VNC has a registry key called "AuthHosts" that you can implement to limit the Ips available for connection via VNC. At the very least, it should read: AuthHosts="-:192.168.1" Assuming that you have a 192.168.1.0/24 network. This literally tranlates to "Deny everything (the minus) but allow connections from IP addresses that have the first three octets of 192.168.1" For our roaming clients (laptops) I add, to the end, the external IP of our firewall, so that I can VNC them whether they can hit the VPN or not. HTH, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas Posted At: Thursday, August 19, 2004 2:35 PM Posted To: Windows 2000 Conversation: [windows2000] Re: VNC Subject: [windows2000] Re: VNC VNC gets you access to the computer but you still have to know VNC password to get past that screen and actually get to the point of logging on to the computer and then you have to log on with a different ID and Password to actually log on to the computer. I am not aware of a way to restrict the ability to get to the place where you enter the VNC log on password other than keeping them out of the network with the VPN security. So, in a way you are specifying by user (they are the ones who know the VNC password) who has access to that computer. Douglas Jensen Douglas.Jensen@xxxxxxxxxxxxx Voice (952) 402-9821 Fax (952) 402-9815 Network Administrator Scott Carver Dakota CAP Agency, Inc. 712 Canterbury Road Shakopee, MN 55379 www.capagency.org -----Original Message----- From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx] Sent: Thursday, August 19, 2004 12:53 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VNC What I am concerned about is that I would rather make sure I can specify by user who has logon privileges. I am not familiar with the app. But I remember from PCAnywhere that you can set logon privileges by even using domain authentication. Is something similar possible with VNC at all? Christoph -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas Sent: Thursday, August 19, 2004 11:35 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VNC The security will be provided by the VPN security you set up. After that, the person has to know the computer name or IP address of the computer and the VNC password and then the network user name and password to log in to the computer. Seems to me that as long as you allow a VPN into the network, you are not exposing much more risk. It seems like the same security risk as allowing a VPN to the network and then a Terminal Server session. Douglas Jensen Douglas.Jensen@xxxxxxxxxxxxx Voice (952) 402-9821 Fax (952) 402-9815 Network Administrator Scott Carver Dakota CAP Agency, Inc. 712 Canterbury Road Shakopee, MN 55379 www.capagency.org -----Original Message----- From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx] Sent: Thursday, August 19, 2004 12:28 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] VNC Some folks here want to use VNC for remote access to their machines (after connecting to the network via VPN). I am concerned about security. And as I am not that familiar with VNC - can it be locked down and controlled from an administrative point of view? Which version would be preferred from a security standpoint? As an example - I see TightVNC and VNC. Any feedback would be appreciated. Christoph ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm