Shadowing in a Domain Environment..

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Looking over the following articles:

http://ask.slashdot.org/comments.pl?sid=126314&cid=10574052
and
http://snipurl.com/b7v0

The implications are that in a Domain environment, with the correct registry
settings on the domain computers:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
Value Name: AllowRemoteRPC
Value Type: DWORD Value
Value Data: 1

One could initiate a shadow session with a domain member without permission
from the logged on user. This is accomplished (correct me if I am wrong) by
the following steps:

1. From a Windows XP/2003 computer in the domain, use remote desktop to
connect to any other Windows XP/2003 computer in the domain.

2. From the remote desktop, issue this command:
shadow 0 /server:COMPUTERNAME
(Where COMPUTERNAME is the NetBIOS name, IP or FQDN of the computer you
wish to connect to and help the user who is locally logged onto it.)

3. Shortly, you should have a shadow'd session with the third computer.

My understanding was that if the above was followed, it should work as
advertised.

I would like to ask if there are other caveats I left out or if there are
steps I took to the extreme?

For example:

- Is it necessary for the first computer you are remoting WITH to be in the
domain?
- If the user on the third (to be shadowed) computer is an administrator,
will they be asked for permission?
- Does "Offer Remote Assistance" also need to be enabled on the domain to
accomplish the shadow or does that have no bearing on the outcome?

My experience so far has been (admittedly, I just finally tried it today)
that even though I can offer remote assistance on my domain and it asks the
end-user for their permission - when I try the shadowing trick, it is still
asking the end-user for their permission.

Not that I see anything WRONG with the above scenario - in most cases,
asking permission is the way it likely should happen, for legal reasons.
However, I would like comments from people using the shadowing now without
it asking permission.

--
<- Shenan ->
--
9 answers Last reply
More about shadowing domain environment
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Hmm - I'm going to have to test, and haven't yet. Thanks for putting both
    those links together.

    I see some issues with the information presented. I believe the whole
    shadowing discussion is in relation to Remote Desktop, and not Remote
    Assistance--I expect Remote Assistance to ALWAYS require an assent from the
    user at the workstation you are assisting--Offer Remote Assistance just
    removes the need for the invitation token, not the assent.

    Whether a second RD session is possible in XP SP2 is controversial--my
    understanding is that such a session is used by Media Center Extender
    devices, but that it is carefully restricted in some way so that it isn't
    useful unless you are such a device. I've never met one of these critters,
    so I don't know more.

    I'm interested in this, but can't guess when I'll get to actually trying it
    out--I've got meetings tonight and a childe home sick.


