Sign in with
Sign up | Sign in
Your question

Remote Assistance Helpesk scenario

Last response: in Windows XP
Share
Anonymous
August 8, 2005 10:37:01 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

We currently use PC Anywhere where we as helpdesk operators are able to take
control of an existing session on a remote PC without user interaction.

This is protected by way of authentication in the PC Anywhere client using
Windows Authentication and so is secure.

The drawback however is that it is slow compared to RDP.

Remote assistance, through policy, requires TWO methods of authentication -
first enabling the policy to allow remote offers to be sent, and *then*
having to specify the allowed users and grous, yet the user still must accept
the offer for remote assistance... This I cannot understand.

In this article
(http://www.microsoft.com/technet/itsolutions/msit/deplo...), MS
itself states that it added this policy to reduce the time taken to get hold
of the machine due to the user previously having to first create the invite.

Why not have an additional policy which allows up to take control of the
machine without user intervention? There are already two methods of
protection to stop unauthorised access.

Sometimes this MS security push really sacrifices usability. There are many
situations where helpdesk staff would like to get hold of an *existing*
session, however don't want to have to worry about the user having to accept
it first.. In most cases they have already rung up to indicate a problem, so
why make them have to again allow us to take hold of their machine? In
others, the user is not in attendance and has left the machine in its current
state for us to inspect, such as after hours or at lunch breaks.

It just doesn't make sense that we are able to set global security settings
throughout our coporation through policy which over-rides everything, yet can
be over-riden by a user simply clicking a box?

Are MS thinking of releasing a commercial product to rival other products
which already offer this is as standard functionality? If that why we can't
do this?
August 9, 2005 7:17:01 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I absolutely agree and would question what MS is thinking here. I would be
extremely interested to know if MS is planning to add this functionality to
XP, because if helpdesk could remotely access the client through termsrv
(remote assistance), why bother to use any other product? RA is just a
morphed version of Terminal Services. Why not go all the way for
administrators?

We are currently looking into available solutions for our remote desktop
software, and I only wish we could use the MS tools. But they are not there
yet, as was stated.

In the meantime, we will in all likelyhood re-license Remote
Administrator(radmin) because of it's speed and security. there is a
noticable hit on the procesor of the remote computer, but it is more
responsive than pcanywhere was for us.

"Bunce" wrote:

> We currently use PC Anywhere where we as helpdesk operators are able to take
> control of an existing session on a remote PC without user interaction.
>
> This is protected by way of authentication in the PC Anywhere client using
> Windows Authentication and so is secure.
>
> The drawback however is that it is slow compared to RDP.
>
> Remote assistance, through policy, requires TWO methods of authentication -
> first enabling the policy to allow remote offers to be sent, and *then*
> having to specify the allowed users and grous, yet the user still must accept
> the offer for remote assistance... This I cannot understand.
>
> In this article
> (http://www.microsoft.com/technet/itsolutions/msit/deplo...), MS
> itself states that it added this policy to reduce the time taken to get hold
> of the machine due to the user previously having to first create the invite.
>
> Why not have an additional policy which allows up to take control of the
> machine without user intervention? There are already two methods of
> protection to stop unauthorised access.
>
> Sometimes this MS security push really sacrifices usability. There are many
> situations where helpdesk staff would like to get hold of an *existing*
> session, however don't want to have to worry about the user having to accept
> it first.. In most cases they have already rung up to indicate a problem, so
> why make them have to again allow us to take hold of their machine? In
> others, the user is not in attendance and has left the machine in its current
> state for us to inspect, such as after hours or at lunch breaks.
>
> It just doesn't make sense that we are able to set global security settings
> throughout our coporation through policy which over-rides everything, yet can
> be over-riden by a user simply clicking a box?
>
> Are MS thinking of releasing a commercial product to rival other products
> which already offer this is as standard functionality? If that why we can't
> do this?
!