Delete remote assistance invitation?

Discussion in 'Windows Vista Networking' started by Blue Max, Oct 30, 2007.

  1. Blue Max

    Blue Max Guest

    Under Windows Vista we cannot find how to do the following:

    1. Delete a remote assistance help invitation.
    2. Set the expiration for an invitation during creation - never given the
    option.
    3. When viewing dialog for System Properties > Remote Tab > Advance Button,
    all the Remote Assistance Settings dialog options are dimmed except the
    option to create invitations for computers running Vista?

    These options are pretty intuitive in Windows XP, but not in Vista. Thank
    you for any help.
     
    Blue Max, Oct 30, 2007
    #1
    1. Advertisements

  2. As an administrator run gpedit.msc and check the "Computer Configuration ->
    Administrative Templates -> System -> Remote Assistance -> Solicited Remote
    Assistance" group policy. If its enabled you will see what you see in items
    2 and 3. Make sure its "Not configured". You can then configure the
    expiration time period in the Remote Tab > Advanced button. You can delete
    individual invitation files from the folder you save them to. Search for
    files with the .msrcincident extension. Go to "Start -> Search".

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
    How to ask a question
    http://support.microsoft.com/KB/555375
     
    Sooner Al [MVP], Oct 30, 2007
    #2
    1. Advertisements

  3. Blue Max

    Blue Max Guest

    Thanks, Sooner A1. You are probably right on the money. I had edited group
    policy to enable this option because it supposedly allowed us to lengthen
    the expiration time frame. However, I also have noted, after the fact, that
    the article providing this information was for Windows XP (which information
    we successfully used to correct a Remote Assistance issue between XP and
    Vista machines on the local network).

    Since you are familiar with this subject, perhaps you can clarify a few
    issues:

    FIRST, can we select any available expiration time-frame on the drop downs
    in Vista? In XP there was a group policy setting that limited the time
    frame to something like 30 hours, or whatever, even though there were longer
    options on the drop downs. As such, we had to edit group policy in XP in
    order to utilize the longer expiration periods, up to 99 days. So is Vista
    different or do we have to disable a limit here too?

    SECOND, does the expiration setting in Vista affect all open invitations?
    We have presumed this must be the case because there is no option to specify
    the expiration period when creating individual invitations.

    THIRD, I can get Vista Remote Assistance to work fine on our local network,
    but cannot get it to work over the internet using an invitation file.
    Remote Desktop connects fine between our computers over the network, so I
    thought we had all the proper ports enable and routed through the firewalls,
    but Remote Assistance still fails to connect. Is there a chance that Remote
    Assistance is using a different port than the 3389 port used for Remote
    Desktop? I also have noted that we do not have a Remote Assistance Offer
    Help Users group on any of our Vista Ultimate machines; a user group often
    referred to in Remote Assistance articles. Any ideas?

    Thank you to the max from the Max.

    ******************************
     
    Blue Max, Oct 31, 2007
    #3
  4. I don't see the option to lengthen the expiration time when I create an
    invitation file on my Vista machines so I guess that means that option has
    been removed for whatever reason. The means the expiration time you set in
    the configuration window or via a group policy or via registry setting will
    apply to all invitations. Its no longer on an invitation by invitation
    basis...

    Remote Assistance (RA) still uses TCP Port 3389. You might need to change
    the public IP address in the invitation file. See the RCTICKET field in the
    file. These articles, written for XP, should still pertain.

    http://support.microsoft.com/kb/300692/en-us
    http://support.microsoft.com/kb/301529/en-us

    I have not used RA that much except for testing over my local LAN or through
    a test VPN tunnel. FWIW, I have started using TeamViewer to support one of
    my sister-in-law's remotely. That works pretty well for me, even on a 56K
    dial link which she uses, and something you might look into. Note its free
    for personal use only.

    http://www.teamviewer.com/index.aspx

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
    How to ask a question
    http://support.microsoft.com/KB/555375
     
    Sooner Al [MVP], Oct 31, 2007
    #4
  5. Blue Max

    Blue Max Guest

    Hello Sooner,
    What a pity! It seems that in many ways XP was better thought-out than
    Vista. It seemed so logical that the user might want to issue an invitation
    to certain individuals that would have a quick expiration (one-time help
    from a specific tech) and to other individuals with a long-term expiration
    (such as a good computer-saavy friend). This issue also raises other
    expiration questions like, does lowering the expiration time delete prior
    invitations we expected to keep long-term? or do short-term invitations
    receive an extension when the expiration period is raised? and so on.

