You cannot offer remote assistance to a user whose computer is running Windows XP Service Pack 2 http://support.microsoft.com/?kbid=884910 View products that this article applies to. SYMPTOMS When you try to offer remote assistance to a user whose computer is running Microsoft Windows XP Service Pack 2 (SP2), you are not successful. In this scenario, you may receive the following message: Permission denied CAUSE This problem may occur if the following conditions are true: One or both the following Group Policy settings are enabled on the computer that is running Windows XP SP2: DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax The users who try to offer remote assistance are not added to the security permissions of these policies. RESOLUTION To resolve this problem, follow these steps: Create a security group in your domain to contain the remote assistance helper's user accounts. For example, create a group that is named Remote Assistance Helpers. Modify the Group Policy where you enabled the DCOM security-related policies, and then add the Remote Assistance Helpers group with both local and remote access permissions. To do this, follow these steps: Open the Group Policy object. To do this on the local Windows computer, click Start, click Run, type gpedit.msc, and then click OK. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options. Double-click DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax if this policy is enabled. Click Edit Security, and then click Add. Click Locations, click your domain, and then click OK. Type Remote Assistance Helpers, click Check Names, and then click OK. Click to select the Remote Access check box in the Allow column, and then click OK. Click Apply, and then click OK. Double-click DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax if this policy is enabled. Follow steps d through f to add the Remote Assistance Helpers security group to this policy. Click to select all the check boxes in the Allow column, and then click OK. Click Apply, and then click OK. Close the Group Policy Object Editor snap-in. Add the domain group to the helpers list in the Offer Remote Assistance Group Group Policy if it is not already added. To do this, follow these steps: On the Windows XP client computer, click Start, click Run, type gpedit.msc, and then click OK. Expand Computer Configuration, expand Administrative Templates, expand System, click Remote Assistance, and then double-click Offer Remote Assistance. Click Show, click Add, type domainname\Remote Assistance Helpers, and then click OK. Click OK, click Apply, and then click OK. STATUS Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. MORE INFORMATION The DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy determines which users or groups can log on either remotely or locally. The DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting determines which users or groups may start a process remotely or locally. For additional information about security-related policy settings in Windows XP SP2, visit the following Microsoft Web site: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mng secps.mspx For additional information about remote assistance, click the following article numbers to view the articles in the Microsoft Knowledge Base: 300546 Overview of Remote Assistance in Windows XP http://support.microsoft.com/default.aspx?kbid=300546 301527 How to configure a computer to receive Remote Assistance offers in Windows XP and Windows Server 2003 http://support.microsoft.com/default.aspx?kbid=301527 The information in this article applies to: Microsoft Windows XP Professional Service Pack 2 (SP2) Last Reviewed: 9/14/2004 (1.0) Keywords: kbnofix kbBug kbSecurity kbpolicy kbinfo kbtshoot kbprb KB884910 kbAudITPRO ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm