Windows Vista Resource Kit Chapter 23: Supporting Users Using Remote Assistance (Part 2)

by [Published on 27 June 2007 / Last Updated on 27 June 2007]

A WindowsNetworking.com exclusive! The three articles in this series represent an entire chapter of the Windows Vista Resource Kit, excerpted with permission from Microsoft Press.

If you would like to read the other parts in this article series please go to:
Windows Vista Resource Kit Chapter 23: Supporting Users Using Remote Assistance (Part 1)
Windows Vista Resource Kit Chapter 23: Supporting Users Using Remote Assistance (Part 3)

Using Remote Assistance in the Enterprise

The main Remote Assistance scenario within a corporate networking environment is supporting desktop computers that are on the corporate network and joined to a domain. Users’ machines must be configured appropriately before they can be offered RA. This is done via Group Policy, as explained in the section of this chapter titled “Managing Remote Assistance Using Group Policy. Additionally, the Remote Assistance exception in the Windows Firewall must be enabled. For more information, see the section titled “Remote Assistance and Windows Firewall” earlier in this chapter .

Because most corporate networks have a perimeter firewall blocking access from outside the internal network, supporting remote users who are connecting from outside the corporate network can be more difficult. However, most enterprises now use virtual private network (VPN) technologies to allow remote users to connect to their corporate networks over the Internet, and this kind of scenario generally poses no problem to RA functionality.


Get the Windows Vista Resource Kit today!

Using Remote Assistance in the Corporate Help Desk Environment

The standard approach to using Remote Assistance in an enterprise environment is for Help Desk personnel to offer Remote Assistance to users who telephone in to request assistance. A typical scenario might be as follows:

  1. User Jane Dow (the User) is having problems configuring an application on her computer. She phones Help Desk, explains her problem briefly, and asks for help.
  2. A Help Desk person named Jacky Chen (the Helper) asks Jane for the fully qualified name or IP address of her computer. She responds with the information, which she can get from computer properties or by running ipconfig.
  3. Jacky starts Remote Assistance on his computer and uses the Offer RA feature to offer help to Jane. This causes a dialog to appear on Jane’s computer, asking her if she would like to allow Jacky to connect to her computer.
  4. Jane accepts the offer, and at this point Jane’s desktop may temporarily change to conserve network bandwidth used by the Remote Assistance session. The Remote Assistance window that opens on Jane’s screen tells her that she is being helped by Jacky.
  5. At this point, Jacky can see Jane’s screen but he can’t control it. Jane then explains the problem she is having, either by using the Chat feature of Remote Assistance, or more likely over the telephone. Jacky asks Jane to perform a series of steps to correct the problem and watches her screen in his own Remote Assistance window as she does this.
  6. If the instructions Jacky provides are too complex or if time is limited, Jacky can ask Jane if he can share control of her computer. If Jane agrees, Jacky clicks the Request Control button at the top of his Remote Assistance window. A dialog appears on Jane’s desktop asking her if she wants to allow Jacky to share control of her desktop. Jane accepts the prompt, and also selects the option to allow Jacky to respond to User Account Control (UAC) prompts on Jane’s computer.
  7. Jacky is now connected to Jane’s computer using Jane’s credentials, and he can both view her screen and interact with it using his own mouse and keyboard. Jacky then proceeds to perform the steps needed to resolve the problem, either correcting the issue or demonstrating to Jane how to fix the problem if it occurs again in the future. If at any time Jane wants to force Jacky to relinquish control of her computer, she can click the Stop Sharing button, the Disconnect button, or press the Panic key (Esc).

NOTE Offer RA needs preconfiguration of the User’s machine via Group Policy. See the section titled “Managing Remote Assistance Using Group Policy” later in this chapter for more information.

Other Possible Remote Assistance Usage Scenarios

Other types of Remote Assistance scenarios are also possible for businesses ranging from large enterprises to Small Office/Home Office (SOHO) environments. Examples of possible usage scenarios include:

  • A user who is having a problem with configuring an application on her computer can phone Help Desk for assistance. A support person can then use Offer RA to connect to the user’s computer, ask for control of her screen, and show the user how to configure her application. This scenario is the standard one for enterprise Help Desk environments and is described in more detail in the section titled “A Typical Remote Assistance Scenario for Corporate Help Desk” later in this chapter.
  • A user who is having trouble installing a printer sends an RA invitation to Help Desk using Windows Mail. A support person who is monitoring the Help Desk e-mail alias reads the message, opens the attached invitation file, and connects to the user’s computer. The support person asks for control of the user’s computer and walks him through the steps of installing the printer.
  • A user is on the road and is connected to the internal corporate network using a VPN connection over the Internet. The user is having problems configuring Windows Mail on her computer, so she opens Windows Messenger and notices that someone she knows in Corporate Support is currently online. She sends an RA invitation to the support person using Windows Messenger, who responds to the invitation, asks for control, and shows the user how to configure Windows Mail.