    Thank you for the recommendations regarding these issues also.
     
    Blue Max, Oct 31, 2007
    #5
  6. You would have to test that. I never have nor have I even thought of those
    issues quite frankly...

    One thing you might look into is using the Remote Assistance (RA) "offer"
    functionality. I do know that works between Vista Ultimate-to-Vista Ultimate
    machines in a workgroup environment, ie. like my small two Vista home
    network, and should work natively in a domain environment. I had to enable
    both the "Solicited" and "Offer" group policies to get this to work. I could
    directly address the RA offer by IP (or NetBIOS name) over my local LAN or
    through a PPTP VPN tunnel. The latter is nice if the expert had to VPN into
    a remote site to provide support.

    These articles, written for XP, are still pertinent for the most part...

    http://support.microsoft.com/kb/308013/

    http://support.microsoft.com/default.aspx?scid=kb;en-us;301527
    http://support.microsoft.com/kb/306496/

    I presume this would work with Vista Business or Enterprise editions if used
    in a workgroup environment also but I have no way of testing this.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
    How to ask a question
    http://support.microsoft.com/KB/555375
     
    Sooner Al [MVP], Nov 1, 2007
    #6
  7. Blue Max

    Blue Max Guest

    Thanks Sooner. How did you find and enable "both the 'Solicited' and
    'Offer' group policies" to get this to work? My problem is that the
    policies are not displayed by default and help articles infer they are only
    available while an offer is outstanding. Not to mention that most articles
    refer to XP and don't take into consideration the changed names or altered
    functionality in Vista. So how does one add permissions to a group they
    cannot find? I'll take a look at the articles you recommended.

    I like the concept of 'offering' help, but cannot seem to enable this
    feature over the internet. You mentioned going "through a PPTP VPN tunnel,"
    but we don't have a lot of experience in setting up a VPN. Furthermore, our
    IP addresses are dynamically assigned, so we are using a No-IP domain name
    to address our computers. Microsoft makes it sound like Remote Assistance
    is a cinch, but it is far from any such thing! We do use Remote Desktop
    over the internet just fine with the same two computers, and we can use
    Remote Assistance just fine through Windows Live Messenger, but cannot get
    RA to work directly over the internet, which may be due to the group
    policies you mentioned. If you have any ideas we would be happy to
    entertain them.

    Thanks

    **************
     
    Blue Max, Nov 1, 2007
    #7
  8. Blue Max

    Blue Max Guest

    Just a follow-up to my last reply. I have read the articles you recommended
    and they are the same ones we used in resolving an XP problem. However,
    enabling the RA Offer settings in Vista did some funny things, like locked
    our expiration options so they could not be changed. In fact, I think it
    may have even been you that directed us to 'disable' or 'not configure'
    these items in order to restore the expiration options. Anyway, you got it
    to work between your Vista computers and we hope to do the same. We still
    think it may relate back to having the proper groups available with
    permissions for the proper users.

    **************
     
    Blue Max, Nov 1, 2007
    #8
  9. Are you in a domain environment or a workgroup environment? I presume your
    an administrator or a user with admin privileges.

    Your right in that setting those group policies negates the user from
    setting the time limit. Its an either or situation.

