Unsolicited Remote Assistance October 4, 2007
Posted by dgrundel in Programming and Scripting.trackback
A few months ago, a gentleman I worked with sent me a link to an interesting article on Lewis Roberts’ blog about offering remote assistance. The article shows Lewis’ method for tweaking a couple files on the client PC that will allow an administrator to connect and control the PC without the user granting permission to do so. Lewis also gave a general outline for a script that could be written to perform the modifications to the client, as well as launch the Remote Assistance (RA) tool on the local PC so that a RA session could be initiated.
I took the ideas Lewis layed out, threw in a few of my own, and came up with a pretty sweet solution. In addition to a script, I created my own custom helpeeaccept.htm, TakeControlMsgs.htm and UnSolicitedRCUI.htm files. Detailed explanation and code are on the next page.
Here’s the basic flow of things:
- A host name is read either from the command line or via input box and is verified (the length of the string must be >0).
- The remote machine is pinged to verify it is available.
- The script attempts to access the C$ administrative share on the remote machine to verify you have permission to do so.
- The script copies my custom helpeeaccept.htm and TakeControlMsgs.htm files to the remote machine in the appropriate locations. (I have copies of the originals that we’ll copy back later.)
- Script reads in my custom UnSolicitedRCUI.htm file into a variable, strText.
- In my custom UnSolicitedRCUI.htm file, I have a line that reads idComputerName.value = “CHANGEME”;. The script now replaces “CHANGEME” with the host name that was given at the beginning of the script.
- This further customized text is now written out to a file on my local machine, replacing my old UnSolicitedRCUI.htm file.
- Now we run the UnSolicitedRCUI.htm we just created, which will automatically connect to the desired machine and open the Remote Assistance session in a new window.
- The script kills the first process we just launched, leaving only the Remote Assistance session open.
- The waiting begins. At this point, the script halts and waits for you to close the RA session it just opened.
- When you’re finished assisting, the script connects to WMI on the remote machine and ensures that any remote assistance windows (chat windows, etc.) are closed. The user never has to click anything, just like VNC.
- Once that’s complete, the script replaces the remote and local files it copied over with unmodified originals.
Instructions for customizing the files and full code for the script are below.
helpeeaccept.htm
- Follow Lewis’ instructions exactly: add a line containing “DoAccept();” around line 158. Lines 156 through 161 should look like the following:
btnAccept.disabled = false; btnDecline.disabled = false; btnDecline.focus(); DoAccept(); //Added this line ; }
TakeControlMsgs.htm
- Again, we make the same change Lewis does: Line 44 should look like this:
<BODY id="idBody" class="sys-inlineform-bgcolor1" onload=InitiateMsg();onClickHandler(0);> //Added ";onClickHandler(0);"
UnSolicitedRCUI.htm
- Finally, something I did!
there are several blocks of code here. The line numbers I mention are from the original file, which means that they’ll be shifted downward if you edit the code from the top down. The first block of added code ends up on lines 46 and 47:
<function onLoad()
{
try
{
g_oSAFRemoteDesktopConnection = oSAFClassFactory.CreateObject_RemoteDesktopConnection();
onConnect(); //Added this line
onContinue(); //Added this line
}
catch(error)
{
- Line 72 gets a new addition:
function onConnect()
{
idComputerName.value = "CHANGEME"; //Added this line
var oUserObj = null;
var oOption = null;
;
try
{
- And finally, lines 250 and 251 are commented out:
fso = new ActiveXObject("Scripting.FileSystemObject");
tempDir = fso.GetSpecialFolder( 2 );
szIncidentFile = tempDir + "\\UnsolicitedRA" + fso.GetTempName();
oInc.GetXML(szIncidentFile);
idCtx.minimized = true;
var oShell = new ActiveXObject("WScript.Shell");
var szRAURL = GetWinDir() + '\\pchealth\\helpctr\\binaries\\helpctr.exe -Mode "hcp://system/Remote Assistance/raura.xml" -url "hcp://system/Remote Assistance/Interaction/Client/RcToolscreen1.htm"' + ' -ExtraArgument "IncidentFile=' + szIncidentFile + '"';
oShell.Run( szRAURL, 1, true );
//fso.DeleteFile( szIncidentFile ); //Commented out
//window.navigate("Unsolicitedrcui.htm"); //Commented out
}
catch(error)
{
RemoteAssist.vbs: The Script
A PDF version of RemoteAssist.vbs is available here: RemoteAssist_vbs.pdf
I am having trouble with a few parts of the script. Can you post your RemoteAssist.vbs file?