    "Shenan Stanley" <news_helper@hushmail.com> wrote in message
    news:%23IsJL6U3EHA.1400@TK2MSFTNGP11.phx.gbl...
    > Looking over the following articles:
    >
    > http://ask.slashdot.org/comments.pl?sid=126314&cid=10574052
    > and
    > http://snipurl.com/b7v0
    >
    > The implications are that in a Domain environment, with the correct
    > registry settings on the domain computers:
    >
    > Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
    > Value Name: AllowRemoteRPC
    > Value Type: DWORD Value
    > Value Data: 1
    >
    > One could initiate a shadow session with a domain member without
    > permission from the logged on user. This is accomplished (correct me if I
    > am wrong) by the following steps:
    >
    > 1. From a Windows XP/2003 computer in the domain, use remote desktop to
    > connect to any other Windows XP/2003 computer in the domain.
    >
    > 2. From the remote desktop, issue this command:
    > shadow 0 /server:COMPUTERNAME
    > (Where COMPUTERNAME is the NetBIOS name, IP or FQDN of the computer you
    > wish to connect to and help the user who is locally logged onto it.)
    >
    > 3. Shortly, you should have a shadow'd session with the third computer.
    >
    > My understanding was that if the above was followed, it should work as
    > advertised.
    >
    > I would like to ask if there are other caveats I left out or if there are
    > steps I took to the extreme?
    >
    > For example:
    >
    > - Is it necessary for the first computer you are remoting WITH to be in
    > the domain?
    > - If the user on the third (to be shadowed) computer is an administrator,
    > will they be asked for permission?
    > - Does "Offer Remote Assistance" also need to be enabled on the domain to
    > accomplish the shadow or does that have no bearing on the outcome?
    >
    > My experience so far has been (admittedly, I just finally tried it today)
    > that even though I can offer remote assistance on my domain and it asks
    > the end-user for their permission - when I try the shadowing trick, it is
    > still asking the end-user for their permission.
    >
    > Not that I see anything WRONG with the above scenario - in most cases,
    > asking permission is the way it likely should happen, for legal reasons.
    > However, I would like comments from people using the shadowing now without
    > it asking permission.
    >
    > --
    > <- Shenan ->
    > --
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Shenan Stanley wrote:
    > Looking over the following articles:
    >
    > http://ask.slashdot.org/comments.pl?sid=126314&cid=10574052
    > and
    > http://snipurl.com/b7v0
    >
    > The implications are that in a Domain environment, with the correct
    > registry settings on the domain computers:
    >
    > Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
    > Server Value Name: AllowRemoteRPC
    > Value Type: DWORD Value
    > Value Data: 1
    >
    > One could initiate a shadow session with a domain member without
    > permission from the logged on user. This is accomplished (correct
    > me if I am wrong) by the following steps:
    >
    > 1. From a Windows XP/2003 computer in the domain, use remote desktop
    > to connect to any other Windows XP/2003 computer in the domain.
    >
    > 2. From the remote desktop, issue this command:
    > shadow 0 /server:COMPUTERNAME
    > (Where COMPUTERNAME is the NetBIOS name, IP or FQDN of the computer
    > you wish to connect to and help the user who is locally logged onto
    > it.)
    > 3. Shortly, you should have a shadow'd session with the third
    > computer.
    > My understanding was that if the above was followed, it should work
    > as advertised.
    >
    > I would like to ask if there are other caveats I left out or if
    > there are steps I took to the extreme?
    >
    > For example:
    >
    > - Is it necessary for the first computer you are remoting WITH to be
    > in the domain?
    > - If the user on the third (to be shadowed) computer is an
    > administrator, will they be asked for permission?
    > - Does "Offer Remote Assistance" also need to be enabled on the
    > domain to accomplish the shadow or does that have no bearing on the
    > outcome?
    > My experience so far has been (admittedly, I just finally tried it
    > today) that even though I can offer remote assistance on my domain
    > and it asks the end-user for their permission - when I try the
    > shadowing trick, it is still asking the end-user for their
    > permission.
    > Not that I see anything WRONG with the above scenario - in most
    > cases, asking permission is the way it likely should happen, for
    > legal reasons. However, I would like comments from people using the
    > shadowing now without it asking permission.

    Bill Sanderson wrote:
    > Hmm - I'm going to have to test, and haven't yet. Thanks for putting
    > both those links together.
    >
    > I see some issues with the information presented. I believe the whole
    > shadowing discussion is in relation to Remote Desktop, and not Remote
    > Assistance--I expect Remote Assistance to ALWAYS require an assent
    > from the user at the workstation you are assisting--Offer Remote
    > Assistance just removes the need for the invitation token, not the
    > assent.
    > Whether a second RD session is possible in XP SP2 is controversial--my
    > understanding is that such a session is used by Media Center Extender
    > devices, but that it is carefully restricted in some way so that it
    > isn't useful unless you are such a device. I've never met one of
    > these critters, so I don't know more.
    >
    > I'm interested in this, but can't guess when I'll get to actually
    > trying it out--I've got meetings tonight and a childe home sick.

    Hey.. I appreciate the response. Whenever you get to it, that would be
    great.. I may be able to do further testing tomorrow myself. I will post
    whatever happens.

    I believe you are correct about Remote Assistance and Remote Desktop being
    separate issues, it was just the same "acknowledgement request" on the
    client that made me connect them together this time.

    Maybe someone else who has already tried this (or better yet - has it
    working?) might respond to both of us. =)

