I snagged this from my notes on when we deployed XP/GPO's and RA. It
was a beating to get this to work, maybe something in this will spark a
thought on your part.
Edit the new custom GPO to have the following settings
1. CompConfig, Windows Settings, Local Policies, Security Options:
a. DCOM: Machine Access Restrictions
b. DCOM: Machine Launch Restrictions
Grant TCURAP-XYZ full control on all these rights when you define this
setting.
2. CompConfig, Windows Settings, Local Policies, User Rights
Assignments:
a. Access this computer from the network (add the TCURAP-XYZ group)
3. CompConfig, Administrative Templates, System, Remote Assistance
a. Offer Remote Assistance - Add the TCURAP-XYZ group (be sure to
include the TCU\)
4. Make sure the department has a TCU WinXP Firewall GPO with the
following entries:
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedAppl
ications\List\%systemroot%\PCHEALTH\HelpCtr\Binaries\Helpctr.exe:*:enabl
ed:Helpctr.exe
%systemroot%\PCHEALTH\HelpCtr\Binaries\Helpctr.exe:*:enabled:Helpctr.exe
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedAppl
ications\List\%systemroot%\PCHEALTH\HelpCtr\Binaries\helpsvc.exe:*:enabl
ed:helpsvc.exe
%systemroot%\PCHEALTH\HelpCtr\Binaries\helpsvc.exe:*:enabled:helpsvc.exe
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedAppl
ications\List\%systemroot%\system32\sessmgr.exe:*:enabled:sessmgr.exe
%systemroot%\system32\sessmgr.exe:*:enabled:sessmgr.exe
Bryan Lucas
Server Administrator
Texas Christian University
>
> PS: forgot to mention. XP box is a domain member, windows firewall
> disabled
>
> Mike Guest
> IT Solutions
> *HML
> *Padiham DDI: +44 (0)1282 682550
> Internal Extension: (61) 2550
>
>
------------------------------------------------------------------------
>
> *From:* Mike Guest
> *Sent:* 24 October 2006 10:30
> *To:* activedir@mail.activedir.org
> *Subject:* [ActiveDir] OT: Issue with remote assistance offers
>
> Anyone seen this before?
>
> I have an xp box sitting behind an internal firewall (long story) that
> I want to be able to offer unsolicited remote assistance to. I can
> already RDP to the box, but the session on that box I want to offer
> assistance to is already an RDP session, so that solution's out.
>
> I have opened TCP135 and 3389. I can create an offer on the remote
> system (as a file), move it to my machine and successfully initiate an
> RA session.
>
> However, when I try to initiate an RA session without an invite, the
> help and support center window freezes for about 30 seconds then tells
> me "The remote machine does not exist or is unavailable" - I've tried
> both by name and by IP
>
> I've double-checked with a port scanner and 135 is definitely open (as
> is 3389, but I couldn't do the invited RA or RDP without that)
>
> Anybody?
>
> Thanks
>
>
>
> *********************************************************************
> This email is intended only for the addressee named above. As this
> email may contain confidential or privileged information, if you are
> not the named addressee or receive this message in error, please
> notify us immediately, delete it and do not make use of or copy it.
>
> This message is protected by copyright. HML accepts no responsibility
> for viruses found in this message or any file attachment.
>
> Homeloan Management Limited
> Registered in England No. 2214839
> 1 Providence Place, Skipton, North Yorkshire BD23 2HL
>
> **********************************************************************
>
>
>
> *********************************************************************
> This email is intended only for the addressee named above. As this
> email may contain confidential or privileged information, if you are
> not the named addressee or receive this message in error, please
> notify us immediately, delete it and do not make use of or copy it.
>
> This message is protected by copyright. HML accepts no responsibility
> for viruses found in this message or any file attachment.
>
> Homeloan Management Limited
> Registered in England No. 2214839
> 1 Providence Place, Skipton, North Yorkshire BD23 2HL
>
> **********************************************************************
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
