CAD solution with UAC off

CAD solution with UAC off

Postby ColtB45 » 2010-02-26 15:49

This will check to see if UAC is on. If UAC is on it will use the normal method of invoking the Secure Attention Sequence(Ctrl+Alt+Delete). If UAC is disabled it will create a CAD service that can send the SAS and then start that service.

You can download the patch here.
You can download the recompiled winvnc.exe binary (Based on Rev. 495) here.

To use this:
    1.) Install UltraVNC 1.0.8.2.
    2.) Replace the winvnc.exe executable with the one you downloaded (or built with the supplied patch).
    3.) Run gpedit.msc
    4.) Computer Configuration > Administrative Templates > Windows Logon Options
    5.) Double-click on the "Disable or enable software Secure Attention Sequence".
    6.) Check "Enable", then select "Services and Ease of Access applications" in the combobox and Apply the modification.
      It should not be necessary to reboot the computer, this modification is considered "on the fly".
    5.) Test it out!
[syntax="c"]Index: UltraVNC Project Root/UltraVNC/winvnc/winvnc/vistahook.cpp
===================================================================
--- UltraVNC Project Root/UltraVNC/winvnc/winvnc/vistahook.cpp (revision 495)
+++ UltraVNC Project Root/UltraVNC/winvnc/winvnc/vistahook.cpp (working copy)
@@ -214,27 +214,105 @@
strcat(mycommand,"\\");
strcat(mycommand,"cad.exe");

- int nr=(int)ShellExecute(GetDesktopWindow(), "open", mycommand, "", 0, SW_SHOWNORMAL);
- if (nr<=32)
- {
- //error
- //
- if ( nr==SE_ERR_ACCESSDENIED )
- vncTimedMsgBox::Do(
+ HKEY hKey;
+
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"), 0, KEY_READ, &hKey) == ERROR_SUCCESS)
+ {
+ DWORD LUAbufSize = 4, isLUAon = 0;
+ RegQueryValueEx(hKey, TEXT("EnableLUA"), NULL, NULL, (LPBYTE)&isLUAon, &LUAbufSize);
+ RegCloseKey(hKey);
+ if (isLUAon == 1)
+ {
+ int nr=(int)ShellExecute(GetDesktopWindow(), "open", mycommand, "", 0, SW_SHOWNORMAL);
+ if (nr<=32)
+ {
+ //error
+ //
+ if ( nr==SE_ERR_ACCESSDENIED )
+ vncTimedMsgBox::Do(
sz_ID_CADPERMISSION,
sz_ID_ULTRAVNC_WARNING,
MB_ICONINFORMATION | MB_OK
);

- if ( nr==ERROR_PATH_NOT_FOUND || nr==ERROR_FILE_NOT_FOUND)
- vncTimedMsgBox::Do(
+ if ( nr==ERROR_PATH_NOT_FOUND || nr==ERROR_FILE_NOT_FOUND)
+ vncTimedMsgBox::Do(
sz_ID_CADERRORFILE,
sz_ID_ULTRAVNC_WARNING,
MB_ICONINFORMATION | MB_OK
);
+ }
+ }
+ else
+ {
+ SC_HANDLE schSCManager;
+ SC_HANDLE schService;
+
+ // Get a handle to the SCM database.

- }
+ schSCManager = OpenSCManager(
+ NULL, // local computer
+ NULL, // ServicesActive database
+ SC_MANAGER_ALL_ACCESS); // full access rights

