Mon Jun 2 17:57:00 2003
On Mon, Jun 02, 2003 at 09:29:03AM -0700, MATLOCK wrote:
>Can't seem to get an answer on my question, and this appears to be as close
>as I am going to get. Please assist. I do NOT want the end user (SERVER) to
>have the ability to do ANYTHING on their end when I (ADMIN) go into their
>machine. Only problem here is that when I put the 'AllowProperties' into
>the HKEY_LOCAL_MACHINE it kills my ability to do anything after getting into
>their machine. The great thing is it does kill THEIR ability to stop
>anything I do. The downside (unless I am doing something wrong) is when I
>put it in the HKEY_LOCAL_MACHINE area it kills MY ability after being able
>to see their screen of doing ANYTHING on their machine. Can you help. This
>would be a great help.
This is a "per-user" setting. I believe you can set the Default profile
to not allow properties (0) and you can set your profile to allow (1).
You can also specify individual usernames and changes settings per-user.
I am currently using the Default profile method but I have the individual
user accounts set to 0 also. I haven't tested the Default profile by having
a non-configured user log in to the system. By that I mean, the user(s)
that typically log into this system have special profiles in the registry.
Any user with a domain login can log in locally to the machine I have
configured but I haven't had anyone try it out.
So, under HKLM-Software-ORL-WinVNC3 you can have a Default user as well as
defined users. Each "per-user" setting can be added to the different user
profiles to control access.