Nov 01 2006

Remote End-User Support

Sometimes your end users require over-the-shoulder support. Here are a few tips for remotely guiding and troubleshooting client computers in a Windows Server environment.

Remote End-User SupportThe ability to respond to customers effectively and fast is arguably even more important when a business is small. While small companies require more, enterprise-level expectations are rarely supported by big-business budgets. 

Tools such as Microsoft Remote Desktop Connection, the standard method for taking control of remote systems, can aid the information technology team in quickly reaching dozens of client machines from a server to troubleshoot without denting your budget. In addition, the Remote Desktop Management Console allows multiple Remote Desktop Protocol (RDP) sessions to be maintained at once.

It also allows you to connect to servers from the administrator workstation and run remote desktops from within your RDP session. In fact, if you’re off site, you can remotely connect to client computers by establishing a remote (typically a virtual private network) connection to the server. This nesting of remote connections (RDP within RDP or RDP within VPN) works well in a standard Windows Server networking environment. And if you are using Microsoft Windows Small Business Server 2003, you have one additional option: remotely connecting to your server using Remote Web Workplace (RWW).

Step 1: Logging In

Once you’ve logged on to the server or established a remote session (RDP or VPN), open the remote console from Administrative Tools on the Start menu. Then, to add a client computer you want to control, right-click on Remote Desktops under Console Root and select Add New Connection.

Remote End-User Support Remote Desktops
Adding a new connection to a remote system in the remote console

Although only the remote system’s name or Internet Protocol address is needed to connect to it, you can save time by specifying additional connection information, such as end-user name, password and domain. 

Remote End-User Support Add New Connection
Configuring a new connection in the remote console

Step 2: Configuring a new connection

If your networking environment is one where client system naming conventions are not directly tied to the primary end user of the system (for example, end-user “Joe” logs in on Workstation01), you should specify a meaningful connection name (such as “Joe’s Workstation”). Also note that the checkbox labeled “Connect To Console” only applies to connections made to servers and not workstations — connections made to XP clients using RDP are always established to the console session on the client.

Once you’ve added a connection to a client computer in Remote Desktop, you can then right-click on the connection and select “Connect.” This connects you to the console session on the workstation, which means if an end user is currently logged on to the workstation, the screen and keyboard will lock once your remote session is established.
If you can’t connect to XP systems, check if the Remote Desktop is disabled on those machines. To enable it, use the Group Policy setting: Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Allow Users to Connect Remotely Using Terminal Services.

Step 3: Remote Assistance

If you need to interactively provide over-the-shoulder help for an end user from a remote location, the standard way of doing this is to use XP’s Remote Assistance (RA) feature.  This feature has some limitations, however, that make it difficult to use when supporting large numbers of end users, and a good alternative to RA is Terminal Services Manager.

But before running TSM to remotely assist end users (assuming their computers are running XP Service Pack 2), adjust the registry of the systems. Specifically, add a registry key to any systems you use to control with TSM. You can apply this change to client machines using Registry Editor, however, the Remote Registry Service must be running on client systems, and by default, enabled in XP.
From your server (or from a remote location via a Remote Desktop Connection server session), run regedit.exe to open Registry Editor, and from the File menu select Connect Network Registry. Enter the name or IP address of the computer whose registry you wish to edit, and when the Registry Editor opens, browse to the following key: hkey_local_machine\system\currentcontrolset\control\terminal server.

Now add a new DWORD value named AllowRemoteRPC and set its value to 1.

Remote End-User Support Remote Assistance
Editing the registry on a remote system

After making this change, close Registry Editor. In order to apply the registry change, restart the remote system. You can restart from the command line on your server using the shutdown -m \\remote_computer_name –r command. End users currently logged on will receive a system restart notice.

After the restart, if you start TSM while logged on interactively to your server, a dialog box will appear saying “Certain features, such as Remote Control and Connect, will only work when you run this tool from a Terminal Services client session.” If you try to connect to console sessions on clients at this point, it will fail.

Instead, make sure Remote Desktop is enabled on your server by opening the System utility in Control Panel and selecting the Remote tab. Now, open Remote Desktop Connection from Communications under Accessories and specify “local host” as the computer you want to remotely connect. Enter your administrator credentials, click Connect and you’ve got an RDP session from your server to itself. Once done, open TSM within your remote session and add your client systems to the list of servers within TSM. To do this, expand All Listed Servers, select the domain name, right-click and select Connect To Computer, and specify the name of the systems.   

Before going any further, add any connected system to your list of Favorite Servers in TSM, otherwise the system will not be retained for future sessions. Just right-click on the system’s name and select Add to Favorites.

To remotely assist a system’s end user, right-click on the console session of the remote system and select Remote Control. If the option to choose Remote Control is not available, check that the TSM client is not running inside a server console session.

Remote End-User Support TSM
Remotely controlling a client system using Terminal Services Manager

Step 4: Getting Permission

When you attempt to gain control of the remote end user’s console session using this method, a dialog box will appear on the end user’s computer asking for permission. Upon either a timeout or a “No” response from the end user, you will receive an alert that the connection could not be established. When the end user clicks “Yes,” the connection is made and both you and the logged-on end user share mouse and keyboard input control.

With this approach, there is no notification to the end user when you disconnect. A workaround is to send a message to the end user’s system immediately after you disconnect. To do this, right-click on the session that has been disconnected, select Send Message and compose a brief message to indicate that the remote management session is now terminated.

Remote End-User Support Send Message
Letting your users know that the session has terminated

Mitch Tulloch is a Microsoft Most Valuable Professional. Jason Miller is the owner of Somnio Business Systems, a technolgy services company in
Winnipeg, Manitoba.
CEO takeaway
Small companies, just like large organizations, want improved anytime, anywhere, any-device access to information. To gauge your support costs for remote users, you need to know the answers to five questions:

• What type of remote tool is your IT shop using?
• Does your IT shop have the capability to remotely access client computers without interacting with the end users of these machines?
• Are your systems administrators able to quickly take control of a system to fix a problem?
• Can your sysadmins provide remote, over-the-shoulder assistance to end users in other locations who are in a jam?
• Does your company pay for services for remote end user support? Taking this in-house might reduce costs.