Remote Desktop and Remote Assistance are both available on Windows XP and Windows Server 2003 and use the same underlying technology, but there are differences between these features. Remote Desktop allows you to have access to a Windows session that is running on one computer when you are at another computer. It is similar to Terminal Services running in remote administration mode in Windows 2000 Server. It is useful for users who want to work from home and administrators who need to access a computer in another location. Remote Assistance allows a helper to provide assistance to a user. The helper sees the computer screen and communicates through a chat box. If the user gives permission, the helper can remotely control the computer to resolve a problem. Unlike Remote Desktop Connection, a user must always be present to grant remote control to the helper.

SMS Remote Control allows an SMS administrator to take control of an SMS client. SMS 2.0 and later allow the administrator to configure whether or not a user must be at the remote computer to grant permission.

It is strongly recommended that you use the Windows Remote Assistance and Remote Desktop Connection features of Windows XP and Windows Server 2003 instead of SMS Remote Control on computers running those operating systems. Windows Remote Assistance and Remote Desktop Connection are more secure technologies and are built-in features of the operating system. Select the option Do not install Remote Control components for Advanced Clients running Windows XP, Windows Server 2003, or later to prevent Remote Control from being installed on computers running those platforms.

For more information about be using Windows Remote Assistance, Remote Desktop Connection, or SMS Remote Control, see Chapter 3, "Understanding SMS Features," in the Microsoft Systems Management Server 2003 Concepts, Planning, and Deployment Guide.

You cannot. Permission Required is a security feature of Remote Assistance itself. SMS can control settings that allow an SMS Administrator console to connect to a client instead of requiring the user to request, but it cannot modify the requirement for the user to authorize the remote assistance session itself.

For more information about configuring remote tools client agent properties, see Chapter 9, "Remote Tools," in the Microsoft Systems Management Server 2003 Operations Guide.

Remote assistance sessions initiated from the SMS Administrator console to a computer running Windows XP SP 2 will fail, although remote assistance sessions requested by the Windows XP client will succeed. To enable Remote Assistance to be initiated from the SMS Administrator console, add both the custom program helpsvc.exe and the custom port TCP 135 to the list of permitted programs and services in Windows Firewall on the Windows XP client. Also, Windows Firewall must be configured to permit Remote Assistance and Remote Desktop. If a user initiates a request for Remote Assistance from that computer, Windows Firewall will automatically be configured to permit Remote Assistance and Remote Desktop.

SMS clients running Windows XP SP2 cannot be remotely managed by using SMS Remote Tools because of the secure default Windows Firewall configuration on the client. The recommended best practice is to use Remote Assistance instead of Remote Tools on client computers that support it. To enable SMS Remote Tools, add the following port for each necessary remote tool

For more information about ports used by SMS remote control, see article 256884 in the Microsoft Knowledge Base

For information about how to configure Windows Firewall on Windows XP SP 2, search for "Windows Firewall" in Help and Support Center.

First posted November 11, 2003
Updated December 12, 2003
Updated January 21, 2004
Updated March 31, 2004