Remote Access

[longside1]

Hi guys, this is my first post so go easy on me!

My parents have just purchased a brand spanking new pc with a broadband connection but unfortunately they know even less about pcs than me!

As a result I thought it would be a good idea to use the remote access function of windows xp to access their pc and help them out when they hit problems.

The problem is I dont know how to set this up. Could someone please tell me how to do this.

Thanks!!

[graysky]

Don't use the native remotes feature in windows -- neither is very secure (no encryption so plain text passwords, no public/private key validation, etc.). You can however, setup and use TightVNC (freeware remote access util) with another freeware util called stunnel and openssl that will secure everything with SSH encryption. Read the guide here.

On the down side, the VNC connections are slower than the built in MS ones -- even on high bandwidth pipes. Just another example of how the tight-lipped m$ policy helps squelch open source alternatives (keeping code and programmer hooks secret) when it comes to windows. It's not that bad, but you can notice a speed different (rendering rate mostly) if you compare the two head-to-head.

Another reason I like TightVNC is that, you cannot [to my knowledge] easily transfer files to/from the remote and host PCs with the out-of-the-box m$ stuff; TightVNC has a nice little feature that allows this. The other reason I like Tight VNC is that your parents will be able to see what you're doing (mouse movements, menu access, etc.) so you can walk them through problems and they can learn [hopefully] from what you're showing them. My experience with the built-in remote feature is that once you log in, the host PC only displays the logon screen, so people watching the host's monitor cannot see anything. There's probably a setting to change this, but I don't care since the m$ stuff is far too insecure

[Marsden]

For the record... Remote Desktop or RDC is secure out of the box! RDC is an encrypted UDP channel. Nothing is sent in clear text. All the other "VNC" flavors are NOT secure out of the box! You have to add security to make them secure.

graysky does not have a clue about MS remote features.

From the TightVNC website:

How secure is TightVNC?

Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.

In the mean time, if you need real security, we recommend installing Open-SSH, and using SSH tunneling for all TightVNC connections from untrusted networks.

Source

If you want to interact with the folks on the other end while you take control of their desktop then you want to use Remote Assistance. RA allows both parties to "chat" while the remote party has control of the remote computer session. The remote party can SEE everything you do when in control of the remote machine.

Remote Assistance uses the same encrypted UDP channel for communications between the local and remote machines.

If you are behind any kind of firewall you will need to open up port 3389 on both ends of the connection.

[Ge0ph]

BTW, Remote Desktop IS encrypted and it is the defacto of the corprate world.

You CAN map the drives and printers with Remote Desktop making transfering files and useing printers very easy.

If you are useing XP home then your only "Out of the Box" choice is Remote Assistance. I haven't used it so I don't know if it is encrypted or can share drives. If you have XP Pro then you have Remote Desktop that does encrypt the connection and you can share drives and printers.

To set it up just:

Right click on "My Computer"

Choose Properties

Click on the "Remote" tab

Check the "Enable Remote Desktop on this computer" box

That's it for that computer.

Now if you have a router on that connection (and you should) you will need to forward port 3389 to that computer.

Now at your end:

Click on "Start > accesories > comunications > remote desktop connection"

Type in the IP of the remote computer and choose whatever other options you may want.

Click on "Connect"

Any flavor of VNC is only better if the host operating system does not support a remote desktop connection. You can get a Remote Desktop client for just about any OS.

[graysky]

For the record... Remote Desktop or RDC is secure out of the box! RDC is an encrypted UDP channel. Nothing is sent in clear text. All the other "VNC" flavors are NOT secure out of the box! You have to add security to make them secure.

Interesting, I stand corrected. My understanding was that the system XP uses was plain text and insecure. Do you know what encryption protocol is used? It can't be a public/private system. I think security features need to be some how "non-transparent" features so users are aware of them.

Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.

In the mean time, if you need real security, we recommend installing Open-SSH, and using SSH tunneling for all TightVNC connections from untrusted networks.

Yeah, the reference in my post teaches how to setup stunnel, openssl, and VNC to be secure.

BTW, if you like the faster m$ remote utils, you can use stunnel to wrap its traffic in ssl if you want. I've never used RA myself, but if you setup your parent's PC with VNC and stunnel both as services, you can get into their box at will without their intervention. Maybe this can be archived with RA, I do not know.

Judging by their poor track record, I don't trust m$ to secure my connections. I still like and recommend the stunnel/VNC solution.

[Marsden]

Triggers: A user or administrator establishes contact with the expert by sending an invitation through e-mail, instant messaging, or by saving an invitation as a file and transferring it manually, such as on a floppy disk, to the expert. Or, an expert offers unsolicited assistance to a user.

User notification: The expert is asked through e-mail or instant messaging to provide help to the novice. A connection is not made unless the expert accepts the invitation or opens the ticket. When users are offered unsolicited assistance, they as the novice have to click Yes to start a connection.

Logging: Events such as a person initiating a connection or a user or administrator accepting or rejecting an invitation are recorded in the event logs.

Encryption: The RDP (Remote Desktop Protocol) encryption algorithm for the main Remote Assistance communication and the RTC (Real-Time Communication) encryption algorithm for voice are used. The RDP encryption algorithm is RC4 128-bit.

Access: No information is stored at Microsoft.

Transmission protocol and port: The port is 3389 and the transmission protocols are RDP and RTC.

Ability to disable: Yes, using Group Policy, and locally through Control Panel.

Firewall protection: Any firewall that blocks port 3389 should not allow a connection to users outside the firewall. This does not prevent users from within the network protected by the firewall from connecting to each other. If you close port 3389, you will block all Remote Desktop and Terminal Services events through it as well. If you want to allow these services but want to limit Remote Assistance requests, use Group Policy. If the port is opened only for outbound traffic, a user can request Remote Assistance by using Windows Messenger.

[arvindK]

I tried out the the RDC like Ge0ph suggested, Step-by-Step. My setup is, my pc has WinXPproSP2 and the other (my brother's pc) Win98se. From the Win98 pc I'm getting total access to the WinXp sys. But the same doesn't work the other way.

So does the RDC work only one way or is there a work around to this ? Also taking the dynamic IP thing into consideration, you would need someone to tell you the client's IP, is there a way around for this too?

[un4given1]

Windows 98 does not have Remote Desktop. While you may run the client piece to connect to a Windows XP PC, you can not use Remote Desktop to connect to a Windows 98 PC. Sorry...

[Martin Zugec]

Only XP, servers (TS) and Longhorn If you want to manage 9x stations, you must use 3rd party tools

[arvindK]

Thanks for the input's soulin & un4given1 .

is there any freeware 3rd party software that you could suggest.

[Ge0ph]

For the 98 box you will want to use VNC like graysky suggested. Or if the 98 box has enough horse power to run XP, put XP on that box.

[graysky]

Triggers: A user or administrator establishes contact with the expert by sending an invitation through e-mail,...

<snip>

I goggled a bit for the same info you found here... can you cite a source URL?

Thanks!

[Marsden]

http://www.technet.com

Do a search there...

[lindagilbert]

You can use some Remote Access Solutions to access your parents computer..

Try this product:

RemotePC

http://www.remotepc.com

You can easily access your Parents computer through Internet using this product "RemotePC".... It can also display screens of your parents computer, You can also Control the PC with your own mouse and keyboard. You can do anthing from accessing / transfering data.. run applications and all. It will be like you are working on your parents system itself.

You can even shutdown or reboot the PC....