I'm trying to create a service that can start a reverse VNC connection from a client to the relevant support staff.
The client is Windows XP SP2
The service is running as "LocalSystem"
Everything works fine if the "Allow service to interact with desktop" property is checked in my service. With it unchecked, everything works until the service calls the command:
"C:\Program Files\VNC\WinVNC.exe" -connect 10.1.1.10:5500
At this point logging shows it executed the command, but nothing actually happens on the client.
Should I be able to start a reverse VNC connection via the LocalSystem account without desktop interaction?
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
VNC reverse connection via LocalSystem service
Re: VNC reverse connection via LocalSystem service
Theoretically it might work for XP, but you'd have to re-architect everything for Vista and Windows 7 anyway. See http://www.uvnc.com/vista/
Re: VNC reverse connection via LocalSystem service
I'm starting with XP because it's typically easier to get things working there, but the reason I'm unchecking that service property is precisely because it is unsupported in Vista/Win7.
My service is running as LocalSystem trying to interface with the winvnc.exe that is already running in LocalSystem, but it doesn't do anything unless that property is enabled (XP only).
I just thought it odd that it would have a problem with the running VNC service when both are running in the same user context (LocalSystem). Granted working with services is not my area of expertise.
My service is running as LocalSystem trying to interface with the winvnc.exe that is already running in LocalSystem, but it doesn't do anything unless that property is enabled (XP only).
I just thought it odd that it would have a problem with the running VNC service when both are running in the same user context (LocalSystem). Granted working with services is not my area of expertise.
-Ben
Re: VNC reverse connection via LocalSystem service
Nor mine, but Rudi's been through all this pain before to get UltraVNC working, which is why I gave you that link. Good luck.
Re: VNC reverse connection via LocalSystem service
I terminated the existing VNC service that was running, and then tried a modified command:
"C:\Program Files\VNC\WinVNC.exe" -connect 10.1.1.10:5500 -run
This time it connected to my viewer, but I got the following message:
"UltraVNC running as application doesn't have permission to access UAC protected windows. The is screen is locked until the remote user unlock this window"
This is on Windows XP.
"C:\Program Files\VNC\WinVNC.exe" -connect 10.1.1.10:5500 -run
This time it connected to my viewer, but I got the following message:
"UltraVNC running as application doesn't have permission to access UAC protected windows. The is screen is locked until the remote user unlock this window"
This is on Windows XP.
-Ben
Re: VNC reverse connection via LocalSystem service
So far, any attempt for me to run WinVNC.exe as a service (regardless of what user context the service runs under) seems to lack access to the console to actually be able to send anything. I get the UAC error every time.
I also noticed the uvnc_service has the "Allow service to interact with desktop" property checked on WinXP and Win7. I may just check that box on XP and move on to troubleshooting this on Win7.
I also noticed the uvnc_service has the "Allow service to interact with desktop" property checked on WinXP and Win7. I may just check that box on XP and move on to troubleshooting this on Win7.
-Ben
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: VNC reverse connection via LocalSystem service
Reverse connection is buildin in the uvnc_service via the ultravnc.ini
service_commandline=
This is used to instruct the service to start winvnc (in service mode) with a specific command line. This is the same syntax as the commandline except
you don't put -run at the end.
sample: service_commandline=-autoreconnect -connect 192.168.1.30
This tell the service to make an invers connection to 192.168.1.30 and retry when it fail..
*interact desktop: not needed
*service need to be running as system
service_commandline=
This is used to instruct the service to start winvnc (in service mode) with a specific command line. This is the same syntax as the commandline except
you don't put -run at the end.
sample: service_commandline=-autoreconnect -connect 192.168.1.30
This tell the service to make an invers connection to 192.168.1.30 and retry when it fail..
*interact desktop: not needed
*service need to be running as system
Re: VNC reverse connection via LocalSystem service
A little more detail may be in order. I have a normal installation of UltraVNC on the computer already, and a remote viewer can connect on demand. What I'm trying to do is utilize that same instance of VNC to fire a reverse connection when the client is instructed to do so. I do not want the service to do this by default, and in fact it will rarely do this. Also, I am passing the viewer (and port just in case) it should connect to as a variable so it will not be hard-coded to any one computer.
The problem I'm attempting to solve is when we have a client computer that has incorrect firewall configuration preventing us from having any remote access of any type to it. This generally happens when domain membership gets corrupted and the firewall settings start blocking all incoming connections (but it's happened for other reasons as well). The only way to use VNC in this situation is when it's initiated by the client itself.
I am writing a program that runs as a service (LocalSystem) that connects to a remote server as to get around inbound firewall restrictions. This server can then send commands to the client to be run locally. Since the service is running as LocalSystem, all commands run on the client in the same context. This program's primary function will be to make the client run the command listed earlier:
"C:\Program Files\VNC\WinVNC.exe" -connect 10.1.1.10:5500
This is only working when the Interact with Desktop property is checked. I am woefully underskilled working in the LocalSystem context so I'm using the sledgehammer approach.
The problem I'm attempting to solve is when we have a client computer that has incorrect firewall configuration preventing us from having any remote access of any type to it. This generally happens when domain membership gets corrupted and the firewall settings start blocking all incoming connections (but it's happened for other reasons as well). The only way to use VNC in this situation is when it's initiated by the client itself.
I am writing a program that runs as a service (LocalSystem) that connects to a remote server as to get around inbound firewall restrictions. This server can then send commands to the client to be run locally. Since the service is running as LocalSystem, all commands run on the client in the same context. This program's primary function will be to make the client run the command listed earlier:
"C:\Program Files\VNC\WinVNC.exe" -connect 10.1.1.10:5500
This is only working when the Interact with Desktop property is checked. I am woefully underskilled working in the LocalSystem context so I'm using the sledgehammer approach.
-Ben
Re: VNC reverse connection via LocalSystem service
As a quick hack why couldn't you have it modify the ultravnc.ini file and then issue a "net start" command for the service? (Or maybe make a separate copy of UltraVNC for "ordinary" use and let the ultravnc.ini file in the service directory remain set for reverse connecting? Not sure if that would work.)
Re: VNC reverse connection via LocalSystem service
I tried the separate instance route without success (not exhaustively tested yet).
I verified I can stop and start the service so it would be trivial to stop the service, modify the ultravnc.ini file, start the service, modify the ultravnc.ini file back to the original setting, ???, PROFIT!!!
I'll give that a go and see what happens.
I verified I can stop and start the service so it would be trivial to stop the service, modify the ultravnc.ini file, start the service, modify the ultravnc.ini file back to the original setting, ???, PROFIT!!!
I'll give that a go and see what happens.
-Ben
Re: VNC reverse connection via LocalSystem service
Well, that worked like a champ even with the interact with desktop setting disabled.
I logged off the computer, submitted the command to connect back via VNC, and it connected to my viewer within a few seconds after it modified the local VNC settings.
Thanks everyone for the help! I wasn't familiar with the service option in the ini file, so now I have a new weapon in my UltraVNC arsenal.
I logged off the computer, submitted the command to connect back via VNC, and it connected to my viewer within a few seconds after it modified the local VNC settings.
Thanks everyone for the help! I wasn't familiar with the service option in the ini file, so now I have a new weapon in my UltraVNC arsenal.
-Ben