Black screen during remote assistance (MSRA.EXE)

Solution 1

I remember when I had this issue in my environment. Per the following link https://technet.microsoft.com/de-de/library/ee844127%28v=ws.10%29.aspx

In your Group Policy (gpedit.msc) settings (If domain, apply to the appropriate Organizational Unit), go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

Change the following setting User Account Control: Switch to the secure desktop when prompting for elevation to disabled.

EDIT Remember to update your computers with the latest group policy change. In CMD Prompt run gpupdate /force to update your computers to the latest group policy settings. To open cmd prompt, in Windows, click in your Search bar and type in Command Prompt.

Solution 2

I recently created this PowerShell solution which can be used when need to open a Remote Assistance session and type in the elevated UAC credential that cannot be share with the end-user being assisted.

Technically you can run just the Invoke-Command and point it to the remote computer, and then ensure the Set-ItemProperty has the appropriate 1 or 0 value for "PromptOnSecureDesktop" to enable or disable.

I wanted to ensure that when I need to run msra in an elevated session, I can just execute the script and be assured the UAC secure desktop security is re-enabled automatically after the msra session has ended.

Essentially this will...

• prompt you for the computer name

• disable the "UAC secure desktop" via the remote registry change and commands

• start an msra session that works same way it works always works from here

• enable the "UAC secure desktop" via the remote registry change and commands once the correlated msra instance ends

To use you only need to...

1. Save the PowerShell script as a text document with a .ps1 file name extension
2. Open a PowerShell command prompt and type (or paste) in the full script path and filename, and press Enter
3. Enter in the computer name of the computer you are connecting to with remote assistance and press Enter.
4. When done with the remote assistance session, close the mrsa process if it's still running

Tip: Use the non-elevated "other/standard" method of msra most of the time, and only use this as-needed.

PowerShell Script

$pc = Read-Host "Enter the remote computer name to disable secure desktop";

Invoke-Command -ComputerName $pc -Scriptblock {
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Value 0 -Force;
    };

$remoteAssist = "$Env:windir\system32\msra.exe";
Start-Process $remoteAssist "/offerra" -Wait;
Write-Host "Your Remote assist session has ended" -ForegroundColor Red;

Invoke-Command -ComputerName $pc -Scriptblock {
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop"  -Value 1 -Force;
    };

Execute Example

Note: Just paste in the full path script name and press enter.

PS C:\Users\User> \\myserver.domain.com\sharename\folder\script\Elevate-RemoteAssist.ps1

---

Supporting Resources

• User Account Control: Switch to the secure desktop when prompting for elevation

  The secure desktop presents the logon UI and restricts functionality and access to the system until the logon requirements are satisfied.

  The secure desktop’s primary difference from the user desktop is that only trusted processes running as SYSTEM are allowed to run here (that is, nothing is running at the user’s privilege level). The path to get to the secure desktop from the user desktop must also be trusted through the entire chain.

  Possible values

  • Enabled

    • All elevation requests by default go to the secure desktop.

  • Disabled

    • All elevation requests go to the interactive user desktop.

  source

• Invoke-Command

• Set-ItemProperty
• Start-Process

   -Wait
     Wait for the specified process to complete before accepting more input.
     This parameter suppresses the command  prompt or retains the window
     until the process completes
  

Related videos on Youtube