Skip to main content

How-to gain access of a remote computer using built-in Windows Remote Assistance application?

Enable remote computers to accept the incoming remote connection with Netwrix Endpoint Policy Manager (formerly PolicyPak)'s pre-configured PAK for Microsoft Remote Settings.

Setting up a GPO to allow remote assistance using Endpoint Policy Application Manager.

In these steps, we will show steps for IT Administrators so they can Enable Remote Assistance for end-users computers.

Step 1 – Launch Group Policy Management Console.

Step 2 – Right-click on a required OU and Create a new GPO.

686_1_image-20200330200931-1

Step 3 – Give the GPO a descriptive Name then click the OK button.

686_3_image-20200330200932-2

Step 4 – Right-click on the new GPO you just created, and select Edit option.

686_5_image-20200330200932-3

Step 5 – Expand the Endpoint Policy Manager node under Computer Configuration and select the pre-configured PAK named "Endpoint Policy Manager for Microsoft Windows 7 and Later for System Properties"

686_7_image-20200330200932-4

Step 6 – Right-click on the PAK entry and select the Properties option.

686_9_image-20200330200932-5

Step 7 – Select the Remote tab, and select the checkbox "Allow Remote Assistance connections to this computer" and then click the OK button.

note

Make sure that the selection is underlined as shown in the screenshot.

686_11_image-20200330200932-6

Step 8 – Lastly, run GPUPDATE on end-users computers to apply the policy immediately, or wait for the policy to apply during the normal group policy refresh interval.

Additional Recommendations: Use Endpoint Policy Manager Scripts Manager and create two additional computer side policy items.

Step 1 – Set Firewall to Allow Remote Assistance:

Using Endpoint Policy Manager Scripts Manager you can execute the following script to open a Firewall for incoming remote assistance connections.

  • netsh advfirewall firewall set rule group="remote assistance" new enable=Yes

Step 2 – Proactively address possible issue with MSRA.EXE and PPAppLockdr64.dll:

686_13_image-20201016161058-2

Using Endpoint Policy Manager Scripts Manager you can execute the following script to configure custom Exploit Protection settings for Microsoft Remote Assistance (MSRA.EXE).

Set-ProcessMitigation -Name msra.exe -Enable DisableExtensionPoints

You can create two separate policy items:

686_14_image-20201016162349-4

Or you can combine both policies in one if you prefer:

686_15_image-20201016162040-3

For more information on Endpoint Policy Manager Scripts Manager please consult the below reference articles.

Reference Article