    By the way, I have never tried to offer over the public internet other than
    through a VPN tunnel, ie. I VPN into a network then offer the novice user
    (on that network) help via RA.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
    How to ask a question
    http://support.microsoft.com/KB/555375
     
    Sooner Al [MVP], Nov 2, 2007
    #9
  10. Blue Max

    Blue Max Guest

    Hello Sooner,

    The small office end of the internet link is a simple peer-to-peer workgroup
    with a Linksys hub (switch) linked to a Qwest DSL router/modem. The home
    end is a Linksys Wired/Wireless router where the main computer is wired
    (Ethernet) to the router and about 5 or 6 laptops and an old desktop are
    using the wireless connection. Both internet service providers assign
    dynamic IP addresses, so we use No-IP in order to have a static domain name
    for one computer on each end of the internet connection. In both cases the
    routers pass calls to port 3389 through to the two computers running Windows
    Vista Ultimate and the computer firewalls are configured to allow calls to
    that port also. This configuration works great with Remote Desktop over the
    internet, except for file transfers that are dirt slow. Still trying to
    figure out what the problem is with the slow file transfers? We can
    download a 100MB plus file in several minutes off the internet, yet it
    almost requires a plunger to force a 1MB file through the Remote Desktop
    connection!

    On the other hand, we'd love to learn how to set up a secured VPN Tunnel
    over the internet between these two locations. However, we have not had the
    time to explore this fully explore this possibility. We have a lot to learn
    about VPNs, domains, and trusted domains versus workgroups and simple
    internet access. As you can tell, we are a little discouraged with the
    Remote Assistance connectivity issue, especially since we already had Remote
    Desktop up and running and thought that setting up RA would be a small
    incremental task. Ironically, Microsoft makes Remote Assistance sound so
    easy . . . just issue an offer over the internet and the other party simply
    accepts!

    Do you think a VPN would help? If so, are you aware of any good 'How-to'
    articles on setting up a VPN tunnel between the two computers as configured
    above? I do like the appeal of an encrypted private connection, but am
    wondering whether it will slow down or speed up communication and files
    transfers between the two computers?

    I apologize for the unending cascade of questions, but getting advice from
    someone who has successfully perfomed a task is often worth a dozen
    knowledgebase or how-to articles.

    Thanks again,

    Richard

    **********************
     
    Blue Max, Nov 2, 2007
    #10
  11. If you want to do VPN between two small networks like that you have a few
    options.

    * Setup a PPTP VPN server running on a Vista or XP box at the office end.
    You home clients could then access the office network just like they were on
    it. Here is how to do that with Vista or XP...

    http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
    http://www.onecomputerguy.com/networking/xp_vpn_server.htm
    http://www.onecomputerguy.com/networking/xp_vpn.htm

    The problem with a PPTP VPN is some routers don't support GRE Protocol 47
    traffic. That issue is very problematic on consumer grade routers.

    * Purchase VPN end-point type routers at each location. Those are made by
    Linksys, Cisco, ZyXEL, Netgear, etc depending on how much you want to spend
    and what type of VPN you want, ie. L2TP/IPSec, SSL, etc.

    * Use a supported router and install third-party firmware like DD-WRT that
    includes built-in VPN server functionality.

    * Use third-party VPN software like SSL-Explorer or OpenVPN.

    * Setup a Secure Shell (SSH) server at the office end. Clients can then
    access shared files on the server and desktops with Remote Desktop through
    the SSH tunnel. I use SSH to access my home LAN for both secure remote file
    access and Remote Desktop access.

    http://theillustratednetwork.mvps.org/Ssh/SSH-HomeUser.html

    http://theillustratednetwork.mvps.org/Ssh/SecureShell.html

    You could also use a program like WebDrive ($$$$) as your SSH SFTP client.
    WebDrive allows you to map shared drives through the SSH tunnel, which can
    be a nice feature for your remote clients.

    http://www.webdrive.com/products/webdrive/index.html

    As a side note I was getting ready to start experimenting with RA through a
    SSH tunnel. I plan on doing that tomorrow if I get time.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
    How to ask a question
    http://support.microsoft.com/KB/555375
     
    Sooner Al [MVP], Nov 2, 2007
    #11
  12. Blue Max

    Blue Max Guest

    Thanks, Sooner Al! These links provide some really great articles, but it
    will take me a little while to digest everything. I am starting to
    formulate a picture in my mind, but help me understand if I am on the right
    path.

