newbie VNC X-server setup problem?

Matthias Nott mnott "at" gwdg.de
Wed, 08 Jul 1998 19:55:54 +0000


<html>
Dear Ho J,<br>
<br>
The problem is then: VNC will not run with Administrator privileges (it
controls the CURRENT desktop).<br>
It seems not to be possible (or at least not to be easy) to have a sort
of multi user approach (like<br>
with xwindows). There is some multiuser NT around, but it is
expensive.<br>
<br>
An approach for you could simply be to give the user rights to change the
registry or to remotedly<br>
log in as Administrator, when it is necessary, using the service option
of VNC.<br>
<br>
Be aware of the fact that when you log in as Administrator, even though
the user cannot<br>
directly capture the password which you enter, he in fact can do so by
simply hacking<br>
the (public) code of vnc so that it saves all keyboard entries to a
file.<br>
<br>
So make sure, WinVNC.exe (or however you may call it) is not accessible
for a user.<br>
Someone who wants to capture your password may let you log in and then
disconnect<br>
the remote PC from the network - thus taking over control.<br>
<br>
An XWindows approach with different desktops would be the appropriate
solution,<br>
yet (see above).<br>
<br>
On the other hand, using VNC keeps your system somewhat open and you
would<br>
have to rely upon the user not willing to do anything harmful (at least
he or she<br>
will be an employee and will have some incentive to keep that status
:-)<br>
<br>
Regards,<br>
<br>
Matthias<br>
<br>
<br>
<br>
At 02:10 09.07.98 +0900, you wrote: <br>
<br>
<font size=3D2><blockquote type=3Dcite cite>Thanks for the
info.</font><font size=3D3> <br>
<br>
</font><font size=3D2>I guess I need to explain a little more detail about
our environment. Our system is</font><font size=3D3>
</font><font size=3D2>using for</font><font size=3D3>
</font><font size=3D2>command and control</font><font size=3D3>
</font><font size=3D2>environment.=A0</font><font size=3D3>
</font><font size=3D2>Which means the end user uses NT workstation
with</font><font size=3D3> </font><font size=3D2>no privileges to change or
add software (using Pol file).=A0 It must be done by system administrator.=
=A0
WinVNC will save a tremendous time, if I can control the system
remotely.<br>
</font><br>
Thanks<font size=3D3> <br>
</font><font size=3D2>HO J </font><br>
<font size=3D3>=A0 </font><font size=3D2>
<ul>
<a name=3D"_MailData"></a>-----Original Message-----</font><font size=3D3>
</font><font size=3D2><b>
From:=A0=A0 Matthias Nott [SMTP:mnott "at" gwdg.de]</font></b><font size=3D3>=
 </font><font size=3D2><b>
Sent:=A0=A0</font></b><font size=3D3> </font><font size=3D2>Thursday, July=
 09, 1998 2:41 AM</font><font size=3D3> </font><font size=3D2><b>
To:=A0=A0=A0=A0</font></b><font size=3D3> </font><font size=3D2>Lee, Ho=
 J.</font><font size=3D3> </font><font size=3D2><b>
Cc:=A0=A0=A0=A0</font></b><font size=3D3> </font><font=
 size=3D2>vnc-list "at" orl.co.uk</font><font size=3D3> </font><font size=3D2><b>
Subject:=A0=A0=A0=A0=A0=A0=A0</font></b><font size=3D3> </font><font=
 size=3D2>RE: newbie VNC=A0 X-server setup problem?</font><font size=3D3>=
 <br>
<br>

At 01:20 09.07.98 +0900, you wrote:</font><font size=3D2>
<ul>
Sirs,</font><br>
<br>
<font size=3D3>
=A0=A0=A0=A0=A0=A0=A0 </font><font size=3D2>I've asked the question about=
 Winvnc remote installation.=A0 However, I received an uncertain solution=
 from your staff members.=A0=A0 I've 400 machines in nationwide.=A0 It=
 requires long travel to install the software and which is impossible.=A0 If=
 you noticed, the software called &quot;Remotely Possible&quot; from Avalan=
 provides excellent software install to the remote machines.=A0 Since I've=
 used your system and evaluating the software, please consider to add such=
 function to your software so that I don't need to travel the world to=
 install software.=A0</font><font size=3D3>
By the way, this software is excellent.<br>
<br>
</font><font size=3D2>
Thanks</font>
HOJ<font size=3D3>
</ul>
Dear HOJ,<br>
<br>

at least, your remote systems will have someone sitting there and working=
 with
them. So there should be no problem creating an installation script=
 which<br>
<br>

a) copies the necessary files (dll files and winvnc.exe) to the winnt/win95=
 directory
b) makes the necessary registry settings and adds a line under=
 hklm/software.../run for winvnc.exe<br>
<br>

I have done this a while ago with installshield; you can create a=
 self-extracting exe file with
install shield and put that one on your web site or distribute it with=
 eMail. You can already
configure a password (as you hard-setup the registry settings).<br>
<br>

So your remote users just have to run that install program once, and you are=
 done.
In order to have a way to reboot remotedly the systems, either use one of=
 that
new versions of winvnc supporting &quot;run as service&quot; --- or simply=
 configure your
systems as logging in automatically (which of course is a security=
 problem).<br>
<br>

A while ago I have hacked winvnc sources so that it lets you in with a=
 predefined
password --- it even lets you change the tray icon depending on the password=
 (or
not display a tray icon at all). See my related post about 2 months ago.<br>
<br>

Cheers<br>
<br>

Matthias
mnott "at" gwdg.de
</ul></blockquote><br>
</font></html>


---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------