REMOTE CONTROL PART 1
Some time ago, a customer asked us if we could incorporate remote control functionality into AdminPlus, so that their servicedesk could take over end user desktops with the same interface they use to, well, do a lot of other stuff.
We know by now that if one customer makes such a request, many dozens of others would welcome that functionality. So, we went to work.
After a month or so we had the most basic functionality up and running on windows XP and win2k3. We could take over other XP and win2k3 machines, and we thought, wow, this is great!! Now, when an end user calls the servicedesk and screams: “I have a problem, and I want you to fix it nownownow!”, the servicedesk employee can first find the end user’s computer with the Find Current User functionality, and then he or she can take over the remote desktop and fix the problem in a heartbeat.
So, thrilled, because it is somehow always magical to take over a remote computer and play around with it, we tried to take over the computer of a colleague, secretly, just to check if he was admiring the same, um, ladies he always is. The Remote Control service installed beautifully on his computer, the session started, and then… a black session screen. No ladies. No nothing.
We know, of course, that XP has mostly been replaced by windows 7 in most organizations. It is in ours. But for basic testing, we always start on XP and work our way up.
We stared at that black session screen for ten seconds, then did what most people do. We concluded that something must have gone wrong somewhere, deinstalled the Remote Control service, checked if we could get through the remote firewall, picked other ports just to be safe, and tried to set up another session. The service installed just fine, the session started, but again… a black session screen.
“Wait a minute,” one of us said, “he’s working on a win 7 machine, right?”
“Damn, null session isolation,” another hissed.
This was the moment when I replied ignorantly: “No, that’s a unix thingie.”
Alas. From vista upwards, null session isolation is also a windows thingie. On windows 7 you can no longer interact with the desktop session from a service.
Back to the drawing board, and I must say, it took us relatively long to come up with a satisfying solution, well, with what we think is probably the only solution. Following Microsoft’s best practices, we now install the remote control service, and then, on session start, this service starts a separate process that handles Remote Control session traffic.
Okay, we thought, now we are platform independent, we’re getting somewhere. But our problems we’re far from over…
- ACTIVE DIRECTORY TASK DELEGATION TO END USERS
Today I’m going to talk a little more on Active...
- Domain Local, Global And Universal Groups
We’ve had quite a few questions about the difference...
- Access Token Overview
Today I want to talk a little about access tokens,...
- Remove a member from a number of groups in a single action
This is often the way things go: one of our developers...
- How to delegate Active Directory tasks for IT defense safely?
DYNAMIC INTERFACING or ANOTHER WAY OF TASK DELEGATION...