Computer Remote Access Question

I recently learned, from my company’s IS department, that my computer was not installing a required MS Windows patch correctly, and I got a call from the IS department. After some questioning, the IS guy asked me if he could take control of my computer and perform the actions required to install the patch.

“Sure” I said, and a moment later, he was mousing around my computer and installed the patch while I sat there and watched it. I knew that this was possible, but it was astonishing to see in action.

My question is this:
Can I do this to my wife’s computer on a remote basis? I just purchased her a new computer, and we are living apart for the time being (she in GA, me in CA). She’s runs a computer very well, but she isn’t terribly savy about the nuts and bolts of computers. The new computer needs patches and tweaks - not so easy to talk her through over the phone.

I did consider PC Anywhere, but is this necessary? Is this a peer-to-peer situation that absolutely requires PC Anywhere?

BTW, Win XP Home on both boxes, DSL connection for both.

Thanks.

If you’re using XP, it comes out of the box with Remote Assistance, right? (Or does the “home” version lack this?)

Anyway, I strongly recommend Ultr@VNC. I first heard about it from another poster right here, and it’s the best VNC proggy I’ve ever used. And it’s free.

I’ve got it installed as a service on my mum’s computer, so I can download movies and stuff for her, and then say “stick a blank cd in your computer” and in a few minutes she’s got a nice VCD she can watch on her DVD player. Oh yeah, and it makes it easier for me to keep her system free of malware and worms, too.

I have half a dozen friends that have the server installed as a “click to run” sort of deal, so that I can help them out without actually having to slog my way over there. Makes it harder to collect the beer (or tea) that’s the usual quid pro quo, though. :smiley:

Thanks Larry Mudd,

The Help information does give some indication that this is possible via “Remote Assitance”, but gives no indication on how to activate it or what to do.

Glad to help…

If MSRA works for you guys, that’s cool – but I can’t help but say that I’m constitutionally mistrustful of MS security, especially when it comes to an application that gives wide-open access to a computer.

Not that I’ve heard any horror stories, mind – it’s just that I’m one of those self-hating Windows users that eschews all Microsoft applications while sticking to the OS because I’m dependant on Adobe products but don’t like Apple hardware.

So make of my wild-eyed warnings what you will.

Ultr@VNC has lots of great features that MSRA lacks, too. And it’s cross-platform. (Apart from being 99% less evil.) :smiley:

Click it! Click it hard!

Thanks again. And I understand your wild-eyed warnings.

Does this have to be installed on both boxes? Sorry, it’s easier to consult an expert than wade through a manual…

Almost any remote access program will have two separate programs included, a host and a client. The host is the one that needs to be running on the machine you want to connect to, and it may be called the host, server, or some other name depending on the specific program you’re using. The other end, the one that gets installed on the machine you’re connecting from, is usually called the client or remote. Most installations will give you the option to install one or both on any given machine.

I have never used the MS Remote program but Ultra VNC is a great way to do remote access. I have it installed on a few computers owned by my relatives it works really well.

Yup, it has to be on both machines.

It’s pretty painless to set up. The install .exe will install both a server and a viewer.

When you (or rather your wife) run the server for the first time, there’s a prompt to set a password.

On the viewer side, you’ll need to know the ip address of the computer you want to connect to. (Directing someone to www.whatismyip.com makes that no hassle at all.)

I’ve used Microsoft Remote security; it’s pretty well designed. Generally, you e-mail a file to the user who you want to take over your computer. When they try to take over, you need to approve it, and you can abort it at any time. You can also see everything they’re doing. You also can password protect it and have it expire after a set period of time (I believe there is an automatic expiration, too).

This pretty much covers the potential for a major security breach. It’s possible, of course, but it’d be hard for a hacker to get the information, log on pretending to be someon else (when that other person is most likely logging in, too), and make changes with you looking on. Also, since it’s only used for a short period of time, and only to troubleshoot problems, it’s hardly worth a hacker’s time to try to find the problem.

I’ve found it useful to fix problems remotely. Since you’re only using it from time to time, it’s quite convenient.

But, RealityChuck, that assumes that the security actually works as intended, and that the software is being used as intended, which isn’t the best place to start from given Microsoft’s long record of (often ludicrous) vulnerabilities and the demonstrable will of certain folks to exploit any holes they can dig up. (Can you dig up a hole?)

