Remote Management Lesson

Lesson Objectives: After completing this lesson, you will be able to:

 Describe Remote Desktop in Windows 10.

 Enable and use Remote Assistance including Easy Connect.
 Describe Azure Remote Desktop Services.

Remote Desktop Overview

 Remote Desktop Connection is a useful Windows feature that allows you to access a different PC on
your network, or on the Internet, from your own PC.
 This feature requires that both computers are powered on and connected to Internet.
 If those conditions are met you can use your PC to fix problems on any other PC remotely.
 This feature will enable you to get full access to all files that are stored on that PC, and you will see
the live desktop.

How to use Remote Desktop

 Use Remote Desktop on your Windows 10 PC or on your Windows, Android, or iOS device to
connect to a PC from afar.
1. First, you will need to set up the remote PC to allow remote connections.
2. On the remote PC, open Settings (Gear-shaped Settings icon) and
3. select System > About.
4. Note the PC name, you will need this later. Then, under Related settings,
5. select System info.
6. In the left pane of the System window, select Advanced system settings.
7. On the Remote tab of the System Properties dialog box, under Remote Desktop, select Allow
remote connections to this computer, and then select OK.
8. Next, in Settings (Gear-shaped Settings icon), select System > Power & sleep and check to make
sure Sleep is set to Never.
 On the device you wish to connect from, do one of the following:
 On your local Windows 10 PC:
 In the search box on the taskbar,
 type Remote Desktop Connection, and then
 select Remote Desktop Connection.
 In Remote Desktop Connection, type the full name of the remote PC, and select Connect.
 On your Windows, Android, or iOS device:
 Open the Remote Desktop app (available for free from the Windows Store, Google Play, or the Mac
App Store), and add your remote PC.
 Select the remote PC, and then wait for the connection to complete.

Using Remote Desktop with Azure AD-joined devices

 If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no
additional configuration is needed.
 To allow additional users to connect to the PC, you must allow remote connections for the local
Authenticated Users group.
 Specific Azure AD users can be added with the following PowerShell cmdlet:
 net localgroup "Remote Desktop Users" /add "AzureAD\\the-UPN-attribute-of-your-user"
 You can also add other Azure AD users to the Administrators group on a device and restrict remote
credentials to Administrators.

Using Remote Assistance

 With remote management tools and technologies, a network administrator can access a computer
on the network, take control of it, and perform tasks on it, without having to be physically in front of
the computer.
 This saves both time and money by reducing the number of trips required to service problematic
computers.
 Users can also remotely access their own computers for working at them while not physically sitting
in front of them.
 Remote Assistance is a bundled service with Windows 10.
 It enables a technician to take control of a computer to troubleshoot and perform maintenance
tasks without having to physically travel to the problematic machine.
 This enables the technician to resolve problems without leaving their home or office.
 The end user must be there to authorize this, and the user can end the session at any time.
 This technology is generally used only to troubleshoot remote computers and is not used for
telecommuting or accessing files or folders.

Enable or disable remote features

 By default, Remote Assistance connections are enabled for a Windows 10 computer.
 You can make changes to the default from the System Properties dialog box, shown below.
 You can open this dialog box in many ways.
1. Sign-in as Administrator
2. Right-click Start
3. Select System
4. Select Advanced system settings or Remote settings in the left pane
5. Select the Remote tab
6. Select the Allow Remote Assistance connections to this computer check box
7. Verify the Windows firewall is configured correctly
 Check to see that the Windows firewall is not blocking Remote Assistance.
1. Select Start and then select Settings
2. Select Network & Internet
3. Select Windows Firewall
4. Select Allow an app or feature through Windows Firewall
5. Scroll through the list of Allowed apps and features looking for Remote Assistance
6. Verify that Remote Assistance is selected, if not select Change settings
7. Select the select box for Remote Assistance, and select OK

Configure and use Remote Assistance

 To use Remote Assistance, the user must be at the problematic computer.
 A Remote Assistance session must be initiated by that user, and the user must approve the
connection before it can be made.
1. Right-click Start and then select Control Panel
 2. Enter invite in the search box
3. Select Invite someone to connect to your PC and help you, or offer to help someone else. The
Windows Remote Assistance wizard starts.
 Once configured, Windows Remote Assistance can also be access using an Administrative
PowerShell console.
 After you select Invite someone you trust to help you, you have three options:
 Save this invitation as a file
 Use email to send an invitation the user sends the invitation using an email client on the
machine but cannot send it using any form of web-based email
 Use Easy Connect (the easiest option if it is enabled by the help and support team)
o When the user selects Easy Connect, an Easy Connect password appears. The user only
needs to relay that password to the help and support team.
o The "Easy Connect" feature of "Windows Remote Assistance" requires IPv6. It is probably
not installed on your PC... but, even if you installed it on your PC there is a reasonable
chance that IPv6 is not working on your network router. Even if your router and PC both
support IPv6, it is unlikely the PC and router you are trying to remotely reach support IPv6...
and so forth and so on...
 The support technician can then send a connection request, which the user then accepts.
 Both of these items are shown below. Once the connection is made, the “Expert” can ask to control
the computer to resolve the problem, train the user, or perform other tasks
 For security reasons, consider turning this feature off till it is needed.

