1 . 8 0 0 . 8 1 3 . 6 4 1 5 | w w w . s c r i p t l o g i c . c o m / s m b I T
Tools & Techniques for Remote
Help Desk Support
© 2011 ScriptLogic Corporation ALL RIGHTS RESERVED.
Back when I started during the Neolithic IT age, help desk support generally meant a long and often frustrating phone call or hiking to the problem to see it first hand or resolve it. Today we have many tools in our toolbox, including a number that are included with Windows. As you might expect, providing remote help desk support between two Windows 7 desktops is the easiest approach. However, as long as your desktop is running Windows 7 and the remote computers are running Windows XP or later, you should be fine. In this article I’ll cover a number of tools and techniques for remote help desk support. Your choice of tools will vary depending on network configuration, security requirements, end-user participation and even your own comfort level. The bottom line, and it really affects THE bottom line, is to accomplish as much as you can remotely in the most efficient manner possible that has a minimum impact on the end user.
Remote Administration Tools
Today, Microsoft includes many management tools that allow you to gather information about remote computers from the comfort of your own desk. With these tools you can troubleshoot and often initiate action to resolve a problem just as if you were logged on to the remote computer. A word of caution, some of these tools and features may require specific firewall configurations. Generally, I look for the remote management rules and enable them for the domain policy. Group Policy is the best mechanism for managing this in the enterprise.
Computer Management Console
By far the most powerful tool at your disposal, barring a network or hardware issue, is the Computer Management console. This is the console you get when you right click on Computer from the Start Menu and select Manage. This management console gives you remote access to services, local users and groups, the event log and disk management.. To connect to another machine from a running instance of the console, right-click on the top level “Computer Management (Local)” and enter in the name of another computer like I’ve done in Figure 1.
Figure 1
Or you can click Browse and search through Active Directory. There is no provision for alternate credentials so make sure you have started the management console with appropriate administrative credentials for the remote machine.
The shortcut I like to use is click Start – Run and in the box type the command like you see in Figure 2.
Figure 2
Now you can manage the computer just as if you were sitting in front of it. This type of remote connection is totally transparent to anybody logged on interactively.
Figure 3
If you have access to the Active Directory Users and Computers management console, you can also launch computer management. Find the computer that needs help, right click on the object and select “Manage”.
Other Consoles
Many of the other management consoles also allow you to make remote connections. While some of these are part of the Computer Management console. My favorites are Services, and Event Viewer. The latter includes an option for specifying alternate credentials which is very nice. If you like shortcuts, try these:
Services.msc /computer:SOMECOMPUTER Eventvwr SOMECOMPUTER
Again, you can view and manage a computer that could be on the other side of the country.
Console Tools
The GUI-based tools are nice but depending on your connection you may find command line tools more useful. For managing services on a remote computer, nothing beats SC.EXE. To see full help type:
PS C:\> sc /?
Suppose I want to check the status of the Spooler service on a remote computer. C:\>sc \\quark query spooler
SERVICE_NAME: spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 C:\>
Now I’ll go ahead and restart the service. C:\>sc \\quark stop spooler SERVICE_NAME: spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 3 STOP_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x3 WAIT_HINT : 0x4e20 C:\>sc \\quark start spooler
SERVICE_NAME: spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x7d0 PID : 4436 FLAGS : C:\>
Very simple and very direct. Microsoft ships a number of command line tools that support remote administration. Here’s a short list.
Tool Command Line Description
Task List Tasklist.exe View processes
Task Kill Taskkill.exe Kill processes
TSKill TSKill Another task/process killer
Schedule Tasks SchTasks.exe Manage scheduled tasks
Perf Log Manager Logman.exe Complete command line
performance monitoring
Registry editor Reg.exe View and modify the registry
Driver Query DriverQuery.exe View installed device drivers System Information SystemInfo.exe Gather system and operating
system information
Windows Time W32tm.exe View and configure time and
time zone related settings.
I don’t have time to cover all of these tools but they are pretty easy to use and most follow the same paradigm. Open a CMD prompt and type the command line /? to see help and examples.
Remote Assistance
Perhaps the best know remote help tool is Remote Assistance which was introduced with Windows XP. I trust that you are familiar with so I won’t re-hash the basics. Suffice it to summarize that with Remote Assistance an end user creates an invitation that is delivered to an administrator either through a file, email or IM. Upon opening the invitation, the helper enters a password supplied by the end user and the helper can now see everything on the other desktop. This is very helpful when a user needs to duplicate a problem for you. I especially like the chat feature.
Figure 4
The session is secure and the end user can customize how much bandwidth to use under settings as shown in Figure 5.
