3.
Offering Remote Assistance via DCOM
If you start
Windows Remote Assistance by typing msra
/offerra at a command prompt, you'll see a
dialog box similar to the one following:
Here you can enter the
computer name or IP address of a user you want to assist. The ability to
offer assistance in this way is intended primarily for corporate help
desks and technical support centers within large organizations. It uses DCOM
connectivity and requires prior configuration of the novice's computer,
including configuration of that computer's firewall and user accounts;
this is most easily done through Group Policy on a domain-based network.
If you're trying to assist someone on a small network in a home or
business, this option isn't for you; your best bet is to establish the
Windows Remote Assistance connection through the methods described
earlier. (The reason DCOM connectivity is not readily available in
workgroups is primarily security. Allowing anyone to offer assistance to
someone else is rife with danger.)
|
The ability to
offer assistance via DCOM
is impractical except for experts in a domain environment. If you must
rely on your novice friends to initiate a request by sending you an
invitation, you can help them out by creating a shortcut on their desktop that
creates an invitation and attaches it to an e-mail message; all they
need to do is click Send. To do that, use the /Email option with
Msra.exe. For details, at a command prompt type msra /?.
|
4. Working in a
Remote Assistance Session
After a Remote
Assistance connection has been established, a Windows Remote Assistance
window opens on the expert's machine, as shown in Figure 4.
As the expert, you'll
use the toolbar at the top of the Windows Remote Assistance screen to
take control of the remote desktop, open a chat window, send a file, or
disconnect when the session is complete. The novice has similar options
available. The toolbar provides the functions shown in Table 1.
Table 1. Toolbar Functions
available in a Windows remote assistance Session
 | Request
Control allows (with the novice's consent) the expert to take control
of the novice's computer. While the expert has control,
each party's toolbar has a Stop Sharing button, with which either user
can return exclusive control to the novice. |
 | Clicking
Actual Size toggles the expert's view of the novice's Actual Size
screen between the actual size and a scaled view that fits in the
Windows Remote Assistance screen without the use of scroll bars. |
 | Clicking
Chat opens a chat pane that works much like an instant messaging
program. |
 | The
Settings button appears on the Windows Remote Assistance toolbar for
both users, but it summons a different set of options, as shown in Figure 5. |
 | Clicking Help displays a list of Windows Remote Assistance
topics in Windows Help And Support. |
The novice sees a
slightly modified version of this toolbar:
On the novice's
toolbar, the Stop Sharing button becomes active if the expert asserts
control; as its name suggests, it lets the novice suspend control
sharing. The Pause button makes the novice's screen temporarily
invisible to the expert—until the novice clicks Continue.
4.1. Sharing
Control of the Novice's Computer
For obvious security
reasons, clicking Request Control sends a request to the novice, who
must grant permission before the expert can actually begin working with
the remote desktop. (See Figure 6.) While the expert has control, the
novice's computer responds to input from the keyboard and mouse of both the expert and
the novice. At any time, the novice can cut off the expert's ability to
control the session by tapping the Esc key; alternatively, either party
can return exclusive control to the novice by clicking Stop Sharing.
Regardless of his or
her expert credentials, the expert's actions in a Windows Remote
Assistance session are governed by the privileges assigned to the novice user's account.
When connecting to a machine belonging to a user with a standard user
account, for instance, you might be unable to edit the registry or make
necessary configuration changes unless you can supply the password for
an administrator account on the novice's computer.
4.2.
Terminating a Remote Assistance Session
Either party can
terminate a Windows Remote Assistance connection at any time. The novice
does this by clicking the Cancel button on his or her Windows Remote
Assistance toolbar. The expert does it by clicking the Close button on the Windows
Remote Assistance window.
5. Using
Remote Assistance with Earlier Windows Versions
Windows 7 is not the
first version of Windows to include Remote Assistance; it's also
available in Windows Vista, Windows XP, Windows Server 2008, and Windows
Server 2003. For the most part, experts and novices on any of these
platforms can use Windows Remote Assistance to help each other. There
are some limitations:
If either
computer is running an earlier version of Windows, Windows Remote
Assistance in Windows 7 reverts to the capabilities of the earlier
version. New connectivity features such as Easy Connect and NAT traversal using Teredo
are unavailable.
