[THIN] KB: You cannot offer remote assistance to a user whose computer is running Windows XP Service Pack 2

• From: "Jim Kenzig http://thin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Wed, 29 Sep 2004 07:49:42 -0400

You cannot offer remote assistance to a user whose computer is running
Windows XP Service Pack 2
http://support.microsoft.com/?kbid=884910
View products that this article applies to.
SYMPTOMS
When you try to offer remote assistance to a user whose computer is running
Microsoft Windows XP Service Pack 2 (SP2), you are not successful. In this
scenario, you may receive the following message:

Permission denied
CAUSE
This problem may occur if the following conditions are true:
One or both the following Group Policy settings are enabled on the computer
that is running Windows XP SP2:
DCOM: Machine Access Restrictions in Security Descriptor Definition Language
(SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language
(SDDL) syntax

The users who try to offer remote assistance are not added to the security
permissions of these policies.
RESOLUTION
To resolve this problem, follow these steps:
Create a security group in your domain to contain the remote assistance
helper's user accounts. For example, create a group that is named Remote
Assistance Helpers.
Modify the Group Policy where you enabled the DCOM security-related
policies, and then add the Remote Assistance Helpers group with both local
and remote access permissions. To do this, follow these steps:
Open the Group Policy object. To do this on the local Windows computer,
click Start, click Run, type gpedit.msc, and then click OK.
Expand Computer Configuration, expand Windows Settings, expand Security
Settings, expand Local Policies, and then click Security Options.
Double-click DCOM: Machine Access Restrictions in Security Descriptor
Definition Language (SDDL) syntax if this policy is enabled.
Click Edit Security, and then click Add.
Click Locations, click your domain, and then click OK.
Type Remote Assistance Helpers, click Check Names, and then click OK.
Click to select the Remote Access check box in the Allow column, and then
click OK.
Click Apply, and then click OK.
Double-click DCOM: Machine Launch Restrictions in Security Descriptor
Definition Language (SDDL) syntax if this policy is enabled.
Follow steps d through f to add the Remote Assistance Helpers security group
to this policy.
Click to select all the check boxes in the Allow column, and then click OK.
Click Apply, and then click OK.
Close the Group Policy Object Editor snap-in.
Add the domain group to the helpers list in the Offer Remote Assistance
Group Group Policy if it is not already added. To do this, follow these
steps:
On the Windows XP client computer, click Start, click Run, type gpedit.msc,
and then click OK.
Expand Computer Configuration, expand Administrative Templates, expand
System, click Remote Assistance, and then double-click Offer Remote
Assistance.
Click Show, click Add, type domainname\Remote Assistance Helpers, and then
click OK.
Click OK, click Apply, and then click OK.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products
that are listed in the "Applies to" section.
MORE INFORMATION
The DCOM: Machine Access Restrictions in Security Descriptor Definition
Language (SDDL) syntax policy determines which users or groups can log on
either remotely or locally.

The DCOM: Machine Launch Restrictions in Security Descriptor Definition
Language (SDDL) syntax policy setting determines which users or groups may
start a process remotely or locally.

For additional information about security-related policy settings in Windows
XP SP2, visit the following Microsoft Web site:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mng
secps.mspx

For additional information about remote assistance, click the following
article numbers to view the articles in the Microsoft Knowledge Base:
300546 Overview of Remote Assistance in Windows XP
http://support.microsoft.com/default.aspx?kbid=300546

301527 How to configure a computer to receive Remote Assistance offers in
Windows XP and Windows Server 2003
http://support.microsoft.com/default.aspx?kbid=301527

The information in this article applies to:
Microsoft Windows XP Professional Service Pack 2 (SP2)
Last Reviewed: 9/14/2004 (1.0)
Keywords: kbnofix kbBug kbSecurity kbpolicy kbinfo kbtshoot kbprb KB884910
kbAudITPRO
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] KB: You cannot offer remote assistance to a user whose computer is running Windows XP Service Pack 2

1. Home
2. thin
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---