The preceding list is not intended to be complete - other corporate support scenarios using RA are possible. Generally speaking, however, corporate environments will use Offer RA to provide assistance to users who phone Help Desk when they have problems. Some enterprises may also allow users to submit RA invitations either via e-mail or by saving invitation files to network shares that are monitored by support personnel. Others may use instant messaging applications that support Remote Assistance within the corpnet.

Helpers can have multiple RA sessions open simultaneously—one session for each User they are supporting. However, Users can have only one RA session in the Waiting For Connect state. The invitation that was created could be sent to multiple recipients—any of whom may connect. All subsequent connect attempts will be blocked until the first helper disconnects, after which another helper may connect. If the user disconnects the session, the RA application terminates and no further connections will be allowed.

Interoperability with Remote Assistance in Windows XP

Remote Assistance in Vista is backward-compatible with Remote Assistance in Windows XP, with the following limitations:

  • Offer RA from Vista to XP is supported, but Offer RA from XP to Vista is not supported. This means that enterprises who want to implement Offer RA as a support solution for their Help Desk departments should ensure that computers used by  support personnel who will help users running Vista are themselves running Vista. (and not XP).
  • NAT traversal using Teredo and IPv6 is supported on Vista to Vista RA only, and not on Vista to XP.
  • Voice support for RA in XP is not supported by RA in Vista, and any attempt by a User on an XP computer to use this feature during an RA session with a Helper on a Vista computer will cause a notification message regarding this limitation to appear.
  • The MAILTO method of soliciting assistance that is supported by RA in XP is not supported by RA in Vista.
  • Windows Messenger (which shipped with XP) does not ship with Vista. Users of RA with Windows Messenger in XP will need to migrate to an IM vendor that supports Vista and Remote Assistance. Windows Live Messenger currently supports XP, Vista, and Remote Assistance.
  • Offer RA via Messenger is a new feature in Vista and is not available in Windows XP.

Implementing and Managing Remote Assistance

Remote Assistance is a powerful and flexible feature that can be used in many different ways to support users within large enterprises, medium-sized businesses, and SOHO environments. This section outlines how to initiate Remote Assistance sessions from both the UI and the command line. The section also demonstrates how to use Remote Assistance in an enterprise Help Desk environment involving two common scenarios:

  • Helper offers RA to User who has telephoned Help Desk with a problem.
  • User creates an RA invitation and saves it on a network share that is monitored by Help Desk personnel.

For information on other scenarios for implementing Remote Assistance, including sending invitations with Windows Mail and Windows Messenger, search for the topic “Remote Assistance” within Windows Help and Support.

Initiating Remote Assistance Sessions

Remote Assistance sessions can be initiated either from the user interface or the command line. A significant usability enhancement, from the perspective of support personnel, is that Offer RA is no longer buried within Help And Support as it was in Windows XP, but is instead easily accessible now from the GUI.

Initiating Remote Assistance From the GUI

Initiating Remote Assistance sessions from the GUI can be done using any of several available methods:

  • From the Start menu, click Start, then All Programs, then Maintenance, and then Windows Remote Assistance. This launches the RA app.
  • Click Start, then Help And Support, and then under the Ask Someone heading click Windows Remote Assistance.
  • Click Start, type assistance, and when Windows Remote Assistance appears in the Programs list, click it.

Any of these methods will open the initial Remote Assistance screen, shown in Figure 23-2.


Figure 23-2: The initial screen of Windows Remote Assistance

Initiating Remote Assistance From the Command Line

Remote Assistance in Vista is implemented as a standalone executable called msra.exe. You can initiate RA sessions directly from the command line or by using scripts. The syntax and usage for this command is explained in Table 23-3.

Option

Description

/novice

Launches Remote Assistance as Novice in Solicited RA mode and presents the user with the choice of either sending an RA ticket using a SMAPI-enabled e-mail application such as Windows Mail or by saving the invitation as a file. Once this choice has been made, Windows Remote Assistance opens on the Novice’s computer in the Waiting For Connect state.

