How to disable/enable remote connections using Group Policy

First of all, to fully understand the Remote Assistance bar! Remote control is the technology that is remotely controlled on a network by a computer (the host remote/client) to control the other computer (the host/server side of the control end). The remote control technology in the computer began in the DOS era. Remote control generally supports the following network methods: LAN, WAN, dial-up, Internet mode. In addition, some remote control software also support through the serial port, and port, infrared ports to control the remote machine (but, here, the remote computer can only be a limited range of computers).

Remote Assistance By default we do not enable it, primarily to take into account security issues, in fact, the use of Windows XP system itself to prohibit/enable Remote Assistance, can completely solve this problem. The setting of Group Policy is used to modify the configuration in the registry, so how can you manage Remote Assistance with Group Policy?

Let's take a quick look at what Group Policy is. Group Policy is the primary tool for administrators to define and control programs, network resources, and operating system behavior for users and computers. \ Policy You can set up various software, computer, and user policies by using Group Policy.

In fact, the Group Policy setting is simply to modify the configuration in the registry. Of course, Group Policy uses a better management organization method, can manage and configure the settings of various objects, far more convenient, flexible and powerful than manually modifying the registry.

Tools/raw Materials

Group Policy, Remote Assistance

　　Steps/Methods

In fact, the Group Policy setup process is almost the same, as in the previous several articles, first open the Start menu, in the search programs and Files search box, enter "Gpedit.msc" and return, open the Group Policy Object Editor.

Expand the Computer configuration → administrative Templates → system in the tree diagram on the left side of the Group Policy Object Editor pane, as shown in the following illustration:

Next, double-click Remote Assistance in the right pane, and the Settings interface appears: The following illustration shows:

Then double-click the dot Open request Remote Assistance: Come to the property interface:

Now let's look at the system's description of solicited Remote Assistance:

Specifies whether the user can request assistance from other users through Remote assistance.

If you enable this policy setting, users can send a Remote Assistance invitation to a user ("expert") from another computer. The expert can use this invitation to view the user's immediate screen, mouse, and keyboard activity if the user subsequently allows it.

The Allow remote control of this computer option specifies whether users on different computers can control this computer. If a user invites an expert to connect to this computer and grant permissions, the expert can control the computer. During a Remote Assistance session, this expert can only issue requests for control. Users can stop remote control at any time.

The maximum ticket time setting sets the limit for the duration of the Remote Assistance invitation.

The Send E-mail Invitation method option specifies the criteria for sending e-mail messages for Remote Assistance invitations. Depending on your e-mail program, you can use Mailto (inviting recipients over the Internet link) or the SMAPI (simple MAPI) standard (invitation attached to an e-mail message). The e-mail program must support the selected e-mail standard. This option applies only to Windows Server 2003.

If you disable this policy setting, users will not be able to request Remote Assistance, and this computer will not be able to control from another computer.

We also need to open the Remote Assistance bar's provide Remote Assistance:

Now let's look at the official instructions for "providing Remote Assistance":

Use this policy setting to determine whether a support person or an IT administrator (called an "expert" here) can provide remote Assistance to a user without first requesting it through a channel, e-mail, or instant message.

Using this policy setting, experts can provide remote Assistance to this computer.

This expert cannot connect to an unpublished computer or control without user permission. When an expert tries to connect, the user still has the opportunity to accept or reject the connection (only the expert is allowed to view the user's desktop), so if remote control is enabled, the user can remotely control the desktop after clicking a button.

If you enable this policy setting, Remote Assistance will be provided to users who are logged on to this computer. You have two options for assisting people with Remote Assistance: "Only allow assistance to view the computer" or "Allow assistance to help people remotely control the computer." "In addition to these two choices, you can also specify a list of users or groups of users who can provide Remote Assistance when you configure this policy setting." These people are referred to as "assisting personnel".

To configure the list of facilitators, click Show. This will open a new window to enter the name of the assisting person. Add users or groups individually. When you enter the name of the Assistant user or user group, use the following format:

< domain >< user name > or

< domain >< Group name >

If you disable or do not configure this policy setting, users or groups will not be able to provide unsolicited remote Assistance to this computer.

If you use Windows Firewall, you need to add the following exceptions to the Windows Firewall local or Group Policy setting to use unsolicited assistance.

Add the following items to the Windows firewall port exception:

TCP Port 135

Add the following items to the Windows firewall program exception:

%windir%system32sessmgr.exe

%windir%pchealthhelpctrbinarieshelpsvc.exe

%windir%pchealthhelpctrbinarieshelpsvc.exe

End