[WIN] RE: Restricted Mode Solution

Tyran Ormond ormondt "at" cvwrf.state.ut.us
Thu, 30 Mar 2000 16:34:23 +0000 

On 04:04 PM 03/29/2000 -0700, it would appear that Ron Baxter wrote:
>Does anyone know of a temporary workaround to *restricting* a user of a VNC
>server machine from changing the VNC password on his/her machine?
>
>OS version:  Win95/WinNT
>VNC version  3.3.3 R2
>
>I understand that versions later than 3.3.2R3 will include a 'restricted' mode
>(according to the FAQ), but I have no idea when this will be released.

Set the AllowProperties registry entry to zero.  I use a login script to 
force that registry entry to merge into the users' registry on 
startup.  This information is available in the documentation as noted below.

>AllowProperties
>If this is set to zero, the user is not allowed to view the properties 
>dialog and hence cannot change any settings, including the password.  Note 
>that this stops all global per-user settings.  A valid password must 
>therefore be in force before using this setting, generally in the local 
>default-user setting.  Local per-user setting.
>
>Taken from http://www.uk.research.att.com/vnc/winvnc.html under advanced 
>options.


Start example registry file:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3]

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default]
"AllowProperties"=dword:00000000
"AllowShutdown"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\<administrator>]
"AllowProperties"=dword:00000001
"AllowShutdown"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\<administrator>]
"AllowProperties"=dword:00000001
"AllowShutdown"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\<administrator>]
"AllowProperties"=dword:00000001
"AllowShutdown"=dword:00000001

Note that the default user is set to zero.  They can't shut the program 
down and they can't change settings.  The three administrator users (you 
would use the actual user name instead of the <administrator value>) have 
both values set to 1.  They *can* shut the program down and they *can* 
change the passwords.

Tyran Ormond
LAN Technician/Programmer
ormondt "at" cvwrf.state.ut.us


---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------