Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Control uvnc_service with user privileges

Developers may discuss here
Post Reply
4bst1n3nz
Posts: 4
Joined: 2012-01-03 13:27

Control uvnc_service with user privileges

Post by 4bst1n3nz »

Hello,
we actually run the uvnc server (v 1.0.1) mainly with user privileges in an user environment (wxp & w7 x64). the user starts an exe, that starts the "VNC Server" Service with admin rights. so the pc can be remote controlled. after that, the .exe starts "winvnc.exe -servicehelper" to show the tray-icon.
now the helper behind the trayicon is running with admin privileges and the user has the possibility to stop the "VNC Server"-Service by clicking right on tray-icon > "close vnc".
This works very fine in version 1.0.1 ...!
But we have to upgrade to version 1.0.9.6.1 now.
I saw, that the "uvnc_service" starts the servicehelper (trayicon) automatically. thats no problem, because we're starting the service with admin rights by using our runas-exe. but now, the user can't control the service anymore by using the trayicon-function "stop service". it always shows the windows run as dialog where nothing happens with the actual user...
So.. How can I bypass the final step and end the service as our workaround in version 1.0.1?
Thanks in advance.
Sorry for my bad english :stupid:
Sebastian
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: Control uvnc_service with user privileges

Post by B »

Hi. Your English is fine. Your problem, on the other hand, is not something with which I can readily assist.

Your user is able to close a service process started by a privileged runas command? That doesn't sound right. Are you sure it's not just closing the tray icon but leaving the service running?

Yes, the newer versions of UltraVNC take a significantly different approach to the services -- see documentation at http://www.uvnc.com/vista/

So I'm not sure what you're asking is possible. Maybe someone else can help...
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Re: Control uvnc_service with user privileges

Post by Rudi De Vos »

Not possible...
In Vista>= the service run in a seperate session ( session0) this is isolated from the user sessions.
You can longer send a message from the user desktop to the service session. ( MS security)

If it was possible, we would get requests "how to prevent that a normal user can stop the service"...
4bst1n3nz
Posts: 4
Joined: 2012-01-03 13:27

Re: Control uvnc_service with user privileges

Post by 4bst1n3nz »

Thanks for the answers!
I found another nice solution.
You can grant uvnc_service start and stop permissions for domain-users by using the subinacl from microsoft toolkit. so we dont need a runas script or else anymore. it works with xp and win 7 x64.
Greetz
Sebastian
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: Control uvnc_service with user privileges

Post by B »

You really want to grant nonprivileged users rights over a system service? That just sounds like a bad idea.... But I'm glad you found a solution for your purposes.
4bst1n3nz
Posts: 4
Joined: 2012-01-03 13:27

Re: Control uvnc_service with user privileges

Post by 4bst1n3nz »

i grantet them to start or stop only "uvnc_service". they can't change or delete it.
try it. use
subinacl.exe /service uvnc_service /GRANT="Domainname\Domainuser"=TO

TO grants Start and Stop.
more informations: http://www.robvanderwoude.com/subinacl.php
4bst1n3nz
Posts: 4
Joined: 2012-01-03 13:27

Re: Control uvnc_service with user privileges

Post by 4bst1n3nz »

By the way;
In Win 7, i cant log off without being kicked out of vnc. then i have to wait 10 sec. until i can connect again to reach the login screen. how can i stay connected while logging off like in XP? once teamviewer told me, that they close their service at least and start it at first. between this is a simple timeout. so it doesnt disconnect. how can i do the same with uvnc_service? has anyone an idea? :)
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: Control uvnc_service with user privileges

Post by B »

You can't in the current version, due to the Vista/Win7 security model changes. But if you're set to autoreconnect you should get reattached to the non-logged in service after a few seconds. There may be plans to fix/work around this in UVNC 2.x at some point -- I was answering this question in one or two recent threads and pointing to an older post by Rudi on the subject.
Post Reply