Im thinking there has to be a couple of errors with the posting. Such as If Len(strHost) > 0 Then
MsgBox “Error: No host name given.”
WScript.Quit
End If
Doesnt make sence to me. But i would love to get your script working. Thanks!
Nathan,
Wow, I screwed up the code a bit when posting it.
I’ve posted a PDF version of my .vbs for you at the bottom of the post. Some of the code gets pushed down to the next line in the PDF, so watch out for funny line breaks. Other than that, it should be fine. Sorry for the screwy code in the first place!
could you also post the UnSolicitedRCUI.htm as pdf as well? my browser is having a hard time making it viewable. Thanks!
better yet. Is there anyway to get this to work with a solicited request? I have everything that you have ready to go accept for the UnSolicitedRCUI.htm. But i was wondering if it where possible to call the RemoteAssist_vbs from the solicited request so that i can recieve the request and then not have to have there interaction at there desk for me to remote assist. Would this be possible? Thanks again for the help!
I’m sure it is possible, but to be honest I’m not sure exactly how. If you look at the code in UnSolicitedRCUI.htm, you can see that what’s really happening is that a request is being generated locally on behalf of the remote machine and stored in a temporary location, then opened in HelpCtr. (At least, if memory serves.) You should be able to just open a request that you already have rather than generating one, but I haven’t tried it. I’ll post my UnSolicitedRCUI.htm tomorrow when I get to the office, just in case.
I’ve modifed this script slightly, and if you’d like to check it out, you can do so here: http://www.vbshf.com/vbshf/forum/forums/thread-view.asp?tid=323
Mainly, I’ve tweaked the script a little so it doesn’t assume that Windows is installed on the C: drive of either computer. Also, I’ve added two variables that allow you to tweak where the original and custom htm files are stored.
I’ve included the entire set of files as a zip download (at the link above).
I’ll probably work on it a bit more as I have time…big thanks to DGrundel on this…!
ah – there it is… *sheepish grin* – refreshing cache is your friend.
Hmmm… I posted a comment here yesterday regarding a modified version of this script, but it is gone…?
Is there a way to do this and make it work behind a linksys router? I get access denied both when I try to do this outside (or through) the router and on the LAN?
@BoNiFa – I’m sure you could by opening up the right ports on your router, but you’d be seriously compromising the security of your network. This little system was really created for a corporate network environment, where the computers to be controlled are on the same network as the “expert’s” system and you have open access to the C$ share on each of them. I doubt you’d want that share to be open to the world.
You are absoulutly correct. Thanks for the advice.
Nice Job guys! I did something similar with SMS remote tools into an HTA… it is pretty sweet… Anyways, I am getting a message stating:
“There is a problem with the invitation and it cannot be opened. To use Remote Assistance the sender of this invitation will have to send you a new invitation.”
I cannot figure it out… The new files are being copied too.
I was able to launch remote assitance, but is there a way to disable the pop up box about remote assistance on the targeted machine?
Well, the prompt for Remote Control should be suppressed, but I haven’t found a way to get rid of that stupid chat window. Seems like there are a few things in place that you can’t remove that ensure the user retains control in case someone tries to use this for malicious purposes. The lack of Ctrl+Alt+Del support comes to mind…
Traditionist says : I absolutely agree with this !
[...] It then updates the local file, launches, then changes the file back. My work’s based off dgrundel’s, without being quite so [...]
[...] Accept and Take Control for Remote Assistance Offer Remote Assistance in Windows XP Professional Unsolicited Remote Assistance Post a [...]