[windows2000] Re: VNC

• From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
• To: <windows2000@xxxxxxxxxxxxx>
• Date: Thu, 19 Aug 2004 14:44:07 -0400

VNC has a registry key called "AuthHosts" that you can implement to
limit the Ips available for connection via VNC.

At the very least, it should read:

AuthHosts="-:192.168.1"

Assuming that you have a 192.168.1.0/24  network.

This literally tranlates to "Deny everything (the minus) but allow
connections from IP addresses that have the first three octets of
192.168.1"

For our roaming clients (laptops) I add, to the end, the external IP of
our firewall, so that I can VNC them whether they can hit the VPN or
not.

HTH,

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc. 
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
Posted At: Thursday, August 19, 2004 2:35 PM
Posted To: Windows 2000
Conversation: [windows2000] Re: VNC
Subject: [windows2000] Re: VNC


VNC gets you access to the computer but you still have to know VNC
password to get past that screen and actually get to the point of
logging on to the computer and then you have to log on with a different
ID and Password to actually log on to the computer.

I am not aware of a way to restrict the ability to get to the place
where you enter the VNC log on password other than keeping them out of
the network with the VPN security.

So, in a way you are specifying by user (they are the ones who know the
VNC
password) who has access to that computer.

Douglas Jensen
Douglas.Jensen@xxxxxxxxxxxxx
Voice (952) 402-9821
Fax    (952) 402-9815
Network Administrator
Scott Carver Dakota CAP Agency, Inc.
712 Canterbury Road
Shakopee, MN 55379
www.capagency.org


-----Original Message-----
From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx]
Sent: Thursday, August 19, 2004 12:53 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VNC

What I am concerned about is that I would rather make sure I can specify
by user who has logon privileges. I am not familiar with the app. But I
remember from PCAnywhere that you can set logon privileges by even using
domain authentication. Is something similar possible with VNC at all?

Christoph 

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
Sent: Thursday, August 19, 2004 11:35 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VNC

The security will be provided by the VPN security you set up.

After that, the person has to know the computer name or IP address of
the computer and the VNC password and then the network user name and
password to log in to the computer.

Seems to me that as long as you allow a VPN into the network, you are
not exposing much more risk.

It seems like the same security risk as allowing a VPN to the network
and then a Terminal Server session.

Douglas Jensen
Douglas.Jensen@xxxxxxxxxxxxx
Voice (952) 402-9821
Fax    (952) 402-9815
Network Administrator
Scott Carver Dakota CAP Agency, Inc.
712 Canterbury Road
Shakopee, MN 55379
www.capagency.org


-----Original Message-----
From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx]
Sent: Thursday, August 19, 2004 12:28 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] VNC

Some folks here want to use VNC for remote access to their machines
(after connecting to the network via VPN). I am concerned about
security. And as I am not that familiar with VNC - can it be locked down
and controlled from an administrative point of view? 

Which version would be preferred from a security standpoint? As an
example - I see TightVNC and VNC.

Any feedback would be appreciated.

Christoph
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check
out our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check
out our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm


********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check
out our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check
out our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] VNC
• » [windows2000] Re: VNC
• » [windows2000] VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC
• » [windows2000] Re: VNC

1. Home
2. windows2000
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---