Skip to main content
Version: 24.5

Remote Assistance

Workspaces includes, thanks to the alliance with AnyDesk, remote assistance tools that allow viewing and taking control of the user's session.

rauserconsent

Remote assistance is compatible with all types of sessions, such as users on physical devices, VDIs, shared desktops, and even in virtualized application environments. It supports operating systems such as Windows, Linux (including ChromeOS), and Mac.

Remote assistance for Workspaces is designed to cover end-user devices as well as devices that do not have a user in front of them, such as servers or customer service kiosk-type devices.

Workspaces incorporates a significant improvement that allows the support operator to manage all the applications the user sees, including those that require elevation of permissions, which are launched with 'Run as administrator' or that run under User Account Control (UAC). Additionally, all AnyDesk functionalities for session recording, file transfer, and chat are activated.

Main functions

There are two options for remote assistance:

  • Interactive remote assistance: aimed at end users. Requires user consent.
  • Unattended remote assistance: allows unattended access to technical equipment.

The Flexxible tools are also included, which allow the activation of administrative tools in remote assistance.

Activation

The activation of remote assistance, as well as the configuration of options that will be available for a device, is carried out from the configuration of the reporting group to which that device belongs, in Portal.

Although remote assistance uses AnyDesk technology, no traffic is generated from the devices to their servers, which allows it to work even in network environments with traffic filtering to AnyDesk servers.

Remote assistance can be configured to allow interactive or unattended access.

Requirements

To function properly, remote assistance requires device connectivity to ra.flexxible.com via TCP port 443.

Interactive remote assistance

To minimize the attack surface, vulnerability exploitation, and maintain device security, FlexxAgent does not install any additional software, so there is no service or process "listening" for incoming connections. The AnyDesk process only runs (without installation) in real-time when requested from Workspaces.

Remote assistance allows support staff to access the user's session to see what is happening on their screen or take control easily. It is accessible from both the Sessions view and Workspaces and can be executed from the Operations button in the top right of the interface.

Operations -> Remote assistance -> Start remote assistance

When the operator initiates the Start remote assistance request, FlexxAgent launches an AnyDesk process (with user permissions) on the device and notifies the user with the session ID.

racodeforuser

From the support side, an application is displayed to access the user's session, which can be downloaded by clicking Download from the remote assistance window in Workspaces. Once downloaded, this application must be executed to send the consent request to the user.

Note: Once the remote assistance session access application is downloaded, it will expire in 15 minutes and will not allow access to the session.

radminpreconsent

The user's consent must be awaited:

rauserconsent

From the acceptance of remote assistance, the support staff can take control of the session.

The AnyDesk binary will only be present on the device’s filesystem when remote assistance is requested and will run with the user's permissions, without installation, and will remain active for the duration of the remote assistance session. Once the session ends, the process will be stopped, and the binary deleted from the filesystem.

flxtools

Important: Running the Anydesk binary without administrative permissions does not prevent access to the administrative tools needed for support delivery. These are offered for remote assistance within the Flexxible tools menu at the top left of the remote assistance window.

Unattended Remote Assistance

Unattended remote assistance allows access to server-type or self-service kiosk devices, where there is no specific user working.

To access the device unattended, the following action must be performed:

Operations -> Remote assistance -> Start unattended remote assistance

ra_supportid

When the operator performs this action, Workspaces sends the order to FlexxAgent to install a custom AnyDesk service, start it, configure an access password, and inform the operator via the console that the session is now accessible with the respective authentication data:

  • Session ID: is the session identifier.
  • Password: is a dynamic password that regenerates in each session; it is not recommended to store it.
  • Download the remote assistance access application for the operator: a mini-application that allows access to the session for 15 minutes. If access is not made within that time, it will expire and will not allow control of the device.

rasessionview

Once the access application has been started by the support operator, it will be necessary to enter the session password to take control of the device.

As soon as the session is interrupted by closing the remote assistance binary, the service will remain operational for 15 minutes before being automatically uninstalled, preventing access to the device until the action Operations -> Remote assistance -> Start unattended remote assistance is executed again.

Note: After 15 minutes from the end of the unattended remote assistance connection, it will no longer be possible to use the same authentication data or access binary again. The custom AnyDesk service will be uninstalled from the device and the session password will have expired.

This mechanism offers unattended access on demand and preserves the security of devices by not having services "listening" at times when they are not required.

Flexxible tools

Since the AnyDesk binary is executed with the user's permission level, it may happen that the user is not a local administrator of the device. To cover these cases, the Flexxible tools have been incorporated.

flxtools

This is a series of functions embedded in the remote assistance application that can be accessed from the top left part of the interface.

These tools can be run with administrative permissions from:

  • CMD
  • PowerShell
  • Registry Editor
  • Task Manager

flxtoolsps