Policy
Configure Offer Remote Assistance
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance. To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format: <Domain Name>\<User Name> or <Domain Name>\<Group Name> If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running. Windows Vista and later Enable the Remote Assistance exception for the domain profile. The exception must contain: Port 135:TCP %WINDIR%\System32\msra.exe %WINDIR%\System32\raserver.exe Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe %WINDIR%\System32\Sessmgr.exe For computers running Windows Server 2003 with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow Remote Desktop Exception
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Permit remote control of this computer: ID RA_Unsolicit_Control_List | enum | HKLM\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicitedFullControl Type REG_DWORD | Options: Allow helpers to remotely control the computer (1), Allow helpers to only view the computer (0) |
Helpers: ID RA_Unsolicit_DACL_Edit | list | HKLM\Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit\fAllowUnsolicited Type REG_MULTI_SZ | List: standard |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow only Windows Vista or later connectionsAt least Windows Vista
- ComputerConfigure Solicited Remote AssistanceAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerCustomize warning messagesAt least Windows Vista
- ComputerTurn on bandwidth optimizationAt least Windows Vista
- ComputerTurn on session loggingAt least Windows Vista