+ // Create the service
+
+ schService = CreateService(
+ schSCManager, // SCM database
+ "CAD", // name of service
+ "Ctrl+Alt+Delete for VNC", // service name to display
+ SERVICE_ALL_ACCESS, // desired access
+ SERVICE_WIN32_OWN_PROCESS, // service type
+ SERVICE_DEMAND_START, // start type
+ SERVICE_ERROR_NORMAL, // error control type
+ mycommand, // path to service's binary
+ NULL, // no load ordering group
+ NULL, // no tag identifier
+ NULL, // no dependencies
+ NULL, // LocalSystem account
+ NULL); // no password
+
+ // Get a handle to the service.
+
+ schService = OpenService(
+ schSCManager, // SCM database
+ "CAD", // name of service
+ SERVICE_ALL_ACCESS); // full access
+
+ // Attempt to start the service.
+
+ StartService(
+ schService, // handle to service
+ 0, // number of arguments
+ NULL); // no arguments
+
+ CloseServiceHandle(schService);
+ CloseServiceHandle(schSCManager);
+ }
+ }
+ else
+ {
+ int nr=(int)ShellExecute(GetDesktopWindow(), "open", mycommand, "", 0, SW_SHOWNORMAL);
+ if (nr<=32)
+ {
+ //error
+ //
+ if ( nr==SE_ERR_ACCESSDENIED )
+ vncTimedMsgBox::Do(
+ sz_ID_CADPERMISSION,
+ sz_ID_ULTRAVNC_WARNING,
+ MB_ICONINFORMATION | MB_OK
+ );
+
+ if ( nr==ERROR_PATH_NOT_FOUND || nr==ERROR_FILE_NOT_FOUND)
+ vncTimedMsgBox::Do(
+ sz_ID_CADERRORFILE,
+ sz_ID_ULTRAVNC_WARNING,
+ MB_ICONINFORMATION | MB_OK
+ );
+ }
+ }
+
SetThreadDesktop(old_desktop);
CloseDesktop(desktop);
return 0;
[/syntax]
Last edited by ColtB45 on 2010-05-02 17:06, edited 7 times in total.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: Possible CAD solution with UAC off

Postby ColtB45 » 2010-02-26 17:40

Moved to first post.
Last edited by ColtB45 on 2010-04-28 16:36, edited 2 times in total.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: Possible CAD solution with UAC off

Postby ColtB45 » 2010-02-28 06:52

Moved to first post.
Last edited by ColtB45 on 2010-04-28 16:35, edited 2 times in total.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby supercoe » 2010-02-28 19:52

Since no one else has replied I just wanted to thank you for the patch and I hope you decide to stick around to help the other developers! :D
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: CAD solution with UAC off

Postby ColtB45 » 2010-03-01 00:13

Thanks, I intend to stick around.:-D

I think this patch should be implemented with a UAC check:
    If UAC is on, call CAD.exe with ShellExecute.
    If UAC is off, call CAD.exe as a service.
I'll go ahead and get that done and then submit the changes.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby ColtB45 » 2010-03-01 16:49

Updated first post.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby jreed4 » 2010-03-30 15:39

Hello, I'm new to the forum

How would I go about of Recompileing UltraVNC with the supplied patch of ColtB45 at first post ?

Thanks

Moderated by redge at 2010-04-02 23:15:
removed full quote and added ColtB45 at first post
Last edited by jreed4 on 2010-04-02 23:15, edited 1 time in total.
jreed4
 
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Postby AndreL » 2010-04-06 11:29

Is it possible to have a executable version with this patch (for a windows 7 32bits)?
Thanks any way for your job.
AndreL
8
8
 
Posts: 19
Joined: 2007-06-07 14:29
Location: Brussels

Re: CAD solution with UAC off

Postby longman » 2010-04-16 11:50

Can this new code be included in the next version of ultravnc?
longman
 
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Postby ColtB45 » 2010-04-20 15:34

AndreL wrote:Is it possible to have a executable version with this patch (for a windows 7 32bits)?
Thanks any way for your job.
I just included it. See the first post.
It works on 32 and 64 bit versions of windows.
Last edited by ColtB45 on 2010-04-20 15:34, edited 1 time in total.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby longman » 2010-04-20 18:30

That's good work ColtB45! Thanks!
longman
 
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Postby jreed4 » 2010-04-21 20:09

I'm assuming that we need to replace the old winvnc.exe file with this new winvnc.exe file in the C:\Program Files\UltraVNC folder. If this is correct I have done so and I am running into a problem. My viewer can see the server, it promps me for a user name and password, but I do not get a image/view window. Any ideas, or am I going about this the wrong way?
jreed4
 
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Postby longman » 2010-04-21 20:10

Did you stop the vnc service, replace the file, and then restart the service?
longman
 
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Postby longman » 2010-04-21 20:18

Also don't forget that you have to make a local or gpo policy change for sas.

