Hi,
Under Admin properties there is the option to lock the workstation when the client disconnects , is there a way to have it always lock on connect? I'm using Ms Login and if the machine is already logged in the client connects with no password prompt.
Thanks
-TD
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
UVNC 1.2.1.7 Admin Prop Lock on Connect
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: UVNC 1.2.1.7 Admin Prop Lock on Connect
That options doesn't exist.
Why don't you activate the the screensaver lock. The if someone forget to logout the screen is locked.
Why don't you activate the the screensaver lock. The if someone forget to logout the screen is locked.
Re: UVNC 1.2.1.7 Admin Prop Lock on Connect
I appreciate that, however, that wasn't the reason for the request. There are many situations where a system will not lock even even though screen saver lock is enabled, with the point being a security concern. In ALL cases where desired and setup to do so, a user remoting in should NOT be allowed straight in without authentication if it is setup to require it.Rudi De Vos wrote:That options doesn't exist.
Why don't you activate the the screensaver lock. The if someone forget to logout the screen is locked.
Again if i'm missing something I apologise. Let's put this another way, the option to lock on disconnect is for security, why would the reverse not be a concern as well?
Thanks
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: UVNC 1.2.1.7 Admin Prop Lock on Connect
-We have the option accept/reject, isn't it better to ask permission then just kick him
The user get a nice popup, asking if he agree that someone take control of his pc.
a)If someone is logged -> he need to give permission
b)If no user is logged -> you get in without permission
c)If user is logged, but the screensaver is active -> you get in without permission
b)c) are optional settings
optons
AuthHosts=
+ =allow
- = deny
? = query
syntax:
-:+10.0.60.141:?10.0.31.169:-10.0.20.240:
instead of 10.0.60.141 you can use 10.0.60, then it is valid for the full range of ip addresses.
QuerySetting=2
Define on how to react on the (-,?,+) from the Authhosts.
0="+:Accept, ?:Accept, -:Query"
1="+:Accept, ?:Accept, -:Reject"
2="+:Accept, ?:Query, -:Reject [Default]"
3="+:Query, ?:Query, -:Reject"
4="+:Query, ?:Reject, -:Reject"
It is used to specify a set of IP address templates which incoming connections must match in order to be accepted. By default, the template is empty and connections from all AuthHosts_Tip5="hosts are accepted. The template is of the form:
+[ip-address-template]
?[ip-address-template]
-[ip-address-template]
In the above, [ip-address-template] represents the leftmost bytes of the desired stringified IP-address.
For example, +158.97 would match both 158.97.12.10 and 158.97.14.2. Multiple match terms may be specified, delimited by the ":" character. Terms appearing later in the template take precedence over earlier ones. e.g. -:+158.97: would filter out all incoming connections except those beginning with 158.97. Terms beginning with the "?" character are treated by default as indicating hosts from whom connections must be accepted at the server side via a dialog box. The QuerySetting option determines the precise behaviour of the three AuthHosts options.
QueryTimeout=10
QueryTimeout is the time the messagebox is shown.
QueryAccept=0 ( 0=refuse 1=accept 2=refuse)
This popup a timed messagebox to allow the user (server site) to allow/reject an incoming connect.
QueryIfNoLogon=0
Disable/enable query settings when no user is logged.
If the user is logged on, but has his screensaver on you normal can't get access as "QueryIfNoLogon" find a logged user.
to overwrite this set QueryAccept=2 and QueryIfNoLogon=0 -> no messagebox when screen is locked.
The user get a nice popup, asking if he agree that someone take control of his pc.
a)If someone is logged -> he need to give permission
b)If no user is logged -> you get in without permission
c)If user is logged, but the screensaver is active -> you get in without permission
b)c) are optional settings
optons
AuthHosts=
+ =allow
- = deny
? = query
syntax:
-:+10.0.60.141:?10.0.31.169:-10.0.20.240:
instead of 10.0.60.141 you can use 10.0.60, then it is valid for the full range of ip addresses.
QuerySetting=2
Define on how to react on the (-,?,+) from the Authhosts.
0="+:Accept, ?:Accept, -:Query"
1="+:Accept, ?:Accept, -:Reject"
2="+:Accept, ?:Query, -:Reject [Default]"
3="+:Query, ?:Query, -:Reject"
4="+:Query, ?:Reject, -:Reject"
It is used to specify a set of IP address templates which incoming connections must match in order to be accepted. By default, the template is empty and connections from all AuthHosts_Tip5="hosts are accepted. The template is of the form:
+[ip-address-template]
?[ip-address-template]
-[ip-address-template]
In the above, [ip-address-template] represents the leftmost bytes of the desired stringified IP-address.
For example, +158.97 would match both 158.97.12.10 and 158.97.14.2. Multiple match terms may be specified, delimited by the ":" character. Terms appearing later in the template take precedence over earlier ones. e.g. -:+158.97: would filter out all incoming connections except those beginning with 158.97. Terms beginning with the "?" character are treated by default as indicating hosts from whom connections must be accepted at the server side via a dialog box. The QuerySetting option determines the precise behaviour of the three AuthHosts options.
QueryTimeout=10
QueryTimeout is the time the messagebox is shown.
QueryAccept=0 ( 0=refuse 1=accept 2=refuse)
This popup a timed messagebox to allow the user (server site) to allow/reject an incoming connect.
QueryIfNoLogon=0
Disable/enable query settings when no user is logged.
If the user is logged on, but has his screensaver on you normal can't get access as "QueryIfNoLogon" find a logged user.
to overwrite this set QueryAccept=2 and QueryIfNoLogon=0 -> no messagebox when screen is locked.
Re: UVNC 1.2.1.7 Admin Prop Lock on Connect
Sorry, something else is going on, will investigate further and report back.
In my local test to a standard install in a vm, using the SecureVNC Plugin, every thing is working as expected.
In the real scenario , It turns out I wasn't getting prompted for an MS logon at all. There are only 2 things different there, I'm connecting via the repeater, and I set a passphrase in the SecureVNC Plugin. It has to be something with either of them.
I'll let you know, unless you already know why i'm not being prompted for the actual MS logon even though it's set.
Thanks much
In my local test to a standard install in a vm, using the SecureVNC Plugin, every thing is working as expected.
In the real scenario , It turns out I wasn't getting prompted for an MS logon at all. There are only 2 things different there, I'm connecting via the repeater, and I set a passphrase in the SecureVNC Plugin. It has to be something with either of them.
I'll let you know, unless you already know why i'm not being prompted for the actual MS logon even though it's set.
Thanks much
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: UVNC 1.2.1.7 Admin Prop Lock on Connect
viewer connect to server: server ask password or user/passwd (mslogon)
server connect to viewer: viewer can allow/refuse a connection but viewer has no password
Using the repeater we have a security issue. Both viewer and server can be outgoing connections.
As the rfb protocol doesn't support passwords for outgoing conntions we use the plugin for authentication and encryption
The authentication can be done by the vnc passwd, you can setup a longer phraze or create a viewer access-key.
Repeater + mslogon is not possible.
server connect to viewer: viewer can allow/refuse a connection but viewer has no password
Using the repeater we have a security issue. Both viewer and server can be outgoing connections.
As the rfb protocol doesn't support passwords for outgoing conntions we use the plugin for authentication and encryption
The authentication can be done by the vnc passwd, you can setup a longer phraze or create a viewer access-key.
Repeater + mslogon is not possible.
Re: UVNC 1.2.1.7 Admin Prop Lock on Connect
Yup just saw that on another post, TX