How Remote Assistance Works

The two parties in a Remote Assistance session are called the novice and the expert. (On some screens and in some documentation, the expert is referred to as the helper.) To use Remote Assistance, both parties must be using a Windows version that includes Remote Assistance (Windows 7, Windows Vista, Windows XP, Windows Server 2003, or Windows Server 2008), both must have an active internet connection or be on the same local area network, and neither can be blocked by a firewall.

The connection between novice and expert can be established in a variety of ways . If both parties are using Windows 7, a new Easy Connect feature is the simplest approach; a simple password exchange is all that's required. Alternatively, the novice can send a Remote Assistance invitation, using an instant messenger program or e-mail. The expert then accepts the invitation and enters an agreed-upon password. Finally, the novice approves the expert's acceptance

After the connection has been established, a terminal window on the expert's computer displays the desktop of the novice's machine. The expert views the desktop in a read-only window and exchanges messages with the novice using text chat. If the expert wants to work with objects on the novice's computer, he or she can request control.

In a slight variation of this process, the expert can initiate the Remote Assistance session, perhaps in response to a telephone plea for help from the novice. We describe both connection processes in detail in the sections that follow.

At the heart of each Remote Assistance connection is a small text file called an RA ticket. (More formally, its type is Windows Remote Assistance Invitation and its extension is .msrcincident.) This file uses encrypted data in XML fields to define the parameters of a Remote Assistance connection . When you use Windows Live Messenger to manage the connection, the RA ticket is never visible . (In fact, Messenger uses a connection string that includes only part of the RA ticket information—just enough to establish connection .) When a novice sends a Remote Assistance request via e-mail, however, the RA ticket rides along as an attachment to the message. The expert has to double-click this file to launch the Remote Assistance session .

3"

Remote Assistance vs. Remote Desktop Connection

Remote Assistance in Windows 7 uses some of the same underlying technology as Remote Desktop Connection, a program that allows you to connect to your computer from a remote location and use it as if you were sitting right in front of it. Here are some of the key differences that set these programs apart:

• In a Remote Assistance session, both users must be present at their respective computers and must agree to establish the connection. Remote Desktop Connection can be initiated from one computer without the assent of someone at the remote target computer.

• With Remote Assistance, you can connect to a computer running any edition of Windows 7 . The target (host) computer for a Remote Desktop Connection session must be running the Professional, Enterprise, or Ultimate edition. (You can initiate the connection from any Windows 7 edition. You can even initiate the connection from a web browser, which is not possible with Remote Assistance.)

• Remote Assistance provides a shared view into an existing session (that is, the users at each end see the same screen and can share control), whereas Remote Desktop Connection starts a new session on the remote computer. The remote session takes over completely, and the local user loses interactive access, seeing instead a logon screen with a label indicating the user account that is logged on from a remote location.

• In a Remote Assistance session, the remote user has the same rights and privileges as the local user. With Remote Desktop Connection, remote users can do whatever their account credentials allow them to do.

• Remote Assistance connections can be established over the internet, even when each computer is behind a different router that uses NAT. With Remote Desktop Connection, the target computer must be on the same network (including a virtual private network, or VPN) and it cannot be behind a NAT router.

These two programs, of course, are intended to serve very different needs . But their similarities sometimes make it possible to use one in place of the other.

Without the use of a relay server, Remote Assistance is able to reach computers behind nearly any NAT router. It simultaneously attempts several types of connections until it finds one that works:

• IPv4 address This type of connection is used when both computers can be directly addressed using IPv4, such as on a local area network or when both computers have public IP addresses.

• IPv6 address This type of connection is used when both computers are on an IPv6 network.

• UPnP NAT address This type of connection is used to connect through a UPnP router, which provides NAT traversal.

• NAT traversal via Teredo And this type of connection is used when all the other methods fail. After using a public Teredo server to determine NAT port mapping and to initiate communication, this connection then encapsulates IPv6 data in IPv4 packets, enabling it to tunnel through an IPv4 network.

For more information about NAT, IPv4, IPv6, and Teredo, see Chapter 17, "Setting Up a Small Office or Home Network ."

TROUBLESHOOTING

Teredo can't make a connection

If you can't make a connection and you're certain that a firewall isn't blocking the connection, be sure that UPnP is enabled on your router. (See the instructions for your router for details . If you no longer have the manual, check the manufacturer's website .) Teredo doesn't work with routers that use symmetric NAT. To find out if you have an incompatible router, at a command prompt type netsh interface teredo show state. (This can be abbreviated as netsh int ter sho st.) If the Type line shows Symmetric or Port Restricted, your best bet is UPnP.

With the Windows XP version of Remote Assistance, connecting two systems behind NAT routers was difficult at best. Trying to explain to an inexperienced user who's already flustered because of computer problems all the complex configuration steps needed to bypass NAT made Remote Assistance impractical for most such setups . NAT is a great system for extending the limited number of available IP addresses and for securing computers on a small network. But it is the bane of users trying to make peer-to-peer connections, whether for voice, video, gaming—or Remote Assistance . Now, the only obstacle to end-to-end connections for Remote Assistance on computers running Windows Vista or Windows 7 is a firewall

Windows Firewall has an exception defined for Remote Assistance . (An exception is a group of rules that enable an application to communicate through the firewall.) By default, the exception is enabled only for private networks, such as a workgroup in a home or small office. The exception is disabled for public networks (such as an internet cafe or public Wi-Fi hotspot) and for domain networks . If you try to make a Remote Assistance connection when the exception is disabled, you'll see a message like the one shown in Figure 3-4.

3"

a T3

Figure 3-4 If you see this message, you need to enable the Remote Assistance exception in Windows Firewall .

To correct the problem, click Repair. The troubleshooter will figure out what's wrong and then present a Try These Repairs As An Administrator link. Click that link, give the trouble-shooter a moment or two to carry out the necessary repair, and you should be good to go . If the troubleshooter for any reason doesn't perform as expected, open Windows Firewall. In the left pane, click Allow A Program Or Feature Through Windows Firewall. Then click Change Settings (requires administrator privileges), select Remote Assistance, and click OK.

INSIDE OUT Know the rules

The specific rules that make up the Remote Assistance exception vary depending on the profile type. For example, UPnP connections are enabled only in the private and domain profiles—not in the profile for public networks. Teredo connections are enabled only in the private and public profiles to prevent its use on corporate domains. The domain profile contains additional rules that enable help-desk personnel to offer assistance using Distributed Component Object Model (DCOM). You might want to examine the rules that define the Remote Assistance exception, whether it's to satisfy your innate curiosity or to configure comparable rules for a third-party firewall. To do so, follow these steps:

1. Open Windows Firewall With Advanced Security.

2. In the console tree, select Inbound Rules or Outbound Rules.

3. In the actions pane, click Filter By Group, Filter By Remote Assistance.

4. In the details pane, double-click a rule to review its specifics.

Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook


Post a comment