You cannot offer remote assistance to a user whose computer is running Windows XP Service Pack 2 (884910)

RESOLUTION

To resolve this problem on a computer that is a member of a domain, follow these steps:

1. Create a security group in your domain to contain the remote assistance helper's user accounts. For example, create a group that is named Remote Assistance Helpers.
2. Modify the Group Policy where you enabled the DCOM security-related policies, and then add the Remote Assistance Helpers group with both local and remote access permissions. To do this, follow these steps:
   1. Open the Group Policy object. To do this on the local Windows computer, click Start, click Run, type gpedit.msc, and then click OK.
   2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
   3. Double-click DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax if this policy is enabled.
   4. Click Edit Security, and then click Add.
   5. Click Locations, click your domain, and then click OK.
   6. Type Remote Assistance Helpers, click Check Names, and then click OK.
   7. Click to select the Remote Access check box in the Allow column, and then click OK.
   8. Click Apply, and then click OK.
   9. Double-click DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax if this policy is enabled.
   10. Follow steps d through f to add the Remote Assistance Helpers security group to this policy.
   11. Click to select all the check boxes in the Allow column, and then click OK.
   12. Click Apply, and then click OK.
   13. Close the Group Policy Object Editor snap-in.
3. Add the domain group to the helpers list in the Offer Remote Assistance Group Group Policy if it is not already added. To do this, follow these steps:
   1. On the Windows XP client computer, click Start, click Run, type gpedit.msc, and then click OK.
   2. Expand Computer Configuration, expand Administrative Templates, expand System, click Remote Assistance, and then double-click Offer Remote Assistance.
   3. Click Show, click Add, type domainname\Remote Assistance Helpers, and then click OK.
   4. Click OK, click Apply, and then click OK.

To resolve this problem on a computer that is not a member of a domain, use the following methods.

Allow Remote Assistance support

To fully enable both Solicited Remote Assistance and Offer-based Remote Assistance connections, you must make the following changes to Group Policy settings. In Solicited Remote Assistance, an invitation is sent from the novice computer. You must perform the following changes on a computer that is running Windows XP with Service Pack 2 or Windows XP 64-bit with Service Pack 1.

Allow Solicited Remote Assistance

If the Allow local program exceptions Windows firewall setting is set to Not Configured (default) or Enabled, no additional configuration is necessary.

If the Allow local program exceptions Windows firewall setting is set to Disabled, or if you have already enabled the Define program exceptions Windows firewall setting, you must add the following program exceptions:

• %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
• %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance

Note For computers that are running Windows Server 2003 with Service Pack 1, do not add the exception for Sessmgr.exe. Instead, enable the Windows Firewall: Allow Remote Desktop Exception setting.

Enable Offer-based Remote Assistance

Add the following entry to the Windows Firewall: Define port exceptions setting:Add the following entries to the Windows Firewall: Define program exceptions setting:

• %Windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance
• %Windir%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
• %Windir%\System2\Sessmgr.exe:*:Enabled:Remote Assistance

For more information about adding entries to the Windows Firewall settings, click the following article number to view the article in the Microsoft Knowledge Base: Note When you open TCP port 135, you also allow remote procedure call (RPC) traffic.