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Shenan Stanley wrote:
    > Looking over the following articles:
    >
    > http://ask.slashdot.org/comments.pl?sid=126314&cid=10574052
    > and
    > http://snipurl.com/b7v0
    >
    > The implications are that in a Domain environment, with the correct
    > registry settings on the domain computers:
    >
    > Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
    > Server Value Name: AllowRemoteRPC
    > Value Type: DWORD Value
    > Value Data: 1
    >
    > One could initiate a shadow session with a domain member without
    > permission from the logged on user. This is accomplished (correct
    > me if I am wrong) by the following steps:
    >
    > 1. From a Windows XP/2003 computer in the domain, use remote desktop
    > to connect to any other Windows XP/2003 computer in the domain.
    >
    > 2. From the remote desktop, issue this command:
    > shadow 0 /server:COMPUTERNAME
    > (Where COMPUTERNAME is the NetBIOS name, IP or FQDN of the computer
    > you wish to connect to and help the user who is locally logged onto
    > it.)
    > 3. Shortly, you should have a shadow'd session with the third
    > computer.
    > My understanding was that if the above was followed, it should work
    > as advertised.
    >
    > I would like to ask if there are other caveats I left out or if
    > there are steps I took to the extreme?
    >
    > For example:
    >
    > - Is it necessary for the first computer you are remoting WITH to be
    > in the domain?
    > - If the user on the third (to be shadowed) computer is an
    > administrator, will they be asked for permission?
    > - Does "Offer Remote Assistance" also need to be enabled on the
    > domain to accomplish the shadow or does that have no bearing on the
    > outcome?
    > My experience so far has been (admittedly, I just finally tried it
    > today) that even though I can offer remote assistance on my domain
    > and it asks the end-user for their permission - when I try the
    > shadowing trick, it is still asking the end-user for their
    > permission.
    > Not that I see anything WRONG with the above scenario - in most
    > cases, asking permission is the way it likely should happen, for
    > legal reasons. However, I would like comments from people using the
    > shadowing now without it asking permission.

    Bill Sanderson wrote:
    > Hmm - I'm going to have to test, and haven't yet. Thanks for putting
    > both those links together.
    >
    > I see some issues with the information presented. I believe the
    > whole shadowing discussion is in relation to Remote Desktop, and not
    > Remote Assistance--I expect Remote Assistance to ALWAYS require an
    > assent from the user at the workstation you are assisting--Offer
    > Remote Assistance just removes the need for the invitation token,
    > not the assent.
    > Whether a second RD session is possible in XP SP2 is
    > controversial--my understanding is that such a session is used by
    > Media Center Extender devices, but that it is carefully restricted
    > in some way so that it isn't useful unless you are such a device. I've
    > never met one of these critters, so I don't know more.
    >
    > I'm interested in this, but can't guess when I'll get to actually
    > trying it out--I've got meetings tonight and a childe home sick.

    Shenan Stanley wrote:
    > Hey.. I appreciate the response. Whenever you get to it, that would
    > be great.. I may be able to do further testing tomorrow myself. I
    > will post whatever happens.
    >
    > I believe you are correct about Remote Assistance and Remote Desktop
    > being separate issues, it was just the same "acknowledgement request"
    > on the client that made me connect them together this time.
    >
    > Maybe someone else who has already tried this (or better yet - has it
    > working?) might respond to both of us. =)


    I didn't get to test much, but I can say that the "acknowledgement requet"
    received on the client when shadowing is DEFINITELY not the same as one
    received when offering Remote Assistance.

    What I cannot understand is the inability to shadow without asking the user.
    I tried it with the third party being an admin and without. Both times it
    asked.

    Could it be that one of the computers in the line is Windows Server 2003 and
    not Windows XP? The server *is* a member server. I have not tried using a
    DC as the first remote computer then shadowing from there to the third PC
    yet - but that sounds like it would be stretching reason.

    I also cannot actually see it making a difference whether the first remote
    session is made to a Windows 2003 or Windows XP machine. As long as it is
    XP or later and all machines involved are in the domain..

    I was hoping either Christian Camacho or Jeffrey Randow would jump in here
    and perhaps tell me the missing component, as it is their 11/15/2004 -
    12/6/2004 thread titled "Shadwo no longer work with WixXP SP2" (Typos and
    all, heh) that really got me to a breaking point on trying this out - and
    the two links I referred to. I am GUESSING they have it working in a domain
    environment as we discuss this. =)

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Did you set the appropriate user permission in the active directory
    account? You must enable remote access there in order to connect
    without user approval...
    ---
    Jeffrey Randow (Windows Networking MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows Network Technology Community -
    http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
    Windows Home Networking Community -
    http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

    On Fri, 10 Dec 2004 17:17:48 -0600, "Shenan Stanley"
    <news_helper@hushmail.com> wrote:

    >Shenan Stanley wrote:
    >> Looking over the following articles:
    >>
    >> http://ask.slashdot.org/comments.pl?sid=126314&cid=10574052
    >> and
    >> http://snipurl.com/b7v0
    >>
    >> The implications are that in a Domain environment, with the correct
    >> registry settings on the domain computers:
    >>
    >> Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
    >> Server Value Name: AllowRemoteRPC
    >> Value Type: DWORD Value
    >> Value Data: 1
    >>
    >> One could initiate a shadow session with a domain member without
    >> permission from the logged on user. This is accomplished (correct
    >> me if I am wrong) by the following steps:
    >>
    >> 1. From a Windows XP/2003 computer in the domain, use remote desktop
    >> to connect to any other Windows XP/2003 computer in the domain.
    >>
    >> 2. From the remote desktop, issue this command:
    >> shadow 0 /server:COMPUTERNAME
    >> (Where COMPUTERNAME is the NetBIOS name, IP or FQDN of the computer
    >> you wish to connect to and help the user who is locally logged onto
    >> it.)
    >> 3. Shortly, you should have a shadow'd session with the third
    >> computer.
    >> My understanding was that if the above was followed, it should work
    >> as advertised.
    >>
    >> I would like to ask if there are other caveats I left out or if
    >> there are steps I took to the extreme?
    >>
    >> For example:
    >>
    >> - Is it necessary for the first computer you are remoting WITH to be
    >> in the domain?
    >> - If the user on the third (to be shadowed) computer is an
    >> administrator, will they be asked for permission?
    >> - Does "Offer Remote Assistance" also need to be enabled on the
    >> domain to accomplish the shadow or does that have no bearing on the
    >> outcome?
    >> My experience so far has been (admittedly, I just finally tried it
    >> today) that even though I can offer remote assistance on my domain
    >> and it asks the end-user for their permission - when I try the
    >> shadowing trick, it is still asking the end-user for their
    >> permission.
    >> Not that I see anything WRONG with the above scenario - in most
    >> cases, asking permission is the way it likely should happen, for
    >> legal reasons. However, I would like comments from people using the
    >> shadowing now without it asking permission.
    >
    > Bill Sanderson wrote:
    >> Hmm - I'm going to have to test, and haven't yet. Thanks for putting
    >> both those links together.
    >>
    >> I see some issues with the information presented. I believe the
    >> whole shadowing discussion is in relation to Remote Desktop, and not
    >> Remote Assistance--I expect Remote Assistance to ALWAYS require an
    >> assent from the user at the workstation you are assisting--Offer
    >> Remote Assistance just removes the need for the invitation token,
    >> not the assent.
    >> Whether a second RD session is possible in XP SP2 is
    >> controversial--my understanding is that such a session is used by
    >> Media Center Extender devices, but that it is carefully restricted
    >> in some way so that it isn't useful unless you are such a device. I've
    >> never met one of these critters, so I don't know more.
    >>
    >> I'm interested in this, but can't guess when I'll get to actually
    >> trying it out--I've got meetings tonight and a childe home sick.
    >
    >Shenan Stanley wrote:
    >> Hey.. I appreciate the response. Whenever you get to it, that would
    >> be great.. I may be able to do further testing tomorrow myself. I
    >> will post whatever happens.
    >>
    >> I believe you are correct about Remote Assistance and Remote Desktop
    >> being separate issues, it was just the same "acknowledgement request"
    >> on the client that made me connect them together this time.
    >>
    >> Maybe someone else who has already tried this (or better yet - has it
    >> working?) might respond to both of us. =)
    >
    >
    >I didn't get to test much, but I can say that the "acknowledgement requet"
    >received on the client when shadowing is DEFINITELY not the same as one
    >received when offering Remote Assistance.
    >
    >What I cannot understand is the inability to shadow without asking the user.
    >I tried it with the third party being an admin and without. Both times it
    >asked.
    >
    >Could it be that one of the computers in the line is Windows Server 2003 and
    >not Windows XP? The server *is* a member server. I have not tried using a
    >DC as the first remote computer then shadowing from there to the third PC
    >yet - but that sounds like it would be stretching reason.
    >
    >I also cannot actually see it making a difference whether the first remote
    >session is made to a Windows 2003 or Windows XP machine. As long as it is
    >XP or later and all machines involved are in the domain..
    >
    >I was hoping either Christian Camacho or Jeffrey Randow would jump in here
    >and perhaps tell me the missing component, as it is their 11/15/2004 -
    >12/6/2004 thread titled "Shadwo no longer work with WixXP SP2" (Typos and
    >all, heh) that really got me to a breaking point on trying this out - and
    >the two links I referred to. I am GUESSING they have it working in a domain
    >environment as we discuss this. =)
    >
    >--
    ><- Shenan ->
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    See inline...
    ---
    Jeffrey Randow (Windows Networking MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows Network Technology Community -
    http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
    Windows Home Networking Community -
    http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

    On Wed, 8 Dec 2004 11:51:22 -0600, "Shenan Stanley"
    <news_helper@hushmail.com> wrote:


    >
    >- Is it necessary for the first computer you are remoting WITH to be in the
    >domain?

    You must have the appropriate domain priveleges... I would say yes
    since trying to accomplish this in a non-domain environment would be a
    bit difficult...

    >- If the user on the third (to be shadowed) computer is an administrator,
    >will they be asked for permission?

    Not if the appropriate permissions are applied in the AD user
    account.. At least I have been able to shadow a fellow admin at the
    office without his permission...

    >- Does "Offer Remote Assistance" also need to be enabled on the domain to
    >accomplish the shadow or does that have no bearing on the outcome?
    >

    Remote Assistance has no effect on Shadowing.. Shadowing is a
    terminal services feature...
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Comments/Questions inline..

    >> - Is it necessary for the first computer you are remoting WITH to be
    >> in the domain?
    >
    > You must have the appropriate domain priveleges... I would say yes
    > since trying to accomplish this in a non-domain environment would be a
    > bit difficult...

    You misunderstand, I think.

    Three computers.
    (1) Originating - one I am sitting in front of.
    (2) Mediator of sorts, the first to be remoted into.
    (3) The destination, the machine I am attempting to shadow.

    Do ALL machines have to be in the domain? If I use MSTSC on machine (1) -
    and it is NOT in said domain - and connect to machine (2) (which is in the
    domain) and from there use the SHADOW command to connect to the final
    machine (3) (also in the domain) - will it work?

    >> - If the user on the third (to be shadowed) computer is an
    >> administrator, will they be asked for permission?
    >
    > Not if the appropriate permissions are applied in the AD user
    > account.. At least I have been able to shadow a fellow admin at the
    > office without his permission...

    I am assuming the "appropriate permissions" would be in the Active Directory
    User properties.. Remote Control tab.. "Enable remote control" and uncheck
    "Require user's permission" and then choose the proper level of control?

    >> - Does "Offer Remote Assistance" also need to be enabled on the
    >> domain to accomplish the shadow or does that have no bearing on the
    >> outcome?
    >
    > Remote Assistance has no effect on Shadowing.. Shadowing is a
    > terminal services feature...

    Yes - I figured this out in a later response, but thank you for verifying
    this.

    I believe with this additional point, I may have it completely figured out.
    If it works, I think I will post back everything I have learned here - it
    might help someone else utilize this as well.

    Thanks for the response!

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
  7. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Shenan Stanley wrote:
    > Comments/Questions inline..
    >
    >>> - Is it necessary for the first computer you are remoting WITH to be
    >>> in the domain?
    >>
    >> You must have the appropriate domain priveleges... I would say yes
    >> since trying to accomplish this in a non-domain environment would be
    >> a bit difficult...
    >
    > You misunderstand, I think.
    >
    > Three computers.
    > (1) Originating - one I am sitting in front of.
    > (2) Mediator of sorts, the first to be remoted into.
    > (3) The destination, the machine I am attempting to shadow.
    >
    > Do ALL machines have to be in the domain? If I use MSTSC on machine
    > (1) - and it is NOT in said domain - and connect to machine (2)
    > (which is in the domain) and from there use the SHADOW command to
    > connect to the final machine (3) (also in the domain) - will it work?
    >
    >>> - If the user on the third (to be shadowed) computer is an
    >>> administrator, will they be asked for permission?
    >>
    >> Not if the appropriate permissions are applied in the AD user
    >> account.. At least I have been able to shadow a fellow admin at the
    >> office without his permission...
    >
    > I am assuming the "appropriate permissions" would be in the Active
    > Directory User properties.. Remote Control tab.. "Enable remote
    > control" and uncheck "Require user's permission" and then choose the
    > proper level of control?
    >>> - Does "Offer Remote Assistance" also need to be enabled on the
    >>> domain to accomplish the shadow or does that have no bearing on the
    >>> outcome?
    >>
    >> Remote Assistance has no effect on Shadowing.. Shadowing is a
    >> terminal services feature...
    >
    > Yes - I figured this out in a later response, but thank you for
    > verifying this.
    >
    > I believe with this additional point, I may have it completely
    > figured out. If it works, I think I will post back everything I have
    > learned here - it might help someone else utilize this as well.
    >
    > Thanks for the response!

