Part 1. Behind the scenes
Supporting customers in a business environment can be a balancing act between fixing an issue and not interfering with a user’s ability to work. Too many times the IT worker sees the problem as a technical problem such as a printer issue or maybe a buggy device driver, while the customer sees something different: they just see the problem as a worker who isn’t able to do their job. They are paying you to fix a problem AND paying a worker who is not able to work.
In situations where a computer doesn’t start or the user can’t reach the network there isn’t much you can do to avoid taking over their computer. However, when users report intermittent problems there can be better ways to investigate their problems while still allowing the user to work.
Through the joys of remote management, we can inspect Event Viewer, registry settings, computer management and use a host of other tools.
I find that when a user reports an intermittent issue, one of the first tools I use is Event Viewer. In the past I would have asked to use their computer and would begin the lengthy process of hunting through the logs looking for errors and warnings. Today, I try to avoid interrupting the user and remotely inspect their Event Logs.
In order to do this, first open Event Viewer on your own PC and then select Action from the top menu. Then select Connect to Another Computer from the drop-down menu. Type in the name of the remote computer and click OK. The Header at the top will change to Event Viewer (Remote Computer Name) indicating a successful connection. Browsing may be slower than normal depending on the network connection between the machines.
Easy right? Oh, an error you say? “Event Viewer cannot connect to computer “Your computer name”. The error reported is: The RPC server is unavailable.”
Blocked by the firewall ! Well, if you are using the Windows firewall, you may be able to get around this. Event Viewer and various other management tools require “Remote Administration” to be allowed through the firewall. You should be able to use the PSEXEC utility to allow Remote Administration through the firewall.
The process begins with PSTools and the app PSEXEC. PSEXEC lets your run executables on remote computers. The executable we will be running is the old but useful cmd.exe.
- First you need to download the PSTools zip and extract it to your preferred location.
- Once you have done this open up a command prompt on your computer.
- Change the location to the folder when you extracted psexec.
- Then type psexec \\<computer name> cmd
- If you get an error try running psexec with the -u UserName -p Password switches, you may also need to specify the computer name as a FQDN (e.g. \\computername.domain.com)
6. Confirm that CMD is running on the remote computer – you can run “hostname” and it should return the name of the remote computer, not your own PC
7. Type – netsh advfirewall firewall set rule group=“remote administration” new enable=yes
8. If you get an error try typing netsh firewall set service type=remoteadmin mode=enable (it might give you an error but it should allow step 7 to run.)
9. Retry step 7 if had errors.
10. If it comes back and tells you that rules have been applied you are good to go.
At this point, you should be able to connect to their PC via Event Viewer and other remote management tools. You may also want to run a few other diagnostic commands while you’re still connected to the CMD prompt on the remote computer, but we’ll discuss some of those utilities in a later blog.
Recent Comments