Remote Assistance is the type of feature that can save an administrator literally hundreds of hours in any given year because troubleshooting with this feature remotely frees you up from having to get over to each specific user to see what the problems are. Many companies are using Remote Assistance as a tool for training users at remote locations how to use complex applications. Remote Assistance is being used today for its primary purpose, which is the troubleshooting of problems, but is also increasingly being used for handling the difficult task of completing training at remote locations. Given the pressure to reduce travel expenses in many companies, Remote Assistance has actually found a new use in training departments as well.
The most important aspects of Remote Assistance are the access levels granted by users to administrators. By default, you can have the initial install of Windows XP have specific features of Remote Assistance turned on. The default configuration of Windows XP Professional is configured to allow for an administrator to view and control other XP systems on a given shared network.
On the user side of Remote Assistance, any user can send an invitation of support to either internal or external systems. Obviously, this presents a security concern for companies because their users can easily go outside of their organizations and give other computers access to and control of internal applications and files. This capability to send invitations for support outside of a company is a security shortcoming of Remote Assistance. Although Microsoft contends that having administrators with simply view and not control access is the answer, clearly that is not enough.
If you plan to use Remote Assistance in your company, be sure that all systems are behind both a firewall and proxy server, and ensure that administrator status is set for view only by default. Third, be sure to have each system configured with passwords on all accounts and also have NTFS-based partitions. This may sound like overkill, but it's better to have these safeguards in place because Remote Assistance does have the potential to compromise your desktops if you don't take any action at all.
Configuring Remote Assistance Securely
To configure Remote Assistance on a Windows XP system, follow these steps:
Double-click on the System utility in the Control Panel.
Click once on the Remote tab. This is the page of the System utility that includes the tools for configuring Remote Assistance on a system.
Click once on Allow Remote Assistance Invitations to be sent from this computer (see Figure 1).
Figure 1 The Remote tab of System utility includes the options for configuring Remote Assistance invitations.
Click Advanced. The Remote Assistance Settings dialog box appears.
If you are configuring a system to be both viewed and controlled, click once on Allow this computer to be controlled remotely. Keep in mind that without other security controls, this will allow the computer being configured to send invitations outside your company and have the desktop controlled. Many administrators wait until the actual sessions to begin before having the user turn this on.
To have view-only access enabled on the computer being configured, leave the option Allow this computer to be controlled remotely unchecked.
Next, the specifics on the invitations need to be defined. You can define invitations options to control the maximum time window for invitations. Because this option defines how "open" the desktop is to a potential security breach, you can define from minutes to days how long the invitation needs to be open. Again, system administrators typically work with a user to define an invitation of 30 minutes for most problems, selecting one hour for more complex ones. It is very uncommon to find an invitation open for days; it's a good idea to stay away from multiple days due to the potential for security breach on a computer.
Click OK twice after configuring invitation and other Remote Assistance options.