    Unfortunately - still a no-go.

    Changed the permissions I thought you meant (described above) and tried
    again.. Still asks the user if they wish to allow it. Tried on three
    different domain PCS (as the last PC - the one I was attempting to shadow)
    and on two different Windows XP boxes as intermediaries as well as one
    Windows Server 2003 box as an intermediary. Tried as regular users, domain
    admins and even went full out as Domain/Enterprise admin - all cases - user
    is asked if they wish to allow access to their computer by whichever user I
    am attempting to use to shadow the session.

    Was I incorrect in my assumption on the locations of the "permissions" you
    meant?
    Is there something other than the registry entries and the likes I should
    know about (not mentioned before in this thread?)

    I would really like to see this work, as it seems others do have it working.

    --
    <- Shenan ->
    --
  8. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Are you trying to interact or view the session? If you are viewing,
    then the permissions you mentioned are adequate....
    ---
    Jeffrey Randow (Windows Networking MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows Network Technology Community -
    http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
    Windows Home Networking Community -
    http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

    On Wed, 22 Dec 2004 15:36:14 -0600, "Shenan Stanley"
    <news_helper@hushmail.com> wrote:

    >Shenan Stanley wrote:
    >> Comments/Questions inline..
    >>
    >>>> - Is it necessary for the first computer you are remoting WITH to be
    >>>> in the domain?
    >>>
    >>> You must have the appropriate domain priveleges... I would say yes
    >>> since trying to accomplish this in a non-domain environment would be
    >>> a bit difficult...
    >>
    >> You misunderstand, I think.
    >>
    >> Three computers.
    >> (1) Originating - one I am sitting in front of.
    >> (2) Mediator of sorts, the first to be remoted into.
    >> (3) The destination, the machine I am attempting to shadow.
    >>
    >> Do ALL machines have to be in the domain? If I use MSTSC on machine
    >> (1) - and it is NOT in said domain - and connect to machine (2)
    >> (which is in the domain) and from there use the SHADOW command to
    >> connect to the final machine (3) (also in the domain) - will it work?
    >>
    >>>> - If the user on the third (to be shadowed) computer is an
    >>>> administrator, will they be asked for permission?
    >>>
    >>> Not if the appropriate permissions are applied in the AD user
    >>> account.. At least I have been able to shadow a fellow admin at the
    >>> office without his permission...
    >>
    >> I am assuming the "appropriate permissions" would be in the Active
    >> Directory User properties.. Remote Control tab.. "Enable remote
    >> control" and uncheck "Require user's permission" and then choose the
    >> proper level of control?
    >>>> - Does "Offer Remote Assistance" also need to be enabled on the
    >>>> domain to accomplish the shadow or does that have no bearing on the
    >>>> outcome?
    >>>
    >>> Remote Assistance has no effect on Shadowing.. Shadowing is a
    >>> terminal services feature...
    >>
    >> Yes - I figured this out in a later response, but thank you for
    >> verifying this.
    >>
    >> I believe with this additional point, I may have it completely
    >> figured out. If it works, I think I will post back everything I have
    >> learned here - it might help someone else utilize this as well.
    >>
    >> Thanks for the response!
    >
    >Unfortunately - still a no-go.
    >
    >Changed the permissions I thought you meant (described above) and tried
    >again.. Still asks the user if they wish to allow it. Tried on three
    >different domain PCS (as the last PC - the one I was attempting to shadow)
    >and on two different Windows XP boxes as intermediaries as well as one
    >Windows Server 2003 box as an intermediary. Tried as regular users, domain
    >admins and even went full out as Domain/Enterprise admin - all cases - user
    >is asked if they wish to allow access to their computer by whichever user I
    >am attempting to use to shadow the session.
    >
    >Was I incorrect in my assumption on the locations of the "permissions" you
    >meant?
    >Is there something other than the registry entries and the likes I should
    >know about (not mentioned before in this thread?)
    >
    >I would really like to see this work, as it seems others do have it working.
    >
    >--
    ><- Shenan ->
  9. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Jeffrey Randow (MVP) wrote:
    > Are you trying to interact or view the session? If you are viewing,
    > then the permissions you mentioned are adequate....

    Actually - either without having it ask would be great - but it asks
    everytime.

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
Ask a new question

Read More

Domain Computers Windows XP