Home > Active Directory, Windows > Implementing Remote Assistance into context menu of ADUC

Implementing Remote Assistance into context menu of ADUC

Couple days ago I wrote about Remote Assistance. I wanted to make this feature as close as possible to administrators so I decided to implement special item in context menu of ADUC. Let’s do it.

We need to prepare script first. I wrote very simple one:

==========


‘ Script to run Remote Assitance on domain computer

Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))


‘ Check if Remote Assistance is installed

Set fso = CreateObject(“Scripting.FileSystemObject”)
If (fso.FileExists(“C:WindowsSystem32msra.exe”)) Then
 ‘ Is istalled
 Set objShell = WScript.CreateObject(“WScript.Shell”)
 Return = objShell.Run(“C:WindowsSystem32msra.exe /offerra ” & objUser.dNsHostName, 1, true)
Else
 ‘ Is not installed, error.
 Wscript.Echo “Microsoft Remote Assistance is not installed on this machine.”
End If

==========

Let’s save this script as .vbs file into \DOMAIN.LOCALNETLOGON directory. Now when we have a script, we need to create context menu in ADUC. This can be accomplished using ADSI Edit tool. Start ADSI Edit tool and look for CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=domain,DC=local. There look for CN=computer-Display. Right-click on CN=computer-Display and select Properties.

 

aduc01

 

In attribute adminContextMenu add following line:

2, &Remote Assistance,\domain.localNETLOGONRemoteAssistance.vbs

Description:

2 – order number

&Remote Assistance – name of the item in context menu

\domain.localNETLOGONRemoteAssistance.vbs – command to run

When you click OK, OK in ADSI Edit your work is done. Now when you click on computer account you can see and use following context menu item:

 

aduc02

 

And that’s all folks.

  1. Michal
    August 13th, 2013 at 08:25 | #1

    Pekne riesenie, ale podla mna je problem bezpecnost (spustas vbs. skript ako Domain Admin). …

  2. Michal
    August 13th, 2013 at 08:27 | #2

    Inak super blog, viac krat mi uz pomohol :)

  3. August 13th, 2013 at 08:32 | #3

    @Michal
    Preco si myslis, ze je problem s bezpecnostou?
    Skript si mozes umiestnit na share (ako ja na NETLOGON), kde nemaju vsetci pravo zapisu, cize nikto ti to neprepise a nebudes pustat co ti ini podsunuli. Taktiez si mozes nadefinovat Software Restrictions napriklad na hash daneho skriptu. Je to podla mna v pohode.

    Taktiez nie je povedane, ze to musi spustat Domain Admin :-) Mozes si spravit vlastnu skupinu a v skripte kontrolovat clenstvo…moznosti je vela :)

    Som rad, ze som niekomu pomohol.

  4. Michal
    August 14th, 2013 at 13:05 | #4

    @Ondrej Žilinec

    Ahoj, nevravim ze to je zle ale je to len pocit, ze takto to nie je spravne …

    1.) Editujes konfiguracnu particiu AD … potrebujes prava Entrprise Admina (nie kazdy ma take prava)
    2.) Pravdepodobne spustas skript s vyssimi pravami ako je potrebne (bezpecnostne hladisko) …
    3.) Su aj ine riesenia pre dany problem … Vacsie firmy maju urcite kupene ine riesenia .. Ja som velky fanusik MS SCCM (super tool), predtym sme mali Altiris ….
    Mne osobne sa paci aj program terminals https://terminals.codeplex.com/ aj ked tu chyba priamo podpora pre remote Assistance (ale da sa to aj tak spravit) len je potrebne manualne nahadzat tam klientov (pre mensie firmy a organizacie tak hodina casu admina).
    terminal obsahuje viacero nastrojov ktore sa adminom urcite zidu …
    DNS lookup, Wake on Lan, port scaner, Shares, system info, …

    Neber to negativne iba skor iny pohlad na vec :)

  5. August 14th, 2013 at 13:16 | #5

    @Michal
    Jasne :) Ja to beriem. Je to tvoj nazor. Mne sa napriklad zase nepacia riesenia, kde musim instalovat nejakych klientov :-) Ale pozriem sa aj na ten terminals – diki za tip.

  1. No trackbacks yet.