September 28, 2004
Fun with Remote Assistance
Posted by Jess in
Tech Talk
So, it only took me about 50 million trial-and-errors, but finally I got Remote Assistance via email to work successfully between two WinXP users who are both behind routers/firewalls.
Just in case anyone needs it (because once you can get it working, it's REALLY neat, mind-bogglingly useful, and surprisingly fast), here are the required steps.
1. Fat-fingering of some sort occurs.*
*: Now, this isn't *totally* required, of course. You may be the type of person that just enjoys having people come and play with your computer, but for the most part, usually some sort of breakage happens before someone else feels the need to come in and fix it for you.
2. The end-user MUST make sure the following two buttons have check marks next to them:
Right-click My Computer and scroll to Properties.
Click the Remote tab.
Make sure "Allow Remote Assistance Invitations to be sent from this computer" is checked.
Click Advanced.
Make sure "Allow this computer to be controlled remotely" is checked.
3. The end user, if using a router, must set up port forwarding.
The end user must log into their router's web-based administration panel* and enable Port forwarding for the Remote Assistance request:
Port 3389 should be routed to the internal IP address of the end users system, ie. 192.168.x.x.
The end user can perform the following steps to find out what their internal IP address is if they don't know:
Go to Start->Run
At the command prompt, type cmd.
Type ipconfig and hit enter.
Write down what is written on the IP Address line.
*: most router models have online instructions on their respective manufacturer's website as how to login via browser and find the Port Fowarding section. I mean, who keeps instruction manuals after the initial setup? Okay, guilty as charged. But it's still quicker to go online and get it anyway.
4. The end-user must send a Remote Assistance invitation via email.
Go to Start->Help and Support.
Click on Remote Assistance.
Click Invite someone to help you.
Type the Invitee's email address, and click Invite this person.
Send a message if necessary* and click Continue.
Enter a password if necessary, and communicate that password with the invitee.
Click Send Invitation.
The email will pop open in the default email program (such as Lotus Notes), and the end user still needs to hit the Send button.
*: Since you are, in fact, asking someone to help you, it might be nice to take this time to ask them how they are? If they've read any good books lately? Have they done anything fun lately? If they are the geek type like I am, the answer will most likely still be no, but hey, it was nice that someone thought to ask anyway.
5. The Invitee gets the external IP address/hostname from the end-user.
The end user can visit the following sites and easily tell you that information:
http://www.whatsmyipaddress.com
http://www.whatismyhostname.com
6. The Invitee receives the email invitation, and tweaks the contents.
Once the invitee gets the email, save the attachment to the desktop.
Open it with Notepad.
There will be two entries one after another of the end user's internal IP address followed by the port, ie:
<UPLOADDATA USERNAME="Jess" RCTICKET="65538,1,192.168.10.3:3389;192.168.10.3:3389;D40S4F21:3389,*,etc.
The first entry needs to be changed to the external IP address, and the second entry needs to be changed to the hostname of the end user, leaving you with this:
%LTUPLOADDATA USERNAME="Jess" RCTICKET="65538,1,209.67.3.105:3389;my.hostname.isp.com:3389;D40S4F21:3389,*,etc.
7. Save the invitation, and NOW you are ready to click it*.
*If it hasn't expired already from all this preparation.
After that, the Port Forwarding can be disabled/re-enabled as fat-fingering occurs. Or unless you like that sort of thing (see 1).
PS. That site does not belong to me. Don't know what I'm talking about? You'll figure it out eventually.
Permalink
|
TrackBack (0)
Comments
As a security type, I feel obligated to point out that leaving the port forwarding in place (and any associated firewall rules if your firewall/router supports them) is a waiting invitation for some assclown to come along and bang against your computer all day trying to guess your (no doubt extremely complex and un-guessable) Administrator password. So besides turning off the port forward and related firewall rules as soon as you’re done (which I’m sure most people won’t do… especially when it dawns on you that it’s pretty f’n handy to connect to your computer at home from work, etc), there are some other things you can do to make this more secure. Keep in mind you’re now exposing the formerly safe computer to the big bad Internet, so this is the type of thing you want to keep on top of, lest your ISP start calling you informing you that the Guatemalan cock fighting stats page now being served from your once pristine Dell violates their terms of service.
The best thing you can do if possible is specify the addresses allowed to connect to your computer through your firewall. You’ll need a firewall that has some capability to craft security rules, but most have some. So for example, you’d create a rule that only allows your work IP address and Jess’ IP address (assuming you trust her not to hose your machine completely) to connect.
Also you can change the port that Remote Desktop runs on (destructions here: http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B306759). The script kid in Taiwan who’s port scanning the whole of Cox Cable tonight won’t be fooled, but it can’t hurt.
Lastly, you can rename the Administrator account on your computer, but there’s a chance that this could screw up an installed program, so it’s sometimes best to do it on a fresh Windows install. But WTF, give it a try… you can always rename it back if something dies.
Other than that, make your passwords tough to guess (a mix of letters and characters like “asdf033j2wkl323k3k!!!aks%” would be excellent). And VPN is about is secure as it gets so if your so freakin’ cool that the router you bought can be a tunnel end point, turn it on… and good luck with the Indian call center tech support.
Thus spake the Cicso Kid. :-)