The administrator can also take control, with the user’s permission which is terrific for fixing the problem or even providing a little mentoring. At all times the user is in control and can terminate at any time, and even pause screen sharing. But let me point out a few features you may not be aware of. Unfortunately, one feature I liked from earlier versions is now gone in Windows 7. You can no longer transfer files with this tool.
First, the computer must be configured to accept remote assistance requests. Open the Remote tab in Advanced System Properties to enable. In Windows 7 you can also configure the invitation lifetime and even if you want to allow remote control.
Figure 6
Using Easy Connect
One potential obstacle to using Remote Assistance is that the end user needs to initiate it and generate an invitation which then must be transmitted to the help desk. Sometimes this is a lot to ask. Windows 7 introduces a new feature called Easy Connect. After the user starts the invitation process they can use the Easy Connect option as shown in Figure 7.
Figure 7
A password is still generated which is provided to the help desk who also uses Easy Connect. But before you get too excited let me warn you this is not as easy as it appears.
Easy Connect uses peer to peer networking and Universal Plug and Play (UPnP). This might require firewall and service configuration changes. It requires routers that support the peer name resolution protocol. And both computers must be running Windows 7.It’s still the same Remote Assistance client. Easy Connect is simply supposed to, as the name suggests, make the connection process easier.
Offering Assistance
Another approach is to configure your computers via Group Policy to offer remote assistance. The setting is under Computer Configuration\Administrative Templates\System\Remote Assistance.
Figure 8
You’ll also use this setting to specify which domain users and groups can offer assistance. While you are at, I encourage you to configure a few of the other settings to enable Remote Assistance, configure the invitation lifetime and bandwidth optimization
Once configured, you can type Troubleshooting in the Start Menu and then select Get Help from a Friend. You should then see Figure 9.
Figure 9
Click the Offer Remote Assistance link. On the next screen, since we’re offering to help click the Advanced Connection link. Enter the computer name or IP address.
The end user must be logged on and at the computer in order to approve the connection.
Figure 11
What’s nice is that there is no burden on the user other than to accept the request. MSRA.EXE
This can actually be even easier on your part. Instead of navigating through the wizard, use the MSRA.EXE command. In the Run dialog box type:
msra /offerra CLIENT2
This will launch Remote Assistance on CLIENT2 and prompt the user to allow the connection. MSRA.EXE has a number of command line options to help speed this along. To see all the options, run:
msra /?
As handy and useful as Microsoft’s Remote Assistance tool is, it is far from perfect. Fortunately, there are a number of 3rd party solutions you might want to investigate.
PowerShell Remoting
Today we have another tool in our utility belt called Windows PowerShell. And while this isn’t the same as a rich Remote Assistance session, if you know what you are looking for you can be extremely efficient. Plus since we’re using a console, performance is ideal for limited bandwidth situations. Since I’m assuming you are helping out from a Windows 7 desktop, which means PowerShell 2.0. But that doesn’t necessarily mean that you need PowerShell 2.0 or even 1.0 installed on your remote computers. Let me show you.
Using Cmdlets
When we talk about “remoting”, as we have in this article, it can really mean two things. First, we can view and/or configure from our desktop to another. The command processing takes place locally but uses a remote endpoint. For example, when using the SC.EXE command line utility, SC.EXE is running locally but you are configuring services remotely. The other approach is where commands are initiated on the remote machine. Think telnet or ssh. PowerShell offers ways to do both.
The easiest remoting approach is to look for cmdlets that have the –Computername parameter. PS C:\> get-help * -Parameter computername
These cmdlets do not rely on PowerShell’s remoting protocols, nor do you even need PowerShell installed
remotely. If you can remotely manage the computer using the Computer Management console then these cmdlets should work for you. Here’s an example:
PS C:\> get-service browser -ComputerName Quark Status Name DisplayName
--- ---- --- Running browser Computer Browser
From my desktop I queried the service configuration database on Quark for the Browser service. Unfortunately the Stop-Service cmdlet doesn’t support –Computername. But we can still manage this with WMI and the Invoke-WMIMethod cmdlet.
PS C:\> InvokeWmiMethod Path "win32_service.name='browser'" name StopService -computername Quark __GENUS : 2 __CLASS : __PARAMETERS __SUPERCLASS : __DYNASTY : __PARAMETERS __RELPATH : __PROPERTY_COUNT : 1 __DERIVATION : {} __SERVER : __NAMESPACE : __PATH : ReturnValue : 0
PS C:\> InvokeWmiMethod Path "win32_service.name='browser'" name StartService -computername Quark __GENUS : 2 __CLASS : __PARAMETERS __SUPERCLASS : __DYNASTY : __PARAMETERS __RELPATH : __PROPERTY_COUNT : 1 __DERIVATION : {} __SERVER : __NAMESPACE : __PATH : ReturnValue : 0
Or perhaps the user is complaining of the system running slowly so you want to see what processes are using the most memory.
