Using MSN for a Remote Desktop Connection

Posted By: ehuna | Dec 26th, 2005 @ 5:48 PM
page 1 of 1
Comments: 8 | Views: 28053
#Dec 26th, 2005 @ 5:48 PM
ehuna
ehuna
Grand Poo-Bah
Hello,

In MSN Messenger 7.5 there's an option for sharing your desktop with whoever you're chatting with (Actions > Request Remote Assistance).

Unfortunately, firewalls will by default block the port used by Remote Desktop / Terminal Services, making this request pretty useless.

Instead I have used in the past Citrix products which load an ActiveX control on a web page that then connects to a server.  I can then just send the link to my chat buddy, allowing us to completely bypass the firewalls.  I can then help someone across the hall or my aunt in France.

Does anyone at Microsoft know of a MS solution for this issue?  Specifically a system that is not blocked by firewalls - for example by having the clients connect to a central server.  Outgoing connections are generally not blocked.

Also, why not implement something like this in the MSN Messenger platform?
#Dec 26th, 2005 @ 7:45 PM
ai
ai
there is a policy setting/rule filter on MS Firewall - just select the program/port you wish to add as an exception.

RDP is 3389 (port) so open that port on your firewall (if not MS firewall) otherwise select the RDP/Remote assistance program on the MS Firewall!

#Dec 27th, 2005 @ 12:19 AM
ehuna
ehuna
Grand Poo-Bah
Hi Ai,

Thanks for the response.  I know how to configure my firewall to allow RDP connections - there are many good (Microsoft) articles on the subject.

That's not my point.  The point I was trying to make is that whoever needs my technical help and my expertise that they are asking me to control their system is probably not experienced enough to open the necessary hole(s) in their firewall.

If I tell my aunt in Paris to configure her firewall to allow incoming RDP connections on port 3389, she'll just say "Hein?  What is this firewall you talk about?  I don't want to get burned!". 

Of course, once I understand what kind of firewall she might have (MS Firewall?  Norton?  Hardware firewall such as a Linksys rouyter?) I can give her instructions over the phone to properly configure it.  But that's painful and takes a lot of time.

MSN Messenger could easily help us out here by allowing me to use Remove Desktop to control her system if she allows me to do so. 

This is what the Citrix product does so well but you have to spend big $$$ to get it and most people don't have the luxury to be able to set it up.
#Dec 27th, 2005 @ 1:31 AM
blowdart
blowdart
Peek-a-boo
ehuna wrote:


Also, why not implement something like this in the MSN Messenger platform?


Putting my very old network hat on.

I really dispise software that tries to get around firewalls. AIM was the first thing I ever encountered that would look for an open port if you had blocked the specific ones it used. I ended up blocking all connects to the AIM login servers. Then YIM. Then ICQ. Then MSN. Couldn't take admin rights away from the users in question, they needed it to develop (as did I), but company policy prohibited instant messangers.

So please; Microsoft DON'T keep developing software which bypasses firewalls without giving clear instructions to network admins on how to block that software.

Can you imagine the fuss slashdot would make if suddenly MS produced a web page that allowed remote control of a PC and skipped every check that a network admin had put in place?
#Dec 27th, 2005 @ 2:38 PM
Keithfoo
Keithfoo
I have had the same problem in both personal support and in work. The solution I had to this problem was to use UltraVNC

There is a feature called single click that allows you to create a special vnc exe file. This contains just the client verson of VNC and is configured to connect to a IP of your choosing. To use you simply send this customised exe file to the person you are trying to help. When that person runs the exe, it opens the vnc client and connects to your pc. Once you have finished fixing the problem you disconect and the exe file you've sent is automatically deleted.

This is something that we use in work alot and save us a good deal of time. With Dynamic dns I can also remotely help clients even when i'm out of the office.

This is a blog posting here that breaks down the steps in creating the exe file

http://ajaxtricks.blogspot.com/2005/11/put-geeksquad-out-of-business.html
#Dec 28th, 2005 @ 4:20 AM
David7738
David7738
Another anomoly is that the person that is recieving the request must have windows messenger (up to date) and installed on their computer. Msn Messenger just isn't up to snuff for that..

I've had remote assistance requests sit in lala land until I brought up windows messenger .. then it connected without a hitch
#Dec 30th, 2005 @ 1:41 AM
ehuna
ehuna
Grand Poo-Bah
>So please; Microsoft DON'T keep developing software which
>bypasses firewalls without giving clear instructions to network
>admins on how to block that software.

Sure, that's fine - Microsoft should provide network admins the ability to completely block such remote control software.  This can be done through policies, etc...

But don't block Microsoft from implementing features that can be useful for millions of people because of your corporate issues.  Especially since there are products out there that allow me today to control any desktop in your network (e.g. Citrix, UltraVNC with Keithfoo's trick, etc...).  As long as your users explicitly run an app that connects to an external server, I'll be able to remotely control their desktop (unless you block all outgoing traffic - but you might as well unplug their system from the network then; good luck implementing that).

In any case, the user requesting help should clearly be asked whether they allow someone else to remotely control their desktop.

Keithfoo , thanks for the tip on the VNC exe file!   Until Microsoft makes it easy to control my aunt's PC with MSN Messenger bypassing firewalls, I'll try out your trick.

#Dec 30th, 2005 @ 1:47 AM
ehuna
ehuna
Grand Poo-Bah
Update: Keithfoo's UltraVNC trick works!  I just tried it and I was able to control my uncle's desktop on Oregon without problems, even though he has a Linksys Firewall with all incoming ports closed.

That said, this solution only allows me to control my friends/family systems if I'm at home on the desktop where I setup the VNC viewer in listen mode. 

It would be hard (if not impossible) for me to do it from work for example or from an Internet cafe in Mexico.  At work I have no control of the firewall, so there's no way I could forward traffic on port 5500 to my VNC viewer (in listen mode).  In an Internet cafe in Mexico, supposing there's no firewall, I could probably not install VNC.

So if I want to use this solution when I'm not at home, I will connect through remote desktop to the desktop where the VNC viewer is running.  But not everyone has the luxury of doing this.

All of this could easily be avoided if Microsoft implemented the "Remote Desktop Control" feature in MSN Messenger the right way - with both MSN clients connecting to a central server and allowing one to remotely control the other's desktop.

Keithfoo: thanks again!
#Dec 30th, 2005 @ 12:33 PM
ssssstu
ssssstu
Ehuna, RDP over HTTP is a feature being added to Vista and Longhorn server. I know your frustrations on this one as I experience it quite a lot. Ive been waiting for RDP over HTTP since they talked about adding it to Windows Server 2003 R2. Small Business Server 2003 has small glimpses of what this technology in Remote Web Workplace and its pretty nice indeed.
page 1 of 1
Comments: 8 | Views: 28053
Microsoft Communities