Quick Assist
 Microsoft Quick Assist is a Windows 10 app that enables two people to share a computer over a
remote connection so that one person can help solve problems on the other person’s computer just
like Remote Assistance.
 In fact, depending on which version of Windows 10 is on a PC may determine whether Quick Assist
or Remote Assistance is installed.
 Select the Start button > Windows Accessories > Quick Assist,
 or select the search box on the taskbar and type Quick Assist,
 and then select Quick Assist in the list of results.

Remote Desktop Services

 Remote Desktop Services is one of the most used services of a System Administrator.

Remote desktops
 Remote Desktop Services (RDS), formerly Terminal Services, provide users with access to a full
remote desktop experience.
 In this scenario, users securely connect to a remote session via their local Remote Desktop
Connection (RDC) client.
 After they authenticate, users are presented with a full desktop just as if they were signed in locally.
 The client machines send keystrokes and mouse movements to the server, and screen images are
delivered back to the client machines.
 Users have access to applications as if the applications are running locally, even though they are
running on a Remote Desktop Session Host (RD Session Host) server.
 Each user establishes his or her own private session that does not affect any other users who are
connected to the same RD Session Host server.
 To access any remote desktop, the user account (or domain global group) of the connecting user
must be added to the Remote Desktop Users group on the computer to which they are connecting.
 By default, this group has no members, and therefore, users cannot make a remote desktop
connection until their account has been added to the local Remote Desktop Users group.
 However, this can be configured during the initial RDS deployment.
 Note: Standard users do not have the right to sign in to domain controllers either locally or
remotely.
 Being added to the Remote Desktop Users group on a domain controller does not change this.
 A standard user still needs to be given the right to sign in to a domain controller and must be added
to the Remote Desktop Users group to connect to a domain controller remotely.
 Installing the RD Session Host role on a server automatically enables remote desktop connections to
the local computer and adds users who have been granted access to the local Remote Desktop
Users group.
 If you do not install the RD Session Host role, you can still enable remote desktop access to any
Windows-based operating system by modifying the system properties to allow remote connections.
 Connecting this way is limited to Administrators by default, and only two concurrent connections
are allowed.
 You can allow remote connections and select the users who can connect remotely by using the
System Properties item in Control Panel.
 Remote desktops are well-suited for single-task workers, such as point-of-sale terminals or data-
entry workers.
 In such scenarios, it is important to provide a consistent desktop experience for all workers.
 Remote desktops also perform well over limited bandwidth, making this a suitable solution for
branch offices where information technology (IT) support might be limited.
 Remote desktops are typically employed with thin clients.
 Another common use for remote desktops is to enable users to access their organizational desktop.
 For example, users can work from home by connecting to their workstations.

Remote desktops in Azure

 Using RDS in Azure enables access to the desktop of virtual machines running in Azure, similar to
accessing a local system.
 A Remote Desktop connection can be used to troubleshoot and diagnose problems with an
application while it is running.
 One way to enable a Remote Desktop connection in your VM is during development by including the
Remote Desktop modules in your service definition or you can choose to enable Remote Desktop
through the Remote Desktop Extension.
 The preferred approach is to use the Remote Desktop extension as you can enable Remote Desktop
even after the application is deployed without having to redeploy your application.

Remote Commands in Windows PowerShell

 The Windows PowerShell remoting features are supported by the WS-Management protocol and
the Windows Remote Management (WinRM) service that implements WS-Management in
Windows. Computers running Windows 7 and later include WinRM 2.0 or later.
You can verify the availability of WinRM and configure a PowerShell for remoting by following these
steps:

1. Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut

and selecting Run As Administrator.
2. The WinRM service is configured for manual startup by default.
3. You must change the startup type to Automatic and start the service on each computer you want to
work with.
4. At the PowerShell prompt, you can verify that the WinRM service is running using the following
command: get-service winrm
5. The value of the Status property in the output should be “Running”.
6. To configure Windows PowerShell for remoting, type the following command: Enable-PSRemoting –
force
 In many cases, you will be able to work with remote computers in other domains.
 However, if the remote computer is not in a trusted domain, the remote computer might not be
able to authenticate your credentials.
 To enable authentication, you need to add the remote computer to the list of trusted hosts for the
local computer in WinRM.
 To do so, type:

winrm s winrm/config/client '\@{TrustedHosts="RemoteComputer"}'

 Here, RemoteComputer should be the name of the remote computer, such as:

winrm s winrm/config/client '\@{TrustedHosts="CorpServer56"}'

 When you are working with computers in workgroups or homegroups, you must either use HTTPS as
the transport or add the remote machine to the TrustedHosts configuration settings.
 If you cannot connect to a remote host, verify that the service on the remote host is running and is
accepting requests by running the following command on the remote host:

winrm quickconfig

 This command analyzes and configures the WinRM service.

 To use Windows PowerShell remoting features,
 you must start Windows PowerShell as an administrator by right-clicking the Windows PowerShell
shortcut and selecting Run As Administrator.

When starting PowerShell from another program, such as the command prompt (cmd.exe), you must
start that program as an administrator