Restricting access

Andrew van der Stock ajv "at" greebo.net
Wed, 20 Mar 2002 23:15:21 +0000


TS access in administrative mode is actually governed by ACLs which you
can adjust in the TS configuration snap-in, and via group policy.

The security of the solution is better than the VNC solution, as the TS
solution will only let you log in as yourself, and only grant access to
disconnected desktops that you have permission to see (ie they're from
your account). 

"Administrative" vs "application" - the major differences here is simply
the way licensing works. Administrative mode does not install a license
service and only allows 2 remote connections, and "application" mode
installs the TS license service and allows as many connections as you
have licenses for. To go to a Citrix style Program Neighborhood, where
remote applications are displayed locally on the user's desktop, you
have to go to Citrix. TS only does full screen access. This is okay as
rdesktop doesn't support Citrix ICA connections anyway.

Your second solution would also work. 

Andrew

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com] On Behalf Of Michael Ossmann
Sent: Thursday, 21 March 2002 4:42 AM
To: vnc-list "at" uk.research.att.com
Subject: Re: Restricting access

[snip]

Doesn't Administration mode restrict access to users in an
administrative group?  Wouldn't it be just as insecure if everyone was
an administrator?

[snip]

Another option would be to use some sort of gateway system.  If VNC
access is restricted to a particular Linux box, then you could run
vncviewer fullscreen inside Xvnc -nevershared and have your users
connect to that.  Other convoluted possibilities abound.
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------