    FIRST, creating a VPN tunnel will make it appear as if the home client is
    just another computer on the office network, complete with file sharing,
    shared printer resources, etc?

    SECOND, Remote Desktop and Remote Assistance should work in this
    configuration just as if one office computer were accessing another office
    computer on the local offiice workgroup network?

    THIRD, can both the home and office computers be configured as VPN servers
    at same time for client access regardless of whether you are at home or at
    the office?

    FOURTH, the first Vista VPN article was extremely helpful, but I have a
    question on the "Incoming IP Properties" dialog configuration. In this step
    are we simply assigning a 'Static' IP address to the client computer as a
    virtual entity logged into the network? I'm not real clear on what this
    assignment is accomplishing or how we should specify the IP range.

    FIFTH, are you inferring that simply setting up the VPN tunnel does not
    encrypt the connection? We need to setup Secure Shell (SSH) separately in
    order to be protected? Isn't the VPN tunnel automatically encrypted. In
    similar fashion, why do you recommend third-party firmware and VPN software,
    doesn't Windows Vista provide this functionality?

    Thanks again, these were some wonderful resources to get us started!

    Richard

    ************************
     
    Blue Max, Nov 4, 2007
    #12
  13. First - Yes
    Second - Yes
    Third - I'm not sure I understand the question...
    Fifth - VPN tunnels are encrypted.
    When you are on the VPN and it is a "private" network, you are open to
    any attacks/vulnerabilities that may be on the office LAN (and vice
    versa - the office is open from attacks from your computer). That is
    why many companies restrict VPNs.

    ---
    Jeffrey Randow

    Windows Networking MVP 2001-2006
    http://www.networkblog.net
     
    Jeffrey Randow, Nov 4, 2007
    #13
  14. To add to Jeffrey's comments...

    The office and home networks need to be on different subnets, ie. office
    192.168.1.X and home 192.168.2.X for example. The assigned IP range on the
    PPTP VPN server at the office would be in the 192.168.1.X range but outside
    the range of any existing static IP or DHCP assigned IP addresses. So for
    example my home PPTP VPN server is on my home subnet of 192.168.2.X. I have
    static IP addresses assigned to two desktop PC, ie. 192.168.2.11 and .12
    respectively. I have a router based DHCP server running on my home LAN that
    assigns mobile clients IP addresses from 192.168.2.101 through .110. I
    subsequently configured my PPTP VPN server range from 192.168.1.31 and .32.
    The .31 IP is assigned to the server when a client connects and the client
    gets the .32 address. Now you can make that range as large as you want but
    keep in mind a Windows Vista or XP PPTP VPN server can only accept one
    incoming VPN connection at a time natively so that limits you.

    As noted by Jeffrey a VPN (PPTP, L2TP/IPSec/SSL or SSH) is natively
    encrypted. I offered you a number of solutions as options some based in
    hardware (the best solution IMHO) and others based in software on each end.

    I happen to use a SSH tunnel normally because I can use strong
    authentication (ie. a private/public key pair protected by a strong
    password) versus a password only (ie. for a PPTP VPN for example), a hosts
    key file on my client that precludes, to a bit, the likely hood of a
    Man-In-The-Middle attack and SSH is real easy to setup (again IMHO) for home
    users like myself.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
    How to ask a question
    http://support.microsoft.com/KB/555375
     
    Sooner Al [MVP], Nov 4, 2007
    #14
  15. Blue Max

    Blue Max Guest

    Thank you, Jeffrey. Thanks to you gentlemen, we're just beginning to see a
    little of the light.

    As to my THIRD question, I am assuming that the remote client (home) can
    initiate a connection with the host or VPN server (office). However, if I
    want to use the office computer as the remote client and the home computer
    as the server, don't I have to reverse the rolls so that the connection can
    be initiated from the office to home?

    Thanks,

    Richard

    **************************
     
    Blue Max, Nov 6, 2007
    #15
  16. Plus the fact that a SSH tunnel is able to tunnel virtually any
    traffic and is cross-platform...

