Chrome Remote Desktop fuck-up

[Zetetic]

I have Windows machine sitting several hundred miles away that I dearly would like to access.

The machine is running both Steam and Chrome Remote Desktop.

I can start games remotely using Steam, and sometimes convince Steam to start video streaming... but all it can stream is my login screen and a dialog asking me if I want to allow Steam secure input access (which I obviously can't interact with, because it currently doesn't have secure input access).

Unfortunately, Chrome Remote Desktop insist that this machine has been offline since the 14th December.

I suspect this is because Windows sometimes likes to clobber CRD's firewall privileges or something, and the only way that I can fix this by reinstalling CRD (which I'll have to do locally) - but I thought I'd ask if anyone's managed to solve something like this before.

(I can remotely login to my router and fiddle about with stuff there. I've tried resetting the network link to the machine and tried bringing the router's IPv6 tunnel up and down, just in case that made any difference, without any luck.)



The moral of this story is probably to check that your remote access is working before abandoning your home for an indefinite period in pandemic.

[DrGreggles]

I have a combination of AnyDesk, TeamViewer and WakeOnLAN installed on all my machines, just in case I need to access any of them remotely.
All free too.

[Zetetic]

I have wondered about replacing CRD with something else, given how unreliable it has proven to be (and how difficult to investigate that unreliability is).

Mostly put-off by having to maintain another set of high-risk credentials.

[evilcommiedictator]

If it's a windows machine, do you have admin privledges? You should be able to RDP into it[nb]as long as you're on the same network[/nb]
For Steam, can you add a "Non-Steam Game" and use that to run explorer.exe or notepad.exe, which should give you access to the desktop environment?

[Sebastian Cobb]

If it's a windows machine, do you have admin privledges? You should be able to RDP into it[nb]as long as you're on the same network[/nb]
For Steam, can you add a "Non-Steam Game" and use that to run explorer.exe or notepad.exe, which should give you access to the desktop environment?

Putting RDP out on the internet is not wise but as he's got router access he could forward it on a non-standard port and be quick.

Although are there any other machines on the network? If you've got a linux box there too then a safer way would be to get an ssh connection to that then use ssh forwarding to forward the rdp traffic. I use this technique to get VNC on some of my machines.

[Zetetic]

Ooh, if Windows runs an RDP server by default then I can probably get to it by VPN or SSH tunnelling, yes...

Will give that a go.

[Zetetic]

Given that I'm getting a timeout on 3389 for that machine, I suspect it's not enabled - bugger.

[DrGreggles]

Pretty sure it's disabled by default.
Settings > System > Remote Desktop > Enable Remote Desktop

[Zetetic]

You've missed off "Travel several hundred miles into a Tier 4 area >", alas, but I'm grateful for the confirmation that it's probably disabled by default.

[MojoJojo]

It might be worth looking into psexec. It requires file and print sharing to be enabled on the remote machine, which I think it normally is, and access to the admin$ share, which I don't know about.

While if you have router access you should be able to open the necessary ports, I think the windows firewall will block non local access (it certainly should do), so you're probably still stuffed. But I thought it was worth mentioning anyway.

[MojoJojo]

If you were running openwrt on your router you could set up a vpn server on it which would solve some problems at least.

I wonder how many useless suggestions I can come up with.

[Zetetic]

I do have VPN access back to my router.[nb]Well, if I can be fucked to configure routing on another server elsewhere - but SSH tunnels work fine for this anyway.[/nb]

Now the challenge is getting winexe (psexec for Linux) to compile under Debian 10... thanks for the tip, MojoJojo.

[seepage]

If it's a windows machine, do you have admin privledges? You should be able to RDP into it[nb]as long as you're on the same network[/nb]

and it's running Windows Pro, not Home.

[Zetetic]

and access to the admin$ share, which I don't know about.

Think this might be the killer here.

smbmap is telling me ADMIN$ has NO ACCESS and winexe gives me "ERROR: CreateService failed. NT_STATUS_ACCESS_DENIED".

(I'm sort of glad that a lot of this stuff doesn't seem to be open by default and I'm ignorant of it...)

I guess it's possible there's something oddly non-Admin-y about the account that I'm trying to use, but I can't really see how.

[Zetetic]

For reference, it looks it's related to this change from Vista onwards:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction#how-to-disable-uac-remote-restrictions

(Edit: I've meant to do this for a while as well: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse#installing-openssh-from-the-settings-ui-on-windows-server-2019-or-windows-10-1809 )