Remote Assistance vs. Remote Desktop
Remote Assistance and Remote Desktop are built-in functions of Windows 7 that are each used in a different manner.
Remote Desktop is used to remotely connect to other clients and with each logon it creates a new user session. With remote desktop you can connect to a client that has no active user sessions. It’s predominantly used to connect to servers.
Remote Assistance on the other hand is a tool used to interact with users working on the workstation. To make a remote assistance connection happen, the user and the helpdesk employee have to be logged-in on their respective workstations. After the connection is initiated, both parties can view the same screen and the helpdesk employee can interact with the user`s desktop.
Improved Version of Remote Assistance in Windows 7
- Connection improvements with a transparent NAT using Toredo and IPv6
- Redesigned User-interface to enhance user experience
- Bandwidth optimized with RDP protocol (lighter footprint)
- Full compatibility with the new security features of Windows 7 (UAC)
- Group policy settings to control the settings globally
- Downwards compatibility to support Windows XP clients
Remote Assistance IP Ports and Windows Firewall
In an internal network with a disabled windows firewall, there should not be any problems to be anticipated.
When using the Windows 7 default domain profile, the default firewall configuration is already set correctly and the remote maintenance option active.
Used ports, if you want to have access from remote locations, are not addressed in this document:
Windows 7 to Windows XP or Vista to Windows XP TCP port 3389 (local / remote) for DCOM connections to port 135 (TCP) More: KB Microsoft
Backward compatibility
With Windows Vista Clients
Remote Assistance is fully backwards compatible
With Windows XP Clients
Remote Assistance in Windows 7 is backwards compatible with Remote Assistance in Windows XP, but there are some limitations. The GUI on the Windows XP computer is not the same as in Windows 7 and the custom error messages, which are set by GPO, cannot be displayed. With XP you cannot give Remote Assistance for Windows 7 devices. This means that the help desk staff to has work with Windows 7 clients.
Implementation proposal
The program msra.exe is installed by default on all Windows 7 clients.
For help desk staff you could create a shortcut on the desktop. Alternatively, it can be opened via the Command Line: msra.exe /offerRA
Group Policy Settings
In order to allow clients access, you need to establish some Group Policy settings.
Policy Name: RemoteAssistance
Path: Computer Configuration -> Administrative Templates -> System -> Remote Assistance
1. Turn on session logging = Enable
Each session is logged in this path: Users\user_name\Documents\Remote Assistance Logs
2. Turn on bandwidth optimization
3. Customize Warning Messages
4. Solicited Remote Assistance = Disable
5. Offer Remote Assistance
Here you define which groups have access to remote assistance. For instance, the help desk group.
The following error message may occur:
Remote Assistance connection could not be established
You need to create a local group within the GPOs.
Path: Computer Configuration -> Preferences -> Control Panel Settings -> Local Users and Groups
Add Local Group
To this local group, you need to assign a user group that is defined to offer remote assistance to clients.
Example Connection sequence with Remote Assistance
1. The help desk staff initiates by clicking on the shortcut or runing MSRA / offerRA from the command line; they will get the following GUI:
2. If the target computer is connected to the network and a user is logged on, the connection will be established:
3. This message prompts on the user`s screen:
4. Now it signals to the user that the connection has been successfully established. For performance optimization Windows Aero is turned off, the color depth is reduced to 16 bit and the background image is disabled:
5. The help desk staff now has visual access to the employees screen:
6. To gain control, the staff has to make a request "request control":
7. The user has to reconfirm this request and agrees, thereby, that the help desk staff can control his or her workstation:
After the handshake, the help desk employee can remotely work in the current user session.
Closing the window on either side causes the remote assistance session immediately.