WinVNC and AllowProperties

Alex Angelopoulos alex "at" bittnet.com
Wed, 02 Jan 2002 20:20:06 +0000


I assume your main issue is passwords not showing up appropriately. I haven't sat down to determine the best procedure for making
things uniform.  Here is what I *believe* happens - please, someone correct the details...

First, remember that VNC wants to be multi-user in an inherently single-user interface system on Windows.  If a user is logged on to
a system locally, when you connect to VNC it goes to the key:
HKEY_CURRENT_USER\Software\ORL\WinVNC3\
and compares the password to that entered in there. Obviously that differs for every user.

So here is what happens normally. Say you are logged on to a system as "Administrator" and install VNC, then set it to run as a
service and start it up.  Fine; it wants a password, you give it one, and it saves it to your user registry key.

You now reboot. When VNC comes up, it looks under
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\
for a password - and doesn't find one.  So it flashes the dialog box about no password being defined at you (or at whoever is
sitting at the machine) and then saves whatever you put in as the default password forn connecting when no one is logged in.
Obviously, weird things will happen if you have left the PC already and an end-user is trying to get in.

The next part is where I get fuzzy :).

Either by cancelling or giving a password, you get past that and get to the Windows user logon screen.  A user logs on to the local
machine or the network and... once again, there is no password defined for THAT person, since their HKEY_CURRENT_USER is different.
Once again, you get a password prompt.

The simplest way of working around this without doing a silent regedit import into HKCU at each boot is to go ahead and configure
the HKLM and admin account entries manually, then export
SOFTWARE\ORL\WinVNC3\
Then you need to import it into each person's User key; if you also add it to
HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3\
Whenever a new user is added to the machine, they should get those settings.

Of course you have management issues now if you want to change the password.

LOW OVERHEAD WORKAROUND
(1) Set it up on one machine.
(2) Export both of the following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\ ( I will call it VNCMachine.reg)
HKEY_CURRENT_USER\Software\ORL\WinVNC3\ ( I will call it VNCUser.reg)
(3) As you go around to PCs, merge VNCMachine.reg into the registry/
(4) Add VNCUser.reg to the Netlogon share, then in the logon script for the network add a line to silently merge the VNCUser.reg at
each logon.  I *think* it would be
regedit /s %0\VNCUser.reg
(the "%0\" just tells the logon script to search for VNCUser.reg in the path where the logon script is).

HTH

----- Original Message -----
From: <MichaelLashinsky "at" drugplastics.com>
To: <vnc-list "at" uk.research.att.com>
Sent: Wednesday/2002 January 02 14:10
Subject: WinVNC and AllowProperties


: Happy New Year Everyone!!
:
:      I have been working with VNC in my company and am starting to deploy
: it throughout my company.  My strategy is to install as a service,
: (Dis)AllowProperties and RemoveWallpaper in the Windows Registry.  Manually
: delete the viewers on my user's computers, and remove the shortcuts in the
: start menu.  I hope to keep users from hacking into each other's computers,
: playing pranks on each other, and basically keep security tight while
: allowing me to administer help desk support with one reasonably secure
: password.
:      The problem I am experiencing is that I am getting mixed results from
: my registry entries.  Sometimes they work and sometimes they don't.  I
: haven't figured out the common factors yet although I am still trying.
: (Admittedly, I am not very experienced in registry hacking, but I don't
: understand why the entry will work on one attempt and not on the next on
: the very same machine.)  My users are running '95, '98, 'NT4.0, and '2000.
: Has anyone else been here before?  Any insights that might help?
:
:
: Have a Good Day,
:
: Michael L.
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
: 'unsubscribe vnc-list' in the message BODY
: See also: http://www.uk.research.att.com/vnc/intouch.html
: ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------