How to Use Group Policy to disable/enable remote connection

1. First, let's have a full understanding of Remote Assistance! Remote control is a technology that remotely controls another computer (controlled host/Server) on the network. Remote Control Technology in computers began in the DOS era. Remote control generally supports the following Network Methods: Lan, Wan, dialing, and Internet. In addition, some remote control software also supports remote control through serial ports, parallel ports, and infrared ports (however, the remote computer mentioned here, it can only be a computer within a limited distance ).

2. Remote Assistance is not enabled by default, mainly because of security issues. In fact, remote assistance can be completely solved by disabling/enabling remote assistance in Windows XP. The group policy is used to modify the configuration in the registry. How can I manage remote assistance using the Group Policy?

3. Let's briefly understand what a group policy is! Group policy is the main tool for administrators to define and control programs, network resources, and operating system behaviors for users and computers. You can set various software, computers, and user policies by using group policies.

4. Here, www.01yzh.com of Kunming National Defense Road Hospital simply says that the Group Policy setting is to modify the configuration in the registry. Of course, group policies use a better management and organization method to manage and configure the settings of various objects, which is far more convenient and flexible than manually modifying the registry and has more powerful functions.

5. 650) This. width = 650; "class =" exp-image-Default "alt =" How to Use Group Policy to disable/enable remote connection "src =" http://h.hiphotos.baidu.com/exp/w=500/sign=10e5c23f8226cffc692abfb289004a7d/63d9f2d3572c11df0e4c0b85632762d0f603c2f3.jpg "style =" border: 0px; "/>

6. Tools/Raw Materials

7. Group Policy and Remote Assistance
   

8. STEP/Method

9. In fact, the process of setting group policies is similar. Just like in my previous articles, open the Start menu and enter "gpedit" in the search for programs and files search box. MSC "and press enter to open the Group Policy object editor.

10. 
    

11. 650) This. width = 650; "class =" exp-image-Default "alt =" How to Use Group Policy to disable/enable remote connection "src =" http://a.hiphotos.baidu.com/exp/w=500/sign=df6f1f460a46f21fc9345e53c6256b31/0dd7912397dda144a5913d0fb2b7d0a20df486f6.jpg "style =" border: 0px; "/>

12. In the tree chart on the left of the Group Policy object editor pane, choose computer configuration> Manage template> system, as shown in:

13. 650) This. width = 650; "class =" exp-image-Default "alt =" How to Use Group Policy to disable/enable remote connection "src =" http:// B .hiphotos.baidu.com/exp/w=500/sign=7bb507aa62d0f703e6b295dc38fb5148/d52a2834349b033baa13ad6715ce36d3d439bdf0.jpg "style =" border: 0px; "/>

14. Next, double-click Remote Assistance in the right pane, and the setting page is displayed, as shown in:

15. 650) This. width = 650; "class =" exp-image-Default "alt =" How to Use Group Policy to disable/enable remote connection "src =" http://d.hiphotos.baidu.com/exp/w=500/sign=d68927709925bc312b5d01986ede8de7/71cf3bc79f3df8dc2a7c7d2fcd11728b461028cf.jpg "style =" border: 0px; "/>

16. Then double-click Open Request Remote Assistance: to the property page:

17. 650) This. width = 650; "class =" exp-image-Default "alt =" How to Use Group Policy to disable/enable remote connection "src =" http://d.hiphotos.baidu.com/exp/w=500/sign=f480794ad100baa1ba2c47bb7711b9b1/d833c895d143ad4bbaaef26682025aafa50f0697.jpg "style =" border: 0px; "/>

18. Now let's take a look at the system's description of "remote assistance requested:

19. Specify whether the user can send remote assistance requests to other users.
    If this policy setting is enabled, you can send a remote assistance invitation to users ("experts") on another computer. This expert can use this invitation to view users' real-time screen, mouse, and keyboard activities if they are subsequently permitted by the user.
    The allow remote control of this computer option specifies whether users on different computers can control this computer. If you invite an expert to connect to this computer and grant permissions, this expert can control this computer. During Remote Assistance sessions, this expert can only send control requests. You can stop remote control at any time.
    Set the maximum ticket time to set the invitation duration for remote assistance.
    The "Send email invitation method" option specifies the criteria for sending emails with Remote Assistance invitations. Depending on different email programs, you can use mailto (invite recipients to connect over the Internet) or smapi (simple mapi) standards (invitations are attached to emails ). The email program must support the selected email standard. This option applies only to Windows Server 2003.
    If this policy setting is disabled, the user cannot Request Remote Assistance and the computer cannot be controlled from another computer.
    

20. We also need to open "provide Remote Assistance" in the Remote Assistance bar:

21. 650) This. width = 650; "class =" exp-image-Default "alt =" How to Use Group Policy to disable/enable remote connection "src =" http://g.hiphotos.baidu.com/exp/w=500/sign=dc81509fb3de9c82a665f98f5c8080d2/fd039245d688d43fc94d25547d1ed21b0ff43bab.jpg "style =" border: 0px; "/>

22. Now let's take a look at the official instructions on "providing remote assistance:
    

    Use this policy settings to determine support staff or IT administrators (referred to as "experts ") remote assistance can be provided to the computer if the user first requests through a channel, email, or instant message.
    With this policy setting, experts can provide remote assistance to this computer.
    This expert is unable to connect to an unpublished computer or to control it without the user's permission. When an expert tries to connect, the user still has the opportunity to accept or reject the connection (only the expert can view the user's desktop). Therefore, if remote control is enabled, after you click a button, experts can remotely control the desktop.
    Www.fyyhzs.com, Kunming National Defense Road Hospital, indicates that if this policy is enabled, Remote Assistance will be provided to users logging on to this computer. You have two options for Remote Assistance: "allow assistance personnel only to view the computer" or "allow assistance personnel to remotely control the computer ." In addition to these two options, you can also specify a list of users or user groups that can provide remote assistance when configuring this policy. These personnel are called "assistance personnel ".
    To configure a list of assistance personnel, click "show ". This opens a new window to enter the name of the assistant. Add users or groups one by one. Use the following format when entering the name of the assistance user or user group:
    <Domain name >\< User Name> or
    <Domain name >\< Group Name>
    If this policy setting is disabled or not configured, users or groups cannot provide remote assistance without request to this computer.
    If you are using Windows Firewall, you need to add the following exceptions to Windows Firewall local or group policy settings to use without request assistance.
    Add the following items to Windows Firewall port exceptions:
    TCP port 135
    Add the following items to Windows Firewall program exceptions:
    % Windir % \ system32 \ sessmgr.exe
    % Windir % \ pchealth \ helpctr \ binaries \ helpsvc.exe
    % Windir % \ pchealth \ helpctr \ binaries \ helpsvc.exe

This article is from the "Kunming National Defense Road" blog, please be sure to keep this source http://kmgfl.blog.51cto.com/9109605/1432971