Only accept remote access when PC connected to domain

Should you have problems with the MS logon plugin, here's the place to look for help or report issues.

Only accept remote access when PC connected to domain

Postby Guest » 2005-07-27 23:06

This might be an odd question:

When you install ultraVNC you obviously get a program dir created on your local hard drive. Registry entries are also set.

I was wondering, is there a way to store the program files on a server which the PC is mapped to so when it is connected to the network, the VNC server is allowed to accept connections as normal, but when it is not on the network and it loses connection to the shared folder on the server, it can not accept connections.

Can someone help me figure this out or something that would accomplish the same time of goal?

Thanks.
Moderated by redge at 2005-07-29 23:32:
moved from General help to [MS Logon] & General help
Last edited by Guest on 2005-07-29 23:32, edited 1 time in total.
Guest
 

Postby Sergio » 2005-07-28 14:33

Why not using MSLogon, and grant access only to a domain group ?

Just my 2 cents ...
Sergio
40
40
 
Posts: 103
Joined: 2004-05-22 20:02

Postby Guest » 2005-07-28 14:51

Hi, because the accounts are in a child domain and those don't seem to work. There are two domains.
A is the root domain, and b is the child domain.

I don't want to use local admin passwords.
Guest
 

Postby Sergio » 2005-07-29 17:50

Anonymous wrote:Hi, because the accounts are in a child domain and those don't seem to work. There are two domains.
A is the root domain, and b is the child domain.

I don't want to use local admin passwords.


Well ... The "New MSLogon" is supposed to work with multiple domains, I don't know about "child domains" ... So, why don't you post this on the [MS logon] Bug reports & General help so Martin could make it work with child domains.

HTH
Sergio
40
40
 
Posts: 103
Joined: 2004-05-22 20:02

Postby Marscha » 2005-08-01 14:34

MS-Logon II (AKA New MS-Logon) works also cross-domain.
You need trusts between the domains.
With W2K's AD, this is done automatically.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Postby Guest » 2005-08-01 21:08

Hi, thanks for your help.

So do you mean, if the parent domain is A and the child domain is B, I can add a group from the child domain. I've noticed right now that I can add a group into the parent domain and it will work with the child domain.
Guest
 

Postby Marscha » 2005-08-02 14:39

In Active Directory, you do not really have parent and child domains.
All trusts are bidirectional (and transitiv) in an AD forrest.
So you can use groups from any domain for ACLs.
Just open the "Configure MS-Logon Groups" dialog, click "Add" and select a domain from the drop-down list.
Any group that is visible in the dialog then could be used.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Postby Guest » 2005-08-02 16:15

Thanks
Guest
 

Postby Guest » 2005-08-02 22:19

Hi Marscha, I have one more question, I am going to test this out but can you tell me off hand, if I use MS login, and my laptop is off the domain (I.e. I have taken it home and I am on the internet), no other user should be able to connect to my laptop as I am not on the domain so info about the groups I gave access to can not be looked up. The connection will be rejected correct?
Guest
 

Postby Marscha » 2005-08-03 06:11

I'm not totally sure.
There could be some kind of caching.
I.e. if an account was looked up when you were connected to the domain this might be cached.

You have this effect with a normal interactive logon.
MS-Logon does a network logon which might behave differently.

Test it.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48


Return to MS logon plugin

Who is online

Users browsing this forum: No registered users and 1 guest