remote Desktop
Connection privileges by default.
Be aware of the difference between Remote Desktop Connections and Remote
Assistance. A Remote Desktop Connection establishes a new session. Remote
Assistance attaches another user (the expert) to an existing session.
To use Remote Assistance, both the novice and expert need to be present at their
computers and must cooperate with each other.
Remote Assistance requires that both computers are running the Microsoft Windows
XP operating system or later.
The Remote Assistance session can be initiated by either the novice or the
expert. A request for assistance is generally made through the local Help and
Support Center (see Figure 8.16).
Managing and Troubleshooting Network Protocols and Services
Figure 8.16 The local Help and Support Center with the Ask for Assistance option in the upper right.
A user can invite an expert by using email, Windows Messenger, or Outlook
Express. If the novice is on the Internet, anyone running Windows XP or
later can be invited by him to view his desktop, and with permission, the
expert user can share control of the novice’s computer.
An expert can offer assistance to the user first, but the option to receive an
offer must first be enabled on the novice’s computer by editing the local pol-
icy settings, under Computer Configuration, Administrative Templates,
System, Remote Assistance, Offer Remote Assistance (Enabled).
In this scenario, the expert offers assistance through a Help and Support
Center Tools in the Help and Support Center, shown in Figure 8.17. Once
the offer is made and the novice accepts the offer, the expert can view and
“take control” of the novice’s computer.
When the novice clicks the Allow Expert Interaction button, the expert performs all
actions under the novice’s user security context and therefore assumes the same
level of network access and local computer privileges as the novice.
To allow experts outside your organization to establish Remote Assistance connec-
tions (for example, outsourced technical support), the preferred connection method
is through a VPN account because it doesn’t need to open TCP Port 3389 on the fire-
Chapter 8
Figure 8.17 An expert’s Help and Support Center displaying the Offer Remote Assistance option.

Get Supporting Users and Troubleshooting a Windows® XP Operating System Exam Cram™ 2 (Exam 70-27) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.