PS C:\> getprocess ComputerName Quark | Sort Workingset Descending | Select -first 10
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName --- --- --- --- --- --- -- --- 480 16 47872 51468 133 1192 svchost 403 20 22288 44092 313 3160 POWERPNT 732 23 22112 39604 184 2456 explorer 198 9 14256 30920 118 1016 VirtualBox 135 7 34692 29528 98 2408 dwm 330 15 14756 28388 273 3560 EXCEL 1379 48 17672 27528 176 1228 svchost 320 17 61484 26776 133 2260 svchost 294 17 19780 22496 141 2900 cfp 230 7 7832 16000 84 1400 RtHDVCpl
Or perhaps you want to delve into the event log to examine the most recent errors. I’ll omit the output because the command itself is what is important.
PS C:\> get-eventlog -LogName System -EntryType error -ComputerName quark -Newest 10
Using WinRM
The other approach is to establish a remote session where your commands execute on the remote computer. PowerShell 2.0 includes this feature which you can think of as ssh for PowerShell. This feature requires that WinRM be installed and configured on your machine and the remote machine. This means PowerShell 2.0 must be
WinRM Quick Configuration
Running command "Set-WSManQuickConfig" to enable this machine for remote management through WinRM service.
This includes:
1. Starting or restarting (if already started) the WinRM service 2. Setting the WinRM service type to auto start
3. Creating a listener to accept requests on any IP address
4. Enabling firewall exception for WS-Management traffic (for http only). Do you want to continue?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Or use Group Policy. Configure WinRM settings under Computer Configuration – Policies – Administrative Templates – Windows Components – Windows Remote Management (WinRM).\WinRM Service and enable the “Allow automatic configuration of listeners” setting. You’ll also need to create an advanced firewall setting using the predefined Windows Remote Management rule to allow traffic on port 5985.
Only users with local administrator credentials should be able to remotely connect. PowerShell offers a number of cmdlets that take advantage of this connection. To use a telnet-like tool, run Enter-PSSession:
PS C:\> enter-pssession –computername quark
[quark]: PS C:\Users\Jeff\Documents> $env:username Jeff
Notice the prompt changed? I am no running a session on Quark with the account Jeff, the same account I’m running locally. The interactive user has no indication that I’m logged on except for a new process. The downside is that I can’t interact with the logged on user but I can run commands just as if I were logged on interactively. For example, now I can easily restart services.
[quark]: PS C:\Users\Jeff\Documents> get-service browser | Restart-Service I can take advantage of the registry PSDrive and see what is configured to run automatically.
[quark]: PS C:\Users\Jeff\Documents> get-itemproperty HKLM:\software\microsoft\windows\CurrentVersion\Run PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_… PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_… PSChildName : Run PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\Registry
IAAnotif : C:\Program Files\Intel\Intel Matrix Storage Man… TpShocks : C:\Windows\system32\TpShocks.exe
RtHDVCpl : C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe… RtHDVBg : C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe … EnergyUtility : C:\Program Files\Lenovo\Energy Management\utili… Energy Management : C:\Program Files\Lenovo\Energy Management\Energ… IgfxTray : C:\Windows\system32\igfxtray.exe
HotKeysCmds : C:\Windows\system32\hkcmd.exe Persistence : C:\Windows\system32\igfxpers.exe
SynTPEnh : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe QuickTime Task : "C:\Program Files\QuickTime\QTTask.exe" –atboo… COMODO Internet Security : "C:\Program Files\COMODO\COMODO Internet Securi… HP Software Update : C:\Program Files\HP\HP Software Update\HPWuSchd… (default) :
[quark]: PS C:\Users\Jeff\Documents> dir \users recurse | measureobject -Property Length -sum
Count : 6374 Average : Sum : 1806358238 Maximum : Minimum : Property : Length
[quark]: PS C:\Users\Jeff\Documents> exit-pssession
This command is processed on Quark. The only thing that comes back across the network to my machine are the results I see on the screen. Use Exit-PSSession to quit.
There’s much more to remoting than I can cover here so I encourage you to take a few minutes to read About_Remoting in PowerShell help.
I certainly hope that the only time you have to hike to fix a problem is for a networking issue or hardware
replacement. I strongly encourage you to work smartly and efficiently by leveraging the available tools to remotely reach out and help someone.
