Security problem on Windows XP with properties menu enable Jean-Pierre.Verheecke "at"
Thu Jan 8 09:21:01 2004

We are in an hospital medical/health environnment so we need to secure all
On Win9x, VNC login authorisation question (accepte/decline) was foreground
the winlogon screen but on Windows XP this VNC question doesn't pass
foreground the winlogon so the only solution is to not ask question
accept/decline when nobody is logged in.
The vncviewer remote client has only the password to enter on a remote
Windows XP VNC server when there is no open session.
This is a good idea because hotline is able to take control when nobody is
connected and security is ok for users datas.
In addition we used a list of workstation vncviewer with authentication IP
host to more secure remote control.
But when a user is logged in, a question accept/decline must be sent to ask
authorization to user logged in.
This is ok when i used the service WINVNC with option WINVNC -SERVICEHELPER
on Windows XP.

The problem is :
That this option is ok "by design" only if the menu properties is "enabled"
but not ok if the properties menu is "disabled", and with this option
"properties menu enabled" the user could changed the generic password and
others options used for all workstations in our site in HK_CURRENT_USER. But
the hotline team need to know this password and we don't want authorised
this password to be changed by users (and other options too)
The global password in HKLM could not be changed by user (this one is used
when nobody is logged in)
And if the menu properties is disabled, in this case the question
accept/decline is always sent or never sent (vnc only used HKLM KEY in this
if question accept/decline always sent, this is not a good idea because the
question is background the winlogon on Windows XP (so it is not ok and
remote control is KO)
If question never send, this is not a good idea because only the password is
needed to take control and this solution is not secure in our medical
environnment, the doctor need to know and accept the remote control or
The best solution would be to have the functionality here with the
"properties menu disabled" : 
- no question "accept/decline" sent on winlogon (nobody logged in)
- and question "accept/decline" sent if open session (user logged in)
- and properties menu "disabled" for the users, so user could not modify the
vnc configuration and the generic password.
Thanks for your idea,