Windows
Remote Assistance in Windows 7 does not support voice chat, which
was supported in Windows XP.
Pausing a session is a
feature that was introduced in Windows Vista. (The expert can't see what
occurs while a session is paused.) If a novice running Windows 7 pauses
a session, an expert running Windows XP receives no indication that the
session has been paused.
You cannot offer assistance from a computer running Windows XP.
Invitation
files created on a computer with the "Windows Vista or later" option
enabled (shown in Figure
3) are completely encrypted and
cannot be used on computers running earlier versions.
6. Maintaining
Security
Windows Remote Assistance
is a powerful tool. In the wrong hands, it's also potentially dangerous
because it allows a remote user to install software and tamper with a
system configuration. In a worst-case scenario, someone could trick an
unsuspecting novice into allowing access to his or her machine and then
plant a Trojan horse application or gain access to sensitive files.
Windows Remote
Assistance was designed and built with security in mind, and several
enhancements were introduced with the Windows Vista version. For
example:
A password is
required for all connections, whether by Easy
Connect, invitation fle, or instant messenger.
The novice must agree
to accept each incoming connection and must approve each request to
share control.
Invitation
files expire six hours after they're created or when the Windows Remote
Assistance session is closed.
Windows Remote Assistance uses a dynamic port
assignment.
By
default, the Windows Firewall exception for Remote Assistance is enabled only on
private networks.
For these reasons
and more, Windows Remote Assistance is sufficiently secure out of the box. You
can take the following additional precautions to completely slam the
door on Windows Remote Assistance–related security
breaches:
Set a short
expiration time on Windows Remote Assistance invitations sent via
e-mail. An expiration time of one hour should be sufficient for most
requests. (Note that the invitation must be accepted within the
specified time; you don't need to specify the length of the Windows
Remote Assistance session.) An expired RA ticket file is worth less to a
potential hacker.
Because
e-mail is fundamentally insecure, do not send a password with an
invitation. Instead, communicate the password by telephone or in a
separate e-mail message.
Manually expire an
invitation when it's no longer needed. To do so, simply close the
Windows Remote Assistance screen.
If both the expert and novice use Windows Vista
or Windows 7, use encrypted invitation files. Open System in Control
Panel. In the Tasks list, click Remote Settings. On the Remote tab, click Advanced. Then
select Create Invitations That Can Only Be Used From Computers Running
Windows Vista Or Later. (See Figure
3.)
Disable
Remote Assistance on any machine where the possible benefits of a
Windows Remote Assistance session are outweighed by potential security
risks. To completely disable Remote Assistance on a given machine, open
System, click Remote Settings, click the Remote tab, and then clear
Allow Remote Assistance Connections To This Computer. If that step seems
too drastic, you can limit Remote Assistance capabilities so that an
expert cannot take control of the remote machine. On the Remote tab,
click Advanced and then clear Allow This Computer To Be Controlled
Remotely.
7. Improving
Remote Assistance Performance
You might shudder at the
thought of accessing another desktop over a dial-up connection.
Surprisingly, the performance can be quite usable. You wouldn't want to
use this sort of connection for everyday work, but for troubleshooting,
it's good enough.
You can
maximize Remote Assistance performance over a slow link by observing
these guidelines:
If possible,
use Windows Vista or Windows 7 for both the novice and expert. Its
version of Remote Assistance incorporates a number of performance
enhancements compared to the version included in Windows XP, but most of
these improvements are effective only when both computers are running
Windows Vista or Windows 7.
Close any
unnecessary applications on the novice machine.
Don't let the novice move
the mouse on the novice machine, if possible, when the expert is in
control of the screen.
Reduce the visual complexity of the novice machine as much
as possible. Reduce the display resolution to 800 by 600 and use only as
many colors as is absolutely necessary. If the novice has a
multimonitor setup, disable that for the duration of the Remote
Assistance session.
Turn off desktop animations and other sophisticated visual
effects, and avoid opening windows that contain complex graphics unless
absolutely necessary.
The last two suggestions
can be implemented by using the Settings button on the novice machine.
The Bandwith Usage slider (see Figure 5) has four settings; for details about
each setting, move the slider. The slower your connection, the lower you
should set this slider.
