Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Updating ACLs in domain

Should you have problems with the MS logon plugin, here's the place to look for help or report issues
Post Reply
ChrisP
8
8
Posts: 15
Joined: 2007-04-20 06:13
Contact:

Updating ACLs in domain

Post by ChrisP »

Hi,

I've installed VNC-Server on multiple clients in a domain. Now I ahve to adopt the ACLs for the clients and I want to this with a global Datafile which holds the acl for each client. So far so good. I've no problem to extreact the acl for each client and to store it on it but:
my problem is how to get the changed ACL back to the registry? I cannot start MSLogonACL in user-context, so I need a way to this with a startup or a logonscript, right? Or is there any other way to do this?
If anybody has a solution for this, I would be happy for help!

Thx,
Chris
boqs
Posts: 6
Joined: 2007-04-26 10:50

Re: Updating ACLs in domain

Post by boqs »

This is how I do it:

Install UltraVNC on a single computer in the domain manually. Define users with WinVNC.exe -defaultsettings, and password etc.

Run MSLogonACL.exe /e <filename>

Extract registry settings and ACL, and import it with these cmd's:
regedit /s <regfile>
MSLogonACL.exe" /i /o <filename>


Hope this helps,

Kind regards
Last edited by boqs on 2007-04-26 13:44, edited 1 time in total.
ChrisP
8
8
Posts: 15
Joined: 2007-04-20 06:13
Contact:

Re: Updating ACLs in domain

Post by ChrisP »

Thx, this way i know but I have to change it not on all clients the same time, it has to work dynamic , that's why I created a global acl-file where each clients acl is stored. My aim is to automate it so the acl is updated with each reboot of a client.
btw. my main problem is: how to execute MSLogonACL in a user environment ?
Last edited by ChrisP on 2007-04-26 13:49, edited 1 time in total.
ChrisP
8
8
Posts: 15
Joined: 2007-04-20 06:13
Contact:

Re: Updating ACLs in domain

Post by ChrisP »

I think I just have solved the problem, but I will do some more testing to verify this.

I just added the users rights on the registry folder where the vnc acl is located and now it suddenly works fine.

Thx,
chris
Marscha
Former moderator
Former moderator
Posts: 464
Joined: 2004-05-14 06:48

Re: Updating ACLs in domain

Post by Marscha »

Why do you want to change the acl all the time?
maybe there's a more elegant way to solve your problem.

BTW, if you open the registry, your users can change the settings, too.
Probably not what you intended.
ChrisP
8
8
Posts: 15
Joined: 2007-04-20 06:13
Contact:

Re: Updating ACLs in domain

Post by ChrisP »

well, I'm talking about more than 1000 stations to administer and if one station breaks down I have to replace it, and sometimes there are special stations where also a few people get view only acess to. :) Of course I have a standard admin-group that has access....
So far so good. My users are not allowed to do anything on their PCs except from working on it.
That's why I needed to do it this way:
But as I mentioned before - its working now. :)
I'm holding a centralized ini-file created out of a database which I read at system-startup, then I extract the section for the client, store it and apply it. The only problem why MSLogonACL was not working at the beginnen was that my user-accounts had no privileges to modify the registry, so I allowed them to modify the VNC branch. :)
User avatar
JDaus
Friend of UVNC
Friend of UVNC
Posts: 537
Joined: 2007-03-17 11:00
Location: Sydney, Australia
Contact:

Re: Updating ACLs in domain

Post by JDaus »

i have used, and recomend sysinternals psexec ... it allows you to execute commands over a network to any windows machine (think it needs local admin priviledges)

http://www.microsoft.com/technet/sysint ... sexec.mspx

this way, you could setup an autoit script (compiled to EXE) to run the commands on \\localhost ... allowing you to have administrator priviledges without your uses getting access to source code ... :)

hope this is helpful

PS. i recomend you take a look at all tools in the sysinternals site ... they were recently ACQUIRED by microsoft ... but dont let that fool you, they have some great stuff ... and its free
http://sysinternals.com
ask a silly question and remain a fool for 5 minutes...
don't ask, and remain a fool for life - JDaus 2003

without imperfections, neither you nor i would exist - Steven Hawkins
__
JD
SCPrompt - OpenSource Free Remote Screen\Desktop Sharing Solution
SecureTech.com.au
ChrisP
8
8
Posts: 15
Joined: 2007-04-20 06:13
Contact:

Re: Updating ACLs in domain

Post by ChrisP »

Thanks for that information. Of course, I know sysinternals. ;) But I've treid to work with psexec and is more complicated than doing this small changes in the windows registry and apply them with a GPO, I think.
Post Reply