Security problem on Windows XP with properties menu enable

James Weatherall jnw "at" realvnc.com
Fri Jan 9 13:55:22 2004


Jean-Pierre,

The full VNC 4.0 release will include the QueryConnect functionality, even
when a workstation is locked.

Cheers,

Wez @ RealVNC Ltd.


-----Original Message-----
From: vnc-list-admin "at" realvnc.com [mailto:vnc-list-admin "at" realvnc.com] On
Behalf Of Jean-Pierre.Verheecke "at" chru-strasbourg.fr
Sent: 08 January 2004 09:19
To: vnc-list "at" realvnc.com
Subject: Security problem on Windows XP with properties menu enable


We are in an hospital medical/health environnment so we need to secure all
workstations. On Win9x, VNC login authorisation question (accepte/decline)
was foreground the winlogon screen but on Windows XP this VNC question
doesn't pass foreground the winlogon so the only solution is to not ask
question accept/decline when nobody is logged in. The vncviewer remote
client has only the password to enter on a remote Windows XP VNC server when
there is no open session. This is a good idea because hotline is able to
take control when nobody is connected and security is ok for users datas. In
addition we used a list of workstation vncviewer with authentication IP host
to more secure remote control.
 
But when a user is logged in, a question accept/decline must be sent to ask
authorization to user logged in. This is ok when i used the service WINVNC
with option WINVNC -SERVICEHELPER on Windows XP.

The problem is :
That this option is ok "by design" only if the menu properties is "enabled"
but not ok if the properties menu is "disabled", and with this option
"properties menu enabled" the user could changed the generic password and
others options used for all workstations in our site in HK_CURRENT_USER. But
the hotline team need to know this password and we don't want authorised
this password to be changed by users (and other options too) The global
password in HKLM could not be changed by user (this one is used when nobody
is logged in)
 
And if the menu properties is disabled, in this case the question
accept/decline is always sent or never sent (vnc only used HKLM KEY in this
case). if question accept/decline always sent, this is not a good idea
because the question is background the winlogon on Windows XP (so it is not
ok and remote control is KO) If question never send, this is not a good idea
because only the password is needed to take control and this solution is not
secure in our medical environnment, the doctor need to know and accept the
remote control or refused.
 
POSSIBLE SOLUTION IN DEVELOPPEMENT PATCH FOR VNC 3.3.7 or 4.0 ? The best
solution would be to have the functionality here with the "properties menu
disabled" : 
- no question "accept/decline" sent on winlogon (nobody logged in)
- and question "accept/decline" sent if open session (user logged in)
- and properties menu "disabled" for the users, so user could not modify the
vnc configuration and the generic password.
 
Thanks for your idea,
 
JPV
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list