I like the option to have VNC use the windows logons as it's password, but I don't like that the local admin has to have access in WinXP. Am I not reading that right or is there no way to not give the local admin rights to VNC? I would like it that only domain admins can VNC. That makes it a little less damaging if someone were to find the local admin password.
If that's not possible, is it possible to rotate the VNC password with a logon script, or a command line way to do it at all?
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Questions about passwords?
Use "New MS-Logon" (MS-Logon II).
Then you can configure groups/users which are allowed to access the computer via UltraVNC.
You can configure only the Domain Admins to have this right.
But you should keep in mind that any Local Admin can change this configuration and add the Local Admin group to the access list.
We consider this not a bug. A Local Admin is supposed to control the computer.
Then you can configure groups/users which are allowed to access the computer via UltraVNC.
You can configure only the Domain Admins to have this right.
But you should keep in mind that any Local Admin can change this configuration and add the Local Admin group to the access list.
We consider this not a bug. A Local Admin is supposed to control the computer.
So are you saying that local admins do not inherently have access on WinXP running as a service? I must be confused then because I read, "local admins always have access".
The issue is we are a school and as much as we lock things down students are increasingly clever in cracking the computers (it's like a hobby), anyway the local administrator password is vulnerable just by being stored on computer at all, where the domain admin password is not.
My other question is when I'm using MS Logon, do I need "accept socket connections" turned on?
The issue is we are a school and as much as we lock things down students are increasingly clever in cracking the computers (it's like a hobby), anyway the local administrator password is vulnerable just by being stored on computer at all, where the domain admin password is not.
My other question is when I'm using MS Logon, do I need "accept socket connections" turned on?
On this note if you arent already doing this - change the local admin account names to something very.. very... unusuall.. since the computer is part of a domain technically you could test out disabling the local admin account.. of course losing your backdoor in if the computer never had an authorized user connect caching its credentials for re-login during network outages. But as people poke and prod, your best bet is to safeguard everything you can..orphic wrote:So are you saying that local admins do not inherently have access on WinXP running as a service? I must be confused then because I read, "local admins always have access".
The issue is we are a school and as much as we lock things down students are increasingly clever in cracking the computers (it's like a hobby), anyway the local administrator password is vulnerable just by being stored on computer at all, where the domain admin password is not.
If you dont have accept socket connections (Anyone please correct me if Im wrong) It will not listen to the port you specify, basically disabling the service.orphic wrote: My other question is when I'm using MS Logon, do I need "accept socket connections" turned on?
Dont know what kind of school you are with, but if someone can plug into your network, and get a DHCP address and not be challenged at all.. it wouldnt be a bad idea.. if you got some good wizkids on your hands... to use the DSM encryption plugin - and disallow access to the VNC Folder for normal users to even list the contents.
-only reason I say this is... if they can log in with a protocol analyzer and pick up your domain credentials over your network.. you may get rooted... and thats not fun if you have kids "Testing" things.
just my $0.02