Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
MSLogonACL for remote computers
MSLogonACL for remote computers
Any thoughts of adding the feature to import and export the ACL from computers over a LAN?
You could use UltraVNC to export the ACL 
For importing you could use any tool that allows to start processes on remote computers.
See psexec from http://www.sysinternals.com/ntw2k/freew ... ools.shtml
For importing you could use any tool that allows to start processes on remote computers.
See psexec from http://www.sysinternals.com/ntw2k/freew ... ools.shtml
ahhh .. .I just made it part of the deployment wizard in VNCScan so it's all good, now. 
The ACL will push out with the UltraVNC deplpyment.
In the deployment wizard, it offers you a text box to put in ACL information right under the checkbox to use MSAUTH.
It also has a new feature to let you include a .REG file with the deployment of all flavors of VNC incuding Ultra. The reg file is executed remotely on the computers to import reg settings. So far, the beta testers love this feature and I can't wait until it's out for everyone to use.
The inclusion of the REG file is more for the other flavors than for Ultra, though. The other ones don't use a text based ACL util like you do. For those flavors, people have to configure a computer and then export it to a .reg file and then deploy that with the VNCScan deployment wizard.
- Steve Bostedor
http://www.vncscan.com
The ACL will push out with the UltraVNC deplpyment.In the deployment wizard, it offers you a text box to put in ACL information right under the checkbox to use MSAUTH.
It also has a new feature to let you include a .REG file with the deployment of all flavors of VNC incuding Ultra. The reg file is executed remotely on the computers to import reg settings. So far, the beta testers love this feature and I can't wait until it's out for everyone to use.
The inclusion of the REG file is more for the other flavors than for Ultra, though. The other ones don't use a text based ACL util like you do. For those flavors, people have to configure a computer and then export it to a .reg file and then deploy that with the VNCScan deployment wizard.
- Steve Bostedor
http://www.vncscan.com
Last edited by sbostedor on 2005-05-11 15:02, edited 1 time in total.
The ACL contains the SIDs of the accounts that are configured.
That's the reason why you should not directly export and import the reg key of the ACL.
If you have local users/groups, their SIDs are different on different machines.
Also the binary structure of the ACL is not guaranteed to be the same on different Windows versions.
So I added the MSLogonACL utility to export/import the ACL savely.
That's the reason why you should not directly export and import the reg key of the ACL.
If you have local users/groups, their SIDs are different on different machines.
Also the binary structure of the ACL is not guaranteed to be the same on different Windows versions.
So I added the MSLogonACL utility to export/import the ACL savely.
You're correct, sir. 
You can, however, resolve a remote computername\username to a valid SID on that local machine SAM database through an API. I'll dig it up if you're interested, but it's c# so I'm not sure that it'll help you.
It works fine for VNCScan, though. When VNCScan deploys UltraVNC to a remote computer and MS AUTH is chosen, it copies the ACL information into a text file on the remote computer, copies over the mslogonauth util and then remotely executes it on that computer so that it's resolving against that computers SAM database.
It works this way just fine, I was just wondering if you ever planned to put in the code to make it resolve SIDS against remote computer accounts to save this extra step in the deployment process.
If I knew how you constructed the binary registry key, I'd just make my own .NET version and release it as open source freeware. Any info on that?
- Steve Bostedor
http://www.vncscan.com
You can, however, resolve a remote computername\username to a valid SID on that local machine SAM database through an API. I'll dig it up if you're interested, but it's c# so I'm not sure that it'll help you.
It works fine for VNCScan, though. When VNCScan deploys UltraVNC to a remote computer and MS AUTH is chosen, it copies the ACL information into a text file on the remote computer, copies over the mslogonauth util and then remotely executes it on that computer so that it's resolving against that computers SAM database.
It works this way just fine, I was just wondering if you ever planned to put in the code to make it resolve SIDS against remote computer accounts to save this extra step in the deployment process.
If I knew how you constructed the binary registry key, I'd just make my own .NET version and release it as open source freeware. Any info on that?
- Steve Bostedor
http://www.vncscan.com
Last edited by sbostedor on 2005-05-12 12:10, edited 1 time in total.
it's standard MS:
LookupAccountName()
InitializeAcl()
AddAccessDeniedAce()
AddAccessAllowedAce()
See http://cvs.sourceforge.net/viewcvs.py/u ... iew=markup
Look at function vncImportACL::BuildACL()
I don't understand your suggestion: )
LookupAccountName()
InitializeAcl()
AddAccessDeniedAce()
AddAccessAllowedAce()
See http://cvs.sourceforge.net/viewcvs.py/u ... iew=markup
Look at function vncImportACL::BuildACL()
I don't understand your suggestion:
If you don't want local accounts in the ACL, you can always use domain accounts (if you have domains availableI was just wondering if you ever planned to put in the code to make it resolve SIDS against remote computer accounts to save this extra step in the deployment process.
)