Recently I have been favorably impressed with Chrome Remote Desktop features which allow to support remote users/friends/family members and access work computers remotely. I have easily configured access to my home computer from my office network. All you need is to install the Google Chrome browser on both devices, a Google account, and the chromoting service. Most popular are supported for remote connection: Windows, Linux, macOS, Android, and iOS.
In this article, we’ll take a look at how to install, configure, and use Chrome Remote Desktop to access a remote computer or provide remote support on Windows.
How to Install Chrome Remote Desktop on Windows?
Prior to using Chrome Remote Desktop, make sure that the Google Chrome browser is installed on your computer.
- Run Chrome and go to https://remotedesktop.google.com/support;
- Sign in with your Google account;
- The tool offers two types of remote connections: Remote Access to a computer and Remote Support;
- Remote Support – allows you to get or provide remote support to another person (like TeamViewer, AnyDesk, or other similar apps). You can see a remote user desktop, control a mouse and keyboard.
- Remote Access – allows you to remotely access your device over the Web. You get full access to a remote computer desktop
Remote Support Using Chrome Remote Desktop
The easiest way to get remote access is to provide remote support. If you want to allow temporary access to your computer for remote support:
- Select Remote Support -> Share this screen;
- Click Download and install the Chrome Remote Desktop extension. Click Add to Chrome;
- Confirm the installation by clicking Add extension;
- Then click Accept and Install;
- Windows will download the chromoting installation file (
chromeremotedesktophost.msi) and install the service; - Then click Generate Code to allow to your computer’s desktop;
- The program will generate an access code you tell the person who wants to connect to your computer. The code is valid for a limited time. If you don’t use the code within 5 minutes, you will have to generate it again.
- Now the person who wants to connect to your computer should go to https://remotedesktop.google.com/support and pastes the code to the Connect to another computer field (a remote user must install Chrome Remote Desktop extension or the
chromeremotedesktophost.msipackage);
- A window with the Google account trying to connect to your computer appears. Confirm the connection by clicking Share;
- Now a remote user will see your desktop in their browser and be able to interact with you. There are some options to improve work in the remote session in the right menu. You can also enable a remote clipboard (Enable clipboard synchronization), but then you need Chrome Remote Desktop extension to be installed.
- You can break the connection at any moment by clicking Stop Sharing.
If a user you get support from tries to take some action that requires elevated privileges, an UAC (User Account Control) prompt will appear in your session only. It is you who approves elevation, but not your remote assistant person.
Remote Access to a Computer Using Chrome Remote Desktop
The remote support method using Chrome Remote Desktop discussed above implies having a person on the receiving side who generates an access code and confirms a remote connection. However, Chrome Remote Desktop can also work in the unattended access mode (when there is nobody near the computer).
Let’s look at how to configure access to a remote computer running Windows using Chrome Remote Desktop over the Web.
chromeremotedesktophost.msi. - Open Chrome Remote Desktop -> Remote Access and click Turn on;
- Enter the computer name. By default, hostname is used, but you can change it to identify the computer easier;
- Create a PIN code (at least 6 numbers) to connect and click Start;
- The installation of Chrome Remote Desktop Host (
remoting_native_messaging_host.exe) with the specific options will start. Confirm the installation;
- After that, on the Chrome Remote Desktop homepage you will see that a remote connection to your computer is allowed (online status). Here you will also see a list of devices you have configured remote access on;
- Click the computer you need and enter the PIN code;
- You will connect to your remote computer and see its desktop.
You can download/upload a file from/to the remote computer using File transfer option in the right panel.
UAC works correctly in the remote connection, and the session is not interrupted when the prompt appears.
All remote Chrome Remote Desktop sessions are protected using SSL and AES 256 encryption.
To establish a remote connection in Windows, a separate service is created: Chrome Remote Desktop Service (chromoting). You can get information about the service with PowerShell:
Get-WmiObject win32_service | ?{$_.Name -like '*chromoting*'} | select Name, DisplayName, PathName| Format-List
As you can see, the service runs the executable file remoting_host.exe, works as a daemon, and uses the configuration file (--host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json).
You can display the contents of the JSON file and see the Google account the device is linked to, the device name, and the client ID.
Get-Content "C:\ProgramData\Google\Chrome Remote Desktop\host.json"
There are some registry parameters you can use to manage Chrome Remote Desktop.
By default, Chrome Remote Desktop doesn’t block a local session if you have connected to a computer remotely. If you don’t want a local user to see what you are doing on their computer, enable the curtain mode. To do it, configure the following registry parameters (for Windows 10 and 11):
- HKLM\Software\Policies\Google\Chrome\RemoteAccessHostRequireCurtain = 1
- HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections = 0
- HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\UserAuthentication = 0
- HKLM \SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer = 1
Or use this command:
reg add HKLM\Software\Policies\Google\Chrome /v RemoteAccessHostRequireCurtain /d 1 /t REG_DWORD /f && reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /d 0 /t REG_DWORD /f && reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /d 1 /t REG_DWORD /f && reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /d 0 /t REG_DWORD /f && net stop chromoting && net start chromotingTo allow connecting to the computer from the local network only (and for users connected to the local network using VPN), set HKLM\Software\Policies\Google\Chrome\RemoteAccessHostFirewallTraversal = 0 in the registry.
To connect to a computer using Chrome Remote Desktop, you do not need to run Google Chrome on it or configure automatic logon under a user account. After connecting, you always get to a console session. If you see a login screen and a list of local Windows accounts there. You may select any account to log on.
You can switch between users.
The following ports must be open on Windows for Chrome Remote Desktop connections:
- Outbound UDP traffic
- Incoming UDP responses
- TCP 443 (HTTPS)
- TCP/UDP Port 3478 (STUN)
To deny remote access to computers using Chrome Remote Desktop, you can create fake A/CNAME entries for the following hosts on your internal DNS server:
chromoting-oauth.talkgadget.google.comandchromoting-client.talkgadget.google.com– blocks outbound traffic from your computers to remote clients using Chrome Remote Desktopchromoting-host.talkgadget.google.com– blocks remote access to computers in your network