Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Backdoor and locking down VNC server

Post Reply
Italia82
Posts: 1
Joined: 2009-07-21 00:12

Backdoor and locking down VNC server

Post by Italia82 »

Hi all,

I'm working on moving my machines from v1.01 of ultravnc to the latest 1.0.6.4. With that in mind I have two questions:

1.) Using the ultravnc.ini file, I've disabled the users ability to access properties and control client connections ,but is there a way to disable access to the service controls on the right click context menu of the VNC server icon? I'm aware I could disable the icon from showing in the system tray, but I want the users to know when we're connected by the color changing icon. Any ideas?

2.) With the 1.01 version of the client, we (IT) enabled access controls that would prompt the user if we were trying to connect when they were logged in. If the user wasn't available, we would remotely restart the vnc service. This would allow us to connect without receiving the prompt. (We had to enable the prompt for political reasons.) In v1.01, when you restarted the service, it didn't restart the helper app and thus would not prompt the end user for authorization (or show the eyeball icon in the system tray). Is there any way to do that in the newer version? I've tried the "restart the service" method but it no longer works.

Any help is greatly appreciated!

~D
davidgrudek
20
20
Posts: 53
Joined: 2008-02-11 05:46

Re: Backdoor and locking down VNC server

Post by davidgrudek »

That option in number one is a great idea.
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Re: Backdoor and locking down VNC server

Post by Rudi De Vos »

1) Service access require admin access, even when the menu is visable you still need to be admin to execute them.

Ultravnc.ini is in program folders, normal only admins have access to make any changes to that file.

Winvnc take the desktop owners permission, unless that user is admin he is not able to change anything. If the desktop user is admin, you can't prevent him from closing a service.
( all changes are made with a runas)

We could remove the contex menu when you are not admin, but then you
can not longer enter another user/passwd to make changes without the need to logout.

2) There is an option to only request access when someone is logged on.
check
QueryIfNoLogon=0
Disable/enable query settings when no user is logged.
Post Reply