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Logon Options

Services and Ease of Access applications
longman
 
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Postby jreed4 » 2010-04-21 20:56

Yes I have changed the GPO policy
and the way I replaced the .exe file is by booting in safe mode because when I try to stop the server the "stop service" option is grayed out. And when I try to do so under task manager it tells me that access is denied.

There is something new that I have noticed. When I try to connect with the view, on the server machine a Warning window comes up saying "You selected ms-logon, but the auth.dll was not found. Check you installation."

any ideas?
jreed4
 
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Postby longman » 2010-04-21 21:07

I would review the settings for the vnc server on the computer you are trying to remote to - did you configure it to require ms logon? I am not using that way.
longman
 
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Postby jreed4 » 2010-04-21 21:12

Yes, we have our servers setup with ms logon so not any jo-smo can remote into our machines. This prevents students from trying to logon to computer and causing problems with the instructor while they are teaching the class.
jreed4
 
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Postby longman » 2010-04-21 21:28

I would change one to test if it works without the ms authentication and then go from there.
longman
 
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Postby ColtB45 » 2010-04-28 16:23

jreed4 wrote:Yes I have changed the GPO policy
and the way I replaced the .exe file is by booting in safe mode because when I try to stop the server the "stop service" option is grayed out. And when I try to do so under task manager it tells me that access is denied.

There is something new that I have noticed. When I try to connect with the view, on the server machine a Warning window comes up saying "You selected ms-logon, but the auth.dll was not found. Check you installation."

any ideas?
It sounds as if the rest of your installation is not 1.0.8.2. My modification was to 1.0.8.2. You need to have all of the other files from that version for this to work correctly. My recommendation would be to install 1.0.8.2 and then replace winvnc.exe.
Last edited by ColtB45 on 2010-04-28 16:23, edited 1 time in total.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby Kirck » 2010-04-29 15:13

Thanks ColtB45, works perfect!
Kirck
20
20
 
Posts: 54
Joined: 2005-06-16 08:41

Re: CAD solution with UAC off

Postby B » 2010-05-18 21:43

ColtB45 I think I love you. :) Okay no, but I'm grateful. This worked great! I only recently understood that CAD counterintuitively requires UAC be turned ON, and I just couldn't bring myself to do that to myself. Then I rediscovered this thread pretty much by accident.

Tried it, followed your instructions, and it just works! No reboots, no nothing. I dropped it into an existing ChunkVNC service setup (restarted the service), and CAD's fine through a repeater, whether the station is logged in or locked.

Now the only thing is that 1.0.8.2 has a repeater issue (there are a couple of threads about it). So your server will probably lock up on me. Any chance you could look into the repeater problem ( Possible BUG for server version 1.0.8.2 + repeater and elsewhere ) or possibly patch your changes into 1.0.8.0, which doesn't have the repeater issue?

Edit: Locked already. :( Got in again a minute or two later. (It gets worse over the course of a few hours.)

In any case, THANKS. Great job.

Very minor nit FYI: On my Vista box it's actually
"Computer Configuration > Administrative Templates > <b>Windows Components ></b> Windows Logon Options
Last edited by B on 2010-05-18 21:55, edited 2 times in total.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Postby ColtB45 » 2010-05-21 18:53

B wrote:...Any chance you could look into the repeater problem ( Possible BUG for server version 1.0.8.2 + repeater and elsewhere ) or possibly patch your changes into 1.0.8.0, which doesn't have the repeater issue?
I don't want to get in the habit of recompiling this fix for everyone who wants a particular version. BUT, since you asked so nicely :-D here is winvnc.exe 1.0.8.0 (Rev. 472) recompiled with my fix.

Download it here.

The same instructions apply as before except make sure that 1.0.8.0 is installed instead of 1.0.8.2.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby B » 2010-05-21 19:29

Thank you SO much. It's up and running to the repeater, my first test connected OK, monitor support working better (as it does in 1.0.8.0), and now for the "leave it alone a few hours" test to confirm things are well. (That's when the 1.0.8.2 repeater issue arises.)

This is just great, and very helpful to me.

Next would be a way to script the SAS changes you documented with gpedit. Do you know if this is the <b>only</b> key involved?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration

(after your gpedit recipe, mine is currently set to "1")

Maybe it's as simple as merging that key in?

In any case, I really appreciate the innovation and the recompile. This should definitely be considered for inclusion in new builds of the main UVNC codebase.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Postby ColtB45 » 2010-05-21 20:02

You're very welcome.

As for the registry key I believe that is correct but I haven't investigated it. In my environment we just made a group policy that controls that setting.
ColtB45
8
8
 
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas

Re: CAD solution with UAC off

Postby B » 2010-05-21 21:37

Only a couple of hours later but I re-tried, and still GOOD; connected right away. (I stopped waiting early because I want to switch repeaters and start again.)

I'm also going to add a second station (winvnc server) so I can test the registry merge hack further.

FYI to anyone interested, it does seem that the above mentioned key is the vital one -- there's one other instance of SoftwareSASGeneration on my Vista registry, in the Group Policy Objects hive, but I'm not sure whether it's directly relevant, yet.

Toggling the above mentioned key among 1, 2, and 3 changes the behavior, even while already connected in VNC. 2 is the only one that disables the SAS via software. 3 apparently is a "logical OR" that includes 1.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=dword:00000001


I'll see how this works as a merge. I hope I don't have to include the much longer (and possibly unique) Group Policy Object key too.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Postby B » 2010-05-24 02:50

Everything's working nicely for me, remotely, to two stations redirected to a more local repeater. (I did things a bit manually, copying directories and mucking with UltraVNC.ini, but I still had ChunkVNC install itself as a service with custom repeater IDs for each station.)

Not the best test of SAS/CAD, because the second station is XP and already had a 1 for SoftwareSASGeneration for some reason. In any case, CAD works to both machines, and so far so good!

I still need to test additional Win7/Vista stations, but I'm fairly confident based on a little more research that the one registry key should be sufficient.

This is firming up nicely, and thanks again to Colt, supercoe, JDaus, and of course Rudi and his team. The only significant remaining thing on my wish list (besides repeater ID management that I believe is forthcoming) is increased and more flexible security. Oh, and some Mac testing on my part. (Er, and screen scaling could improve too.) :)

Edit: Weird, when turning on "lock workstation" on exit on the XP machine, I get an error similar to that discussed at Re: Permission denied: uncheck[_] Protect my computer.. for ultravnc.ini, and the change never takes place.... More importantly, scaling stopped working again, to the Vista box. Looked perfect for a short while there, in full screen, via Connection Options.
Last edited by B on 2010-05-24 03:40, edited 1 time in total.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Postby LouiseBest » 2010-06-10 20:11

This works well as long as MS Logon is turned off (otherwise it does nothing after the credentials are entered). Any chance this could be enabled? It would certainly make it much more secure.

Thank you for your consideration.
LouiseBest
 
Posts: 1
Joined: 2010-06-07 21:24

Re: CAD solution with UAC off

Postby reifler » 2010-06-10 21:40

All this being taken care of in the 1.0.9.x release?
reifler
 
Posts: 1
Joined: 2010-06-10 21:36

Re: CAD solution with UAC off

Postby urgif69 » 2010-07-08 09:43

Thanks for the post, but where can I can download the patch and download the recompiled winvnc.exe binary (Based on Rev. 495) ?
The website is dead ...
Thank
Cedric
urgif69
 
Posts: 1
Joined: 2010-07-08 08:35

Re: CAD solution with UAC off

Postby Janus67 » 2010-07-12 16:54

A quick +1/Bump to see if anyone can re-host the winvnc file. Colt's server/dns link appears to be dead/down and I was hoping to get some PCs tested on and rolled out today with the fix installed.

I tested it and know that it works, unfortunately I have since imaged over that test PC that it was downloaded to.
Janus67
 
Posts: 2
Joined: 2010-07-12 16:51
Location: OSU

Next

Return to 1.0.8.X (stable)

Who is online

Users browsing this forum: No registered users and 2 guests