How to Manage or Prevent Remote Assistance on Users Computers

Administrators may wish to manage or prevent employees from using Remote Assistance, especially in a tightly managed corporate environment.

To do this, administrators use the policy Solicited Remote Assistance located in the Group Policy Snap-in (Computer Configuration\Administrative Templates\System\Remote Assistance), as shown in Figure 1 below.

Figure 1. Managing Remote Assistance via Group Policy

Solicited remote assistance is where the user of a computer explicitly requests help from another party (who is termed an 'expert').

Managing Remote Assistance

When Solicited Remote Assistance is enabled, solicited remote assistance is enabled to any computer subject to the Group Policy Object (GPO) affected by the setting. A user can request help and an expert can connect to the computer.

Note Sending a help request does not explicitly give the expert permission to connect to the computer and/or control it. When the expert tries to connect, the user will still be given a chance to accept or deny the connection (giving the expert view-only privileges to the user's desktop) and will afterward have to explicitly click a button to give the expert the ability to remotely control the desktop if remote control is enabled.

If the setting is enabled, there are other configuration options available as well:

  • Allow buddy support. Checking this checkbox means that a user can request help from other individual users (friends, coworkers, etc. via e-mail, instant messenger, etc.) as well as via an official channel set up by an software or hardware vendor, corporate helpdesk, etc. Unchecking this box means that a user can only request help through an official channel.

  • Permit remote control of this computer. This selection allows you to choose whether an expert will be able to remotely control the computer or whether the expert is only allowed to remotely view the user's desktop.

  • Maximum ticket time. these two settings control the maximum time a user can have a help request be valid. When the ticket (help request) expires, the user must send another request before an expert can connect to the computer.

Preventing Remote Assistance

When Solicited Remote Assistance is disabled, a user cannot send a request for assistance and an expert cannot connect to the computer in response to a user request.

When this setting is not-configured, the individual user will be able to configure solicited remote assistance via the control panel. The default settings via the control panel are: solicited remote assistance is enabled, buddy support is enabled, remote control is enabled, and the maximum ticket time is 30 days.