Managing Remote in Vista

Windows Vista has several remote connectivity features. With Remote Assistance, invitations can be sent to support technicians, enabling them to service a computer remotely. With Remote Desktop, users can connect remotely to a computer and access its resources. In this section, you learn how to configure Remote Assistance and Remote Desktop. By default, neither the Remote Assistance feature nor the Remote Desktop feature is enabled. You must enable these features manually.

In Windows Vista, Remote Assistance and Remote Desktop have been enhanced so that they are faster, use less bandwidth, and can function through Network Address Translation (NAT) firewalls. Remote Assistance also has built-in diagnostic tools. To allow for easier troubleshooting and escalation of support issues, two different support staff can connect to a remote computer simultaneously. When troubleshooting requires restarting the computer, Remote Assistance sessions are reestablished automatically after the computer being diagnosed reboots.

Configuring Remote Assistance

Remote Assistance is a useful feature for help desks, whether in-house or outsourced. A user can allow support personnel to both view and take control of his or her desktop. This feature can be used to walk users through a complex process or to manage system settings while they watch the progress of the changes. The key to Remote Assistance is in the access levels you grant.

By default, when enabled, Remote Assistance is configured to enable support personnel to view and control computers. Because users can send assistance invitations to internal and external resources, this could present a security concern for organizations. To reduce potential security problems, you might want to allow support staff to view but not control computers. A new restriction for Windows Vista is to allow only connections from computers running Windows Vista or later. This option is helpful to limit any possible compatibility issues and ensure any security enhancements in Windows Vista or later operating systems are available within Remote Assistance sessions.

Another key aspect of Remote Assistance you can control is the time limit for invitations. The default maximum time limit is 8 hours; the absolute maximum time limit you can assign is 30 days. Although the intent of a multiple-day invitation is to give support personnel a time window in which to respond to requests, it also means that they could use an invitation to access a computer over a period of 30 days. For instance, suppose you send an invitation with a 30-day time limit to a support person who resolves the problem the first day. That person would then still have access to the computer for another 29 days, which wouldn't be desirable for security reasons. To reduce the risk to your systems, you'll usually want to reduce the default maximum time limit considerably—say, to 1 hour. If the problem were not solved in the allotted time period, you could issue another invitation.

To configure Remote Assistance, follow these steps:

1. In Control Panel, click System And Maintenance and then click System.

2. On the System page, click Remote Settings in the left pane. This opens the System Properties dialog box to the Remote tab, as shown in Figure 1.

   
   Figure 1: Use the Remote tab options to configure remote access to the computer.

3. To disable Remote Assistance, clear the Remote Assistance Invitations Can Be Sent From This Computer check box, and then click OK. Skip the remaining steps.

4. To enable Remote Assistance, select Remote Assistance Invitations Can Be Sent From This Computer. If you want users to be able to receive Remote Assistance offers from instant messaging contacts, select the Users On This Computer Can Be Offered Remote Assistance check box.

5. Click Advanced. This displays the Remote Assistance Settings dialog box, shown in Figure 2.

   
   Figure 2: The Remote Assistance Settings dialog box is used to set limits for Remote Assistance.

6. The Allow This Computer To Be Controlled Remotely option sets limits for Remote Assistance. When selected, this setting allows assistants to view and control the computer. To provide view-only access to the computer, clear this check box.

7. The Invitations options control the maximum time window for invitations. You can set a value in minutes, hours, or days, up to a maximum of 30 days. If you set a maximum limit value of 10 days, for example, a user can create an invitation with a time limit up to but not more than 10 days. The default maximum expiration limit is 6 hours.

8. Click OK twice when you are finished configuring Remote Assistance options.

Configuring Remote Desktop Access

Unlike Remote Assistance, which provides a view of the current user's desktop, Remote Desktop provides several levels of access:

• If a user is currently logged on to the desktop locally and then tries to log on remotely, the local desktop locks automatically and the user can access all of the currently running applications just as if he or she were sitting at the keyboard. This feature is useful for users who want to work from home or other locations outside the office, enabling them to continue to work on applications and documents that they might have been using prior to leaving the office.

• If a user is listed on the workstation's Remote Access list and is not otherwise logged on, he or she can initiate a new Windows session. The Windows session behaves just as if the user were sitting at the keyboard. It can even be used when other users are also logged on to the computer. In this way, multiple users can share a single workstation and use its resources.

Remote Desktop is not enabled by default. You must specifically enable it, thereby allowing remote access to the workstation. When it is enabled, any members of the administrators group can connect to the workstation. Other users must be specifically placed on a remote access list to gain access to the workstation. To configure remote access, follow these steps:

1. In Control Panel, click System And Maintenance and then click System.

2. On the System page, click Remote Settings in the left pane. This opens the System Properties dialog box to the Remote tab.

3. To disable Remote Desktop, select Don't Allow Connections To This Computer and then click OK. Skip the remaining steps.

4. To enable Remote Desktop, you have two options. You can:

   • q Select Allow Connections From Computers Running Any Version Of Remote Desktop to allow connections from any version of Windows.

   • q Select Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication to allow connections only from Windows Vista or later computers (and computers with secure network authentication).

5. Click Select Users. This displays the Remote Desktop Users dialog box, shown in Figure 3.

   
   Figure 3: Specify the additional users allowed to make Remote Desktop connections.

6. To grant Remote Desktop access to a user, click Add. This opens the Select Users dialog box. In the Select Users dialog box, click Locations to select the computer or domain in which the users you want to work with are located. Type the name of a user you want to work with in the Enter The Object Names To Select field and then click Check Names. If matches are found, select the account you want to use and then click OK. If no matches are found, update the name you entered and try searching again. Repeat this step as necessary and click OK when finished.

7. To revoke remote access permissions for a user account, select the account and then click Remove.

8. Click OK twice when you are finished.

Making Remote Desktop Connections

As an administrator, you can make Remote Desktop connections to Windows servers and workstations. With Microsoft Windows 2000 Server, Remote Desktop connections are enabled by installing Terminal Services and then configuring Terminal Services in remote access mode. With Microsoft Windows XP Professional and later, Remote Desktop is installed automatically but not enabled until you specifically do so as discussed in the preceding section of this chapter. Once remote access is enabled on a computer, all administrators have remote access to that computer. Other users can be granted remote access as well.

To make a Remote Desktop connection to a server or workstation, follow these steps:

1. At a command prompt, type mstsc or click Start, point to All Programs, Accessories, Remote Desktop Connection. This displays the Remote Desktop Connection dialog box, shown in Figure 4.

   
   Figure 4: In the Remote Desktop Connection dialog box, type the name of the computer to which you want to connect and then click Connect.

2. In the Computer field, type the name of the computer to which you want to connect. If you don't know the name of the computer, use the drop-down list provided to choose an available computer, or select Browse For More on the drop-down list to display a list of domains and computers in those domains.

3. Click Connect. Type your credentials when prompted and then click OK. If the connection is successful, you'll see the Remote Desktop window on the selected computer and you'll be able to work with resources on the computer. In the case of a failed connection, check the information you provided and then try to connect again.

Note

Clicking Options in the Remote Desktop Connection dialog box displays additional options for creating and saving connections. These advanced options enable you to change display size for the Remote Desktop; manage connections to local resources, such as printers, serial ports, and disk drives; run programs automatically on connection; and enable or disable local caching and data compression.