Remote Assistance Windows 7, Free Built-in Remote Control

User support / remote help desk support solution with Group Policy (GPO)

Microsoft released, with Windows 7, a new version of the remote assistance tool. This built-in feature (installed on all windows 7 clients) is very handy and makes costly third-party solutions obsolete. The following tutorial describes how you can implement this solution in your company network.

Remote Assistance vs. Remote Desktop

Remote Assistance and Remote Desktop are built-in functions of Windows 7 that are each used in a different manner.

Remote Desktop is used to remotely connect to other clients and with each logon it creates a new user session. With remote desktop you can connect to a client that has no active user sessions. It’s predominantly used to connect to servers.

Remote Assistance on the other hand is a tool used to interact with users working on the workstation. To make a remote assistance connection happen, the user and the helpdesk employee have to be logged-in on their respective workstations. After the connection is initiated, both parties can view the same screen and the helpdesk employee can interact with the user`s desktop.

Improved Version of Remote Assistance in Windows 7

Connection improvements with a transparent NAT using Toredo and IPv6
Redesigned User-interface to enhance user experience
Bandwidth optimized with RDP protocol (lighter footprint)
Full compatibility with the new security features of Windows 7 (UAC)
Group policy settings to control the settings globally
Downwards compatibility to support Windows XP clients

Remote Assistance IP Ports and Windows Firewall

In an internal network with a disabled windows firewall, there should not be any problems to be anticipated.

When using the Windows 7 default domain profile, the default firewall configuration is already set correctly and the remote maintenance option active.

Used ports, if you want to have access from remote locations, are not addressed in this document:
Windows 7 to Windows XP or Vista to Windows XP TCP port 3389 (local / remote) for DCOM connections to port 135 (TCP) More: KB Microsoft

Backward compatibility

With Windows Vista Clients
Remote Assistance is fully backwards compatible

With Windows XP Clients
Remote Assistance in Windows 7 is backwards compatible with Remote Assistance in Windows XP, but there are some limitations. The GUI on the Windows XP computer is not the same as in Windows 7 and the custom error messages, which are set by GPO, cannot be displayed. With XP you cannot give Remote Assistance for Windows 7 devices. This means that the help desk staff to has work with Windows 7 clients.

Implementation proposal

The program msra.exe is installed by default on all Windows 7 clients.

For help desk staff you could create a shortcut on the desktop. Alternatively, it can be opened via the Command Line: msra.exe /offerRA

Group Policy Settings

In order to allow clients access, you need to establish some Group Policy settings.

Policy Name: RemoteAssistance
Path: Computer Configuration -> Administrative Templates -> System -> Remote Assistance

1. Turn on session logging = Enable
Each session is logged in this path: Users\user_name\Documents\Remote Assistance Logs

2. Turn on bandwidth optimization

Turn on bandwith optimization properties

3. Customize Warning Messages

4. Solicited Remote Assistance = Disable

5. Offer Remote Assistance

offer remote assistance properties

Here you define which groups have access to remote assistance. For instance, the help desk group.

windows 7 remote assistance feature

The following error message may occur:

Remote Assistance connection could not be established

You need to create a local group within the GPOs.
Path: Computer Configuration -> Preferences -> Control Panel Settings -> Local Users and Groups
Add Local Group

Offer Remote Assistance Helpers

To this local group, you need to assign a user group that is defined to offer remote assistance to clients.

Example Connection sequence with Remote Assistance

1. The help desk staff initiates by clicking on the shortcut or runing MSRA / offerRA from the command line; they will get the following GUI:

remote assistance anbieten

2. If the target computer is connected to the network and a user is logged on, the connection will be established:

remotunterstützung anbieten

3. This message prompts on the user`s screen:

windows remoteunterstützung verbindung

4. Now it signals to the user that the connection has been successfully established. For performance optimization Windows Aero is turned off, the color depth is reduced to 16 bit and the background image is disabled:

performance optimierung windows aero ausschalten

5. The help desk staff now has visual access to the employees screen:

windows Remoteunterstützung beobachter modus

6. To gain control, the staff has to make a request "request control":

windows remotunterstützung steuerung anfordern

7. The user has to reconfirm this request and agrees, thereby, that the help desk staff can control his or her workstation:

windows remoteunterstützung freigeben

After the handshake, the help desk employee can remotely work in the current user session.

Closing the window on either side causes the remote assistance session immediately.

by cloudtec Veröffentlicht: 19. May 2011 Aktualisiert: 2. August 2017