Secure VNC in Win2000
Results 1 to 2 of 2

Thread: Secure VNC in Win2000

  1. May 19th, 2003, 03:41 PM #1
    Stalemate
    Stalemate is offline
    Registered User Stalemate's Avatar
    Join Date
    May 2001
    Location
    d4-e5
    Posts
    15,120

    Secure VNC in Win2000

    WINDOWS 2000 PROFESSIONAL

    SECURE VNC FOR REMOTE CONTROL

    Virtual Network Computing (VNC), a free remote control application available from AT&T, lets you remotely access and control computers running
    a variety of operating systems, including Windows, UNIX, and Macintosh. You might be running VNC to remotely access Windows systems in your network, or perhaps even using it to manage your servers.

    VNC isn't very secure in the default installation because it allows access from any client IP address. Restricting access to specific addresses helps you control who can access a computer remotely. To create authorized hosts lists, you must modify the registry by following these steps.

    First, open the Registry Editor on the VNC server and open this registry
    key:

    HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3

    Next,

    1. Create a new REG_SZ value named AuthHosts.

    2. Add address entries, separated by colons, to control access. Use the format <char><address>, where <char> is either plus [+] (allow access), hyphen [-] (deny access), or question mark [?] (display a confirmation dialog box at the server, prompting to allow or deny).

    For example, you would use the following value to allow connections from all addresses in the 192.168.0.x subnet, deny the address 192.168.0.5, and query for the address 192.168.0.8:

    +192.168.0:-192.168.0.5:?192.168.0.8

    You can add a DWORD value named QueryTimeout to specify the length of time VNC will wait for someone to accept or reject a connection attempt at the server. You can also add a DWORD named QuerySetting and set it to a value between 0 and 4 to correspond with these settings:

    0 - Accept +, Accept ?, Query -
    1 - Accept +, Accept ?, Reject -
    2 - Accept +, Query ?, Reject - (This is the default.)
    3 - Query +, Query ?, Reject -
    4 - Query +, Reject ?, Reject -

    Setting up a list of authorized connections is just one way to add security to VNC for connections to your Windows 2000 computers. You an also restrict VNC to a VPN port to ensure encryption. For more information on configuring VNC settings, see the online documentation at AT&T's Virtual Network Computing Web site. http://www.uk.research.att.com/vnc/winvnc.html

    NOTE: Before making any registry edit, be sure to first back up the registry so that you can restore it if something goes wrong.
    Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. -Douglas Adams
    Reply With Quote Reply With Quote
  2. May 20th, 2003, 01:46 PM #2
    Poseidon
    Poseidon is offline
    Registered User Poseidon's Avatar
    Join Date
    Jan 2001
    Location
    Knoxville, TN USA
    Posts
    1,762
    Good find - a d e p t

    Thanks!

    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules