VNC® Enterprise Edition User Guide
Chapter 1: Introducing VNC Enterprise Edition
What is VNC Enterprise Edition?
Getting VNC Enterprise Edition ready to use
VNC Enterprise Edition 4.5 connectivity
Chapter 2: Getting Started: Connecting A Client To A Host Computer
Step 1: Ensure VNC Server is running on the host computer
Step 2: Start VNC Viewer on the client computer
Step 3: Identify VNC Server on the host computer
Step 4: Select an encryption option
Step 5: Connect and authenticate to VNC Server
Configuring VNC Viewer before you connect
Connected: The VNC Viewer experience
Using the VNC Viewer shortcut menu
Using the VNC Viewer Properties dialog
Managing the current connection
Changing the appearance and behavior of VNC Viewer
Restricting access to functionality
Chapter 4: Connecting From A Web Browser
Connected: The VNC Viewer for Java experience
Working with VNC Viewer for Java
Chapter 5: Exchanging Information
Printing host computer files to a local printer
Transferring files between client and host computers
Copying and pasting text between client and host computers
Communicating securely using VNC Chat
Chapter 6: Setting Up VNC Server
Running multiple instances of VNC Server
Configuring network communications
Preventing connections to VNC Server
Restricting functionality for connected users
Authenticating connections to VNC Server
Relaxing the authentication rules
Bypassing the authentication rules
Preventing particular connections to VNC Server
Restricting functionality for particular connected users
Uniquely identifying VNC Server
Appendix A: Saving Connections
Saving connections to VNC Address Book
Using VNC Address Book to connect
Restricting functionality for particular connected users
When a user connects to VNC Server, a set of VNC permissions is granted to that user. VNC permissions control which features of VNC Enterprise Edition a connected user is allowed to use.
Note: Connected web browser users are further restricted by the limited functionality of VNC Viewer for Java. A web browser user cannot print even if the Add VNC printer permission is granted, for example. For more information on these limitations, see Connecting from a web browser.
The following table explains how VNC permissions are granted to users who authenticate in order to connect to VNC Server:
VNC Server authentication mechanism |
Credentials supplied in order to connect |
Set of VNC permissions granted |
Customizable? |
|---|---|---|---|
Platform-native authentication or Single sign-on |
Host computer user with administrative privileges |
Full |
YES |
Any other host computer user |
Default |
YES |
|
VNC password |
Generic password (no user name) |
Default |
NO |
Admin user name and appropriate password |
Full |
NO |
|
ViewOnly user name and appropriate password |
View Only |
NO |
|
None |
|
Default |
NO |
For information on platform-native authentication, see Authenticating connections to VNC Server. For information on the other authentication mechanisms, see Relaxing the authentication rules.
The following table explains how VNC permissions are granted to users who bypass VNC Server’s authentication mechanism:
Type of user |
Credentials supplied in order to connect |
Set of VNC permissions granted |
Customizable? |
|---|---|---|---|
Guest (Interactive) |
Guest user name (no password) |
Default |
NO |
Guest (View-only) |
View Only |
NO |
|
Listening VNC Viewer |
|
Full |
NO |
For more information on these types of user, see Bypassing the authentication rules.
The following table explains the individual permissions allocated to the three sets (Full, Default, and View Only):
Permission name |
When granted, a connected user can... |
Full |
Default |
View Only |
|---|---|---|---|---|
View display contents |
See the host computer’s desktop. |
YES |
YES |
YES |
Send pointer events |
Control the host computer using the client computer’s mouse. |
YES |
YES |
|
Send keyboard events |
Control the host computer using the client computer’s keyboard. |
YES |
YES |
|
Send and receive clipboard contents |
Copy and paste text between applications running on the client and host computers. |
YES |
YES |
|
Send and receive files |
Exchange files with the host computer. VNC Viewer users only. |
YES |
YES |
|
Add VNC printers |
Print host computer files to a local printer. VNC Viewer users only. |
YES |
YES |
|
Accept chat messages |
Chat with other VNC Viewer users, or with a host computer user. VNC Viewer users only. |
YES |
YES |
|
Connect without accept/reject prompt |
Bypass connection prompts. For more information about this feature, see Preventing particular users connecting. |
YES |
|
|
If VNC Server specifies platform-native authentication or Single sign-on as its authentication mechanism, you can customize VNC permissions. For example, you might want to revoke permissions for a particular user in order to restrict their access to VNC Enterprise Edition functionality while connected. Note you cannot customize VNC permissions under any other authentication mechanism, or for users who bypass it.
Note: You can restrict access to VNC Enterprise Edition functionality for all connected users by configuring properties on the Inputs tab of the VNC Server Properties dialog. For more information, see Restricting functionality for connected users.
To customize VNC permissions, open the VNC Server Properties dialog. For more information on this dialog, see Using the VNC Server Properties dialog. On the Connections tab, click the Configure button. Providing either Windows password (or equivalent) or Single sign-on is selected in the Authentication dropdown, the Permissions for VNC Server dialog opens:
(Windows XP)
Note: A user can supply the credentials of any of the host computer users listed in Group or user names in order to connect to VNC Server (including any member of a group). To see how to configure host computer users or groups, see Managing users and groups in the authentication list.
You can change the VNC permissions allocated to a particular host computer user. To do this, select the appropriate entry in the Group or user names list, and turn individual permissions on or off. For example, in the following dialog, just the View display contents, Send pointer events, and Send keyboard events permissions are turned on for the host computer user Jane Doe:
(Windows XP)
This means that any user supplying Jane Doe’s credentials in order to connect to VNC Server is able to see the host computer’s desktop, and control it using their keyboard and mouse. All other VNC Enterprise Edition functionality, however, is disabled. A connected user cannot copy and paste or bypass connection prompts and, if a VNC Viewer user, cannot print, chat, or transfer files.