Policy CSP - RemoteAssistance

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

CustomizeWarningMessages

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/CustomizeWarningMessages

This policy setting lets you customize warning messages.

The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.

The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.

  • If you enable this policy setting, the warning message you specify overrides the default message that's seen by the novice.

  • If you disable this policy setting, the user sees the default warning message.

  • If you don't configure this policy setting, the user sees the default warning message.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name RA_Options
Friendly Name Customize warning messages
Location Computer Configuration
Path System > Remote Assistance
Registry Key Name Software\policies\Microsoft\Windows NT\Terminal Services
Registry Value Name UseCustomMessages
ADMX File Name RemoteAssistance.admx

SessionLogging

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/SessionLogging

This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.

  • If you enable this policy setting, log files are generated.

  • If you disable this policy setting, log files aren't generated.

  • If you don't configure this setting, application-based settings are used.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name RA_Logging
Friendly Name Turn on session logging
Location Computer Configuration
Path System > Remote Assistance
Registry Key Name Software\policies\Microsoft\Windows NT\Terminal Services
Registry Value Name LoggingEnabled
ADMX File Name RemoteAssistance.admx

SolicitedRemoteAssistance

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/SolicitedRemoteAssistance

This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.

  • If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.

  • If you disable this policy setting, users on this computer can't use email or file transfer to ask someone for help. Also, users can't use instant messaging programs to allow connections to this computer.

  • If you don't configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.

  • If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer".

The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.

The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported.

  • If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name RA_Solicit
Friendly Name Configure Solicited Remote Assistance
Location Computer Configuration
Path System > Remote Assistance
Registry Key Name Software\policies\Microsoft\Windows NT\Terminal Services
Registry Value Name fAllowToGetHelp
ADMX File Name RemoteAssistance.admx

UnsolicitedRemoteAssistance

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/UnsolicitedRemoteAssistance

This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.

  • If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.

  • If you disable this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.

  • If you don't configure this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.

  • If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer". When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.

To configure the list of helpers, click "Show". In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:

<Domain Name>\<User Name> or.

<Domain Name>\<Group Name>

  • If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.

Windows Vista and later.

Enable the Remote Assistance exception for the domain profile. The exception must contain:

Port 135:TCP %WINDIR%\System32\msra.exe %WINDIR%\System32\raserver.exe.

Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)

Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe %WINDIR%\System32\Sessmgr.exe.

For computers running Windows Server 2003 with Service Pack 1 (SP1)

Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe.

Allow Remote Desktop Exception.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name RA_Unsolicit
Friendly Name Configure Offer Remote Assistance
Location Computer Configuration
Path System > Remote Assistance
Registry Key Name Software\policies\Microsoft\Windows NT\Terminal Services
Registry Value Name fAllowUnsolicited
ADMX File Name RemoteAssistance.admx

Policy configuration service provider