    SSL Tunnels also work very well, but this is still an emerging
    technology MS-wise...
     
    Jeffrey Randow, Nov 6, 2007
    #16
  17. Blue Max

    Blue Max Guest

    Thank you, the VPN picture is becoming much clearer. However, we still have
    few areas of confusion regarding the IP Address assignments as follows:
    In this example it appears that different numbers in the third segment of
    the IP address represent two distinct subnets. However, in our case, both
    our router's native IP addresses, which seem to determine our subnets, both
    have the number "1" in the third segment. Does that mean that both our home
    network and office network are on the same subnet? Which apparently would
    be a problem according to what you indicate above regarding separate
    subnets.
    So the IP address range we are assigning, at the office, to the VPN server
    and client, in the setup dialog, must lie within the realm of the office
    subnet, correct? In other words, the first 3 segments will be the same as
    the office IP addresses?
    You lost me a little here. You are now talking about a PPTP VPN server at
    home versus the office? Are we to assume that you are instructing us on how
    to set up both locations as servers?
    Are we back at the office here? This server range here is within the realm
    of the office subnet, not the home, correct?
    Are these addresses assigned to some kind of virtual server and client?
    Obviously, the office computer (server?) already has an assigned IP address,
    as does the home computer (client?), correct? So are we to assume that
    these second IP addresses, .31 and .32 in the example range above, are being
    assigned by the office computer (server?) to a virtual (VPN) server (itself)
    and a virtual VPN client (the home computer)?
    Are these different VPN protocols available as native options within Windows
    Vista VPN or are they purchased as separate third-party options?
    Finally, thank you for the clarification here and for all the other
    assistance. Excuse my novice status, but these explanations have been
    extremely helpful in understanding how to setup a VPN connection.

    Thanks,

    Richard
     
    Blue Max, Nov 8, 2007
    #17
  18. * Yes, that means both your office and home networks will be the same
    subnet, ie. 192.168.1.X for example. You would need to change one to
    something else.

    * Yes, that is correct.
    * I only have/had a PPTP VPN server setup at home and connect with a laptop
    client.
    * That is a typo on my part. That should read 192.168.2.31 and .32. Sorry
    about that.
    * That's correct.
    * If you have a Vista/XP box you use as a server then natively you only have
    a PPTP VPN server available. A Vista/XP windows client will have PPTP and
    L2TP/IPsec available natively. SSL and SSH are available on the internet for
    free or $$$$. You might look at OpenVPN or SSL-Explorer for SSL options.
    Your welcome.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], Nov 8, 2007
    #18
  19. Blue Max

    Blue Max Guest

    Magnificent!

    Thank you Al, I finally think I understand the basics. I want to express
    my appreciation for sticking with me down to the last little question. From
    experience, I know that a seeming trivial mis-interpretation can turn the
    process from a pleasant experience into a nightmare. My only concern now is
    whether my routers will support the VPN, but can certainly confirm that with
    very little effort. I also wonder about our No-IP Dynamic Domain name, but
    trust that the home client computer can contact the office server using the
    server's static No-IP domain name versus a static WAN IP address (which we
    do not have since it is dynamically assigned). I was also interested in
    your use of a laptop as a client. Is it setup as a wired or wireless
    client?

    Thank you again, your assistance has been extremely helpful and we
    appreciate the volunteer time you continually invest to answer the same
    questions over and over again.

    Sincerely,

    Richard

    ******************************
     
    Blue Max, Nov 8, 2007
    #19
  20. The No-IP domain name is fine. I used one in the past and currently use a
    DynDNS name. They both work equally well and I only switched because my
    current router supports DynDNS as a built-in function.

    One additional comment is I would still look at purchasing VPN end-point
    type routers for each location particularly if you want a permanent VPN
    tunnel between the two. Others can speak to that but look at ZyXEL, Linksys,
    etc or Cisco if you want to spend more $$$$.

    Good luck...

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], Nov 8, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.