Stefan,
{stuff removed}
>To my question: Is there a way to start VNC as service AFTER user logon
to >WS and ensuring that the helper icon will appear?
>Or is anyone planning an option in any VNC release that gives an user
the >opportunity to decide whether an admin may access the WS or not,
par >example by displaying a popup window like "Your WS is about to be
remote >controled by xxx(IP, resolved name, anything!), do you accept?"!
Anyway, >this option would be a great feature for VNC.
>I do not want to let the user start vnc on his own, for the users
are....a >little bit unskilled.
On a recent project I was concerned that my implementation of VNC on
users workstation could be used in a way to permit spying on what users
were doing.
Here are a few suggestions:
1) Implement SSH to tunnel VNC traffic - better security over the
network and remote admins must have both SSH access and VNC password.
2) Implement in VNC (checkbox or registry setting) that informs users of
someone attempting a remote connection and require the user to
confirm/permit a remote admin to take over their machine. A prompt will
appear on users' screen.
3) You could place an icon on user's desktop that starts the VNCViewer
in listen mode and call it "Remote Helpdesk". You would then not require
the VNCService.
4) Disable the remote registry service so that VNC
configuration/settings will be difficult to modify.
5) Enable VNC logging to track access.
6) Consider using UltraVNC (http://ultravnc.sourceforge.net) as they
have implemented NT authentication. Then only permit specific users to
remotely connect by placing their account in admin or vncaccess group.
7) Institute an acceptable computer usage policy in company and train,
train, train users.
Cheers,
Frank Pikelner
Email: [EMAIL PROTECTED]
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