/expert

Launches Remote Assistance in the Helper mode and presents the user with the choice of either specifying the location of an RA ticket to open or specifying the Novice’s computer name or address (Offer RA). The computer name can be either a host name (if the Novice is on the local subnet) or a fully qualified name (DNS name), and the address can be either an IPv4 address or an IPv6 address. Unsolicited RA without an invitation requires preconfiguration of the remote machine being helped.

/offerRA computer

Launches Remote Assistance as Helper in Unsolicited (Offer) RA mode and uses DCOM to remotely open Remote Assistance on the Novice’s computer and then connect to the Novice’s computer to initiate an RA session. The Novice’s computer can be specified using either its computer name or address. The computer name can be either a host name (if the Novice is on the local subnet) or a fully qualified name (DNS name), and the address can be either an IPv4 address or an IPv6 address. This method is demonstrated in more detail in the section titled “Scenario 1: Offering Remote Assistance to Novices” later in this chapter.

/email password

Launches Remote Assistance as Novice in Solicited RA mode and creates a password-protected RA ticket that is attached to a new RA invitation message opened by the default SMAPI-enabled e-mail client (which by default is Windows Mail). The password must be six characters or more and must be relayed separately to the Helper. The e-mail client application launches a window with the invitation file attached. The User must enter the e-mail address of the Helper in the To field to send the message to the Helper.

/saveasfile path password

Launches Remote Assistance as Novice in Solicited RA mode and creates a password-protected RA ticket that is saved at the path specified. The path may be either a local folder or network share and the User must have appropriate permissions on the destination folder to create the file. The path must include a file name for the ticket. (The .MsRcIncident file extension will be automatically added to the file name.) The password must be six characters or more. Use of this method is demonstrated in more detail in the section titled “Scenario 2: Soliciting Remote Assistance by Creating RA Tickets and Saving Them on Monitored Network Shares” later in this chapter.

/openfile path password

Launches Remote Assistance as Helper in Solicited RA mode and opens a previously created RA ticket that was saved within the path specified. The path may be either a local folder or network share and the Helper must have appropriate permissions on the destination folder to open the file. The path must include the file name of a valid ticket that has the .MsRcIncident file extension. The password must be the same password that was used by the User to secure the ticket when it was created.

Table 23-3 Syntax and usage for command-line remote assistance (msra.exe)

NOTE: There is no support for Windows Managing Instrumentation (WMI) scripting of msra.exe.

Scenario 1: Offer Remote Assistance using DCOM

Before you can offer Remote Assistance to other users, your user account must be authorized as a Helper on the user’s computer. You can use Group Policy to do this in an enterprise environment. (See the section titled “Managing Remote Assistance Using Group Policy” in this chapter for information on how to do this.)

Once a support person (or group of individuals) has been configured as a Helper for all Vista computers in a domain or OU, the support person can offer RA to users of those computers when they need assistance. For this scenario, let’s say that Tony Allen (tallen@contoso.com) is a Vista user who needs assistance with an issue on his computer. Tony telephones the Help Desk department and the call is taken by Karen Berg (kberg@contoso.com) who asks Tony for the name or IP address of his computer. Tony provides Karen with his fully qualified computer name (TALLEN-PC.contoso.com) or IP address, and Karen then offers assistance to Tony by following these steps:

  1. Start Remote Assistance using any of the methods described previously.
  2. Click Offer To Help Someone.
  3. Enter TALLEN-PC.contoso.com in the field labeled Type A Computer Name Or IP Address:

  1. Click Next

At this point a dialog box will appear on Tony’s computer asking if he would like to allow Karen to connect to his computer and view his desktop. Tony has two minutes to respond to this dialog before the offer times out and the dialog box disappears, which will cause a message saying "The person you are trying to help isn’t responding" to appear on Karen’s computer. If the offer to Tony times out, Karen can resubmit the offer by selecting it from the list of previous connections that are displayed in her RA application (Figure 23-3). If Tony accepts the offer (grants consent), the Remote Assistance session begins and Tony’s desktop will be viewable by Karen in a Remote Assistance application window.


Figure 23-3: Recent RA invitations and offers listed under Or Use A Previous Connection can be reused.

At this point the desktop properties of Tony’s desktop may change (based on configurable settings) to optimize the network bandwidth used by RA for screen updates on Karen’s computer. Karen can now request control from Tony, send files to Tony or receive files from him, chat with Tony, or disconnect the session. Tony can send and receive files, chat, or pause or disconnect the session.

NOTE: If you are a User and a Helper has shared control of your computer, you can immediately terminate shared control and return the session to Screen Sharing state by pressing the Panic key (Esc).

Scenario 2: Soliciting Remote Assistance by Creating RA Tickets and Saving Them on Monitored Network Shares

Another way that you can use Remote Assistance in an enterprise environment is by having users create invitation files and save them on a network share that is monitored by Help Desk personnel. This way, when Help Desk determines that a new ticket has been uploaded to the share, a support person can call the user on the telephone to obtain the password for the ticket and then use the ticket to establish an RA session with the user who needs help.

To make procedure easier, administrators an first deploy a script on users’ desktops that uses command-line Remote Assistance (msra.exe) to create the invitation file and save it on the network share. For example, let’s say that users’ invitation files should be uploaded to \\FILESRV3.contoso.com\Support\IncomingTickets, a folder in the Support share on the file server named FILESRV3. The following script, named SubmitTicket.vbs, could be deployed on each user’s desktop to accomplish this task:

dim strPassword

dim strUser

dim strTicketName

strPassword = InputBox("Enter a password for your ticket")

Set WshShell = Wscript.CreateObject("Wscript.Shell")

strUser = WshShell.ExpandEnvironmentStrings("%username%")

strTicketName = strUser & "-" & Year(Now) & "-" & Month(Now) & "-" & Day(Now) & _

   "-" & Hour(Now) & "-" & Minute(Now) & "-" & Second(Now)

strRA = "msra.exe /saveasfile \\FILESRV3\Support\IncomingTickets\" & _

   strTicketName & " " & strPassword

WshShell.Run strRA

When the user double-clicks on this script to run it, an Input box appears asking the user to provide a password to be used to secure the invitation. After the user supplies a password, a new RA ticket is created and saved in the target folder on the file server. The name of the ticket is unique and consists of the user’s name followed by the date and time, such as tallen-YYYY-MM-DD-HH-MM-SS.MsRcIncident. Once the support person monitoring the share has obtained the ticket’s password using an OOB method such as a telephone call, the support person opens the ticket. After the User grants consent, the RA connection is established.

To monitor the IncomingTickets folder in the network share, Help Desk personnel can use the file-screening capabilities of Windows Server 2003 R2 file servers. To do this, you can create a passive file screen that monitors the folder and sends an e-mail alert to a Help Desk alias whenever a new ticket is uploaded to the folder. The steps for doing this are:

  1. Install or upgrade the File Server role on the Windows Server 2003 R2 computer where the Support folder is located.
  2. Start the File Server Resource Manager console from Administrative Tools, right-click the root node, and select Configure Options.
  3. Specify the DNS name of the IP address of an SMTP host that can be used to forward alert e-mails generated by the file screen you will create.
  4. Click OK to close File Server Resource Manager Options, and expand the console tree to select File Screens under File Screening Management.
  5. Select the option Create File Screen in the Action pane.
  6. Click Browse to select the Incoming folder for the File Screen Path.
  7. Select the option labeled Define Custom File Screen Properties and click Custom Properties.
  8. Choose the option for Passive Screening so that uploaded tickets will only be monitored and not blocked by the screen.
  9. Click Create to create a new file group called RA Tickets and use the Add button to add files of type *MsRcIncident to the group.

  1. Click OK to return to the properties sheet for the new file screen, and select the checkbox for the RA Tickets file group you just created.

  1. Click the Email tab and specify a support alias (such as support@contoso.com) that will be notified whenever a new ticket is uploaded to the folder. Configure a suitable subject and body for the message.
  2. Click Create to create the new file screen and then choose the option to save the screen without creating a template.
  3.  Test the new file screen by opening a command prompt on a user’s computer and typing msra.exe /saveasfile path password where path is the UNC path to the Incoming folder within the Support share on the file server, and password is any password of six or more characters that you specify.

For more information on how to implement file screening in Windows Server 2003 R2, see the topic "Screening Files" on the Microsoft Windows Server TechCenter at Microsoft TechNet Screening Files.

This chapter will conclude with the next article in this series.

If you would like to read the other parts in this article series please go to:
Windows Vista Resource Kit Chapter 23: Supporting Users Using Remote Assistance (Part 1)
Windows Vista Resource Kit Chapter 23: Supporting Users Using Remote Assistance (Part 3)

Advertisement

Featured Links