It wasn’t so long ago that Windows “security” could be thwarted simply by submitting requests faster and more frequently than they could be denied. Apart from MS’s security record, we’re talking about a network service designed to allow total control of a computer, which is bundled with the single most ubiquitous operating system on the planet. This is a very attractive prospect for malicious types.

Of course, if someone were to gain access to MSRA through a security exploit, at a time when the user wasn’t looking, they could do anything they wanted to – not just troubleshoot. Configure the computer as an FTP server to host illegal (or just high-bandwidth) material, for instance.

This is why I prefer to use an open source application instead of MS out-of-the-box. It’s a less likely target for hackers, and its open source nature means that any problems with security (or other bugs) are caught early on by the geek community and addressed. Even still, when I run it as a service, I assign ports other than the default ports – that way, if there does turn out to be a vulnerabilty, some jerk randomly port-scanning blocks of ip addresses for weaknesses isn’t going to get a nibble.

Maybe it’s a paranoid Bear Patrol, but I prefer to err on the side of caution – especially when it’s so easy.

What Larry said.

I’ll just nag a little about passwords. Don’t use any personal information, don’t use dictionary words, and don’t write it down! If you feel that you must write it down, put it on a scrap of paper in your wallet, not taped to your monitor!

I sometimes use a l33t-ified version of a variant spelling of an uncommon word, although something random would be better. (I have seen a program that makes random but pronounceable passwords.) The only personal info I use is a combination of the address I grew up at (see old phone books or tax records) with the number of the mailbox we had before there was mail delivery in my home town (which, if it still exists, is on crumbling microfilm in a basement in Ottawa).

I do all my “family tech support” through RealVNC. We also use it throughout our lab (we’re a software company), so anyone can get access to any lab machine from their office or at home (through a vpn of course). I haven’t tried UltraVNC, but I’ve heard good things about it as well.

Also, I don’t believe it was addressed by others, but the built-in Microsoft Remote Access only works on XP Pro. (Although it’s installed on XP Home, which is confusing).

I was rather shocked to read this, especially since I used Remote Assistance to help a co-worker just this morning and we are both on XP home machines, Version 2002, Service Pack 1. It may have something to do with the fact that both machines are Dells as I believe Dell now uses Remote Assistance for support.

Just FWIW.

daffyduck wrote

Funky. We also use alot (over 100) of Dell’s. We couldn’t get it to work in the Home edition of XP so we moved on and used RealVNC. That worked, so we never went back to investigate further. Guess we must not have tried hard enough.

I can’t vouch for XP, but in Window 98/2000, the utility found under Start/programs/Accessories/Communication is called Netmeeting. With an active hotmail account, you can use Netmeeting to take over the other user’s computer, with little to no problem.

I’ve used Netmeeting for YEARS with my parents, aunts, uncles, family friends, study groups, etc. Its tremendously helpful, and allows me to fix their computer problems without having to either (A) drive to their houses, or (B) try and talk them through the simplest of maneuvers.

There’s also an internet site that allows you to do the same thing… but the name escapes me right now. I think there’s a charge, though.

If you have Internet Messenger, and you are both on each others’ buddy list, its a one-click procedure to start a netmeeting.

Hey, people. There’s only one way to do this right.

You get an account from dyndns.org and install an IP updater on the host.
You install a secure shell server on the host and poke a hole in the firewall at port 22.
You install putty on the client and transfer the public key to the authorized keys list of the host.
You disallow connecting with just a password and user name - make 'em use rsa public key authorization.
Run the VNC server as a service on the host so that it is always available.
Set up a Putty session on the client that connects to your dyndns address and does port forwarding for the ports your VNC system uses.
Client can connect to the host any time the host is on line, and there ain’t a snowball’s chance in hell that somebody is going to break in.

SSH server here:
http://sshwindows.sourceforge.net/

Putty here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

Stupid question, but with something like Utr@VNC, how does the client find the server without an IP number? Most/nearly all? home setups have dynamically assigned IP’s, so how does it work?

As **Larry Mudd’s ** third post suggests, direct them to http://www.whatismyip.com and then have them tell you their IP either by IM or on the phone.

Or you could have somebody open a command shell and use the command “ipconfig” to get the IP address.

Even cooler is using dyndns.org and an updater program on the host. Then you can access the host from anywhere without having to look up the address manually.

BTW:
All of this gets real hairy when the host is behind a DSL router rather than a DSL modem. If you’ve got a router, then you’re going to have to tell the router to pass the VNC or SSH port to the proper machine in the LAN.