Thank god, well I know hard outside soft inside isn't a good model these days but there is always a trade off between functionality and security. We run IPSEC internally and all thin clients are running 128bit, I have a script which checks all the logs for vnc service events daily (something gencontrol always creates) you also have to have admin rights (yes I know you can obtain these but...) so if you're all good there then I would open that port... it depends how much you need to be able to do it I guess... The way I see it is if any hacker is getting in and is worth their salt the last thing they're going to do is run a VNC session onto a users machine, the intrusion would be detected by admins reasonably quickly so where's the fun in that. Far better to sit on your routers and misdirect packets, hide exploits on your HP printers flash memory and run jack the ripper on your accounts and log in legitimately... but maybe they would log onto a users XP box and change the background on the desktop ;) ________________________________ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Dogers Sent: 09 November 2005 15:16 To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Remote Assistance/Desktop God no, not the company firewall! I mean XP's :) We have it enabled by default as a CYA if any accidents happen ;) Andrew On 09/11/05, Sorin Srbu <sorin.srbu@xxxxxxxxxxxxx> wrote: Dogers <> scribbled on Wednesday, November 09, 2005 3:44 PM: I know what you mean... Anyway, I wouldn't unblock the VNC ports in the company firewall if I were you, and that's what you mean? VNC is well-known to crackers and hackers... Granted, you can lock it down using white-lists and stuff, but I'd still rather see a way to initiate a mail-remote-desktop-session and yadda, yadda, yadda, using an already built-in program. I really with Microsoft could point its wand over the rdp-clients and do some magic. 8-/ > Yeah, I remember you asking, was hoping we had found an answer! Guess not, > bah! > > Whats annoyed me is just now we tried doing one WITH an invite and it kept > wanting to kick the user off anyway! > > Will have to get VNC unblocked on the firewall I guess :( > > Andrew > > > On 09/11/05, Sorin Srbu < sorin.srbu@xxxxxxxxxxxxx <mailto:sorin.srbu@xxxxxxxxxxxxx> > wrote: > Dogers <> scribbled on Wednesday, November 09, 2005 3:38 PM: > > I asked the same thing a while back, but didn't really come any > conclusion. Anyway, I'd like to do this too. > >> Anyone know if theres a way to connect to an XP machines console session, >> without logging off the current user? I know the user can send an invite >> and ask you to connect, but is there a way to connect without the user >> sending the initial invite? ***************************** New Site from The Kenzig Group! Windows Vista Links, list options and info are available at: http://www.VistaPop.com ***************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm Visit the new FDL web - site designed to serve you better- http://www.fdl.co.uk This message has been sent from Fuerst Day Lawson Ltd and confirms that the email has been scanned and to the best of our knowledge is free from virus infection. The unauthorised use, disclosure, forwarding or copying of this message and any attachments is strictly prohibited. If you have received this message in error, please email moderator@xxxxxxxxx This message and any attachments, which are confidential and may be privileged, are for the use of the addressee(s) only. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of Fuerst Day Lawson Ltd.