Solved

Group Policy to allow VNC server on all workstations

Posted on 2007-11-15
9
2,452 Views
Last Modified: 2010-04-21
After migrating our XP machines to a SBS2003 domain, the Firewall on each XP machine now prevents me from accessing the VNC server software for support purposes. Is it possible to use a Group Policy on the SBS2003 server to add the VNC software (or port 5900 if better) in the exception list of each XP Firewall, and if so, how ?
Thanks
0
Comment
Question by:ndidomenico
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 20291845
Just turn off the firewall in the domain profile.
Enable it in the Standard profile.

You'll find this in Group Policy.

Behind the SBS server, there is likely no need to firewall the clients.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20291852
You do know that RDP is available on XP as is Remote Assistance?

0
 

Author Comment

by:ndidomenico
ID: 20291957
I use RDP if I need to "work" on the remote pc (better display quality if feel). For user assistance, I had tried Remote Assistance quite a while ago and I found it long and complex to get the session started, compared to vnc. Has it got better ?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20292004
Make sure it's enabled on the workstation.
Set it up in Group Policy and add Administrators (the group) manually to the Helpers group it asks for.

Copy this into a shortcut on your desktop.

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/unsolicitedrcui.htm

Open this shortcut while using an account that has Admin rights locally on the user's workstation.  Bang in the computer name and press connect.

It's fairly simply.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 38

Expert Comment

by:ChiefIT
ID: 20292054
Something else you should know about VNC. It is also considered a security vulnerability by some antivirus software. I think McAfee picks it up as a bug and will remove it. As a result, some AV software will not allow you to install VNC.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20293723
McAfee doesnt give too hoots about it :) I run McAfee and the only time i have seen anything detect VNC as a bug is things like windows defender scans.....the free VNC vers 4.1.11 had a flaw in it that let a dirty trojan through....4.1.12 fixed that flaw
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20298380
Hey again Jay Jay:

You're right, I was using an older version of VNC calle Tight VNC. I have changed to remote desktop since. This was a couple years ago. It was definately McAfee 4.5.xx that didn't like Tight VNC and wouldn't allow me to install VNC. It wasn't the Trojan associated with VNC.

I also saw Windows Defender not like Tight VNC, as you described. If I remember right, Defender would allow the install, but try to delete Tight VNC upon every scan.

There's no denying, things have changed and my experience with VNC is outdated.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20303038
**grin** Tight VNC is much more secure than any of the real VNC versions, so you were certainly using the better options...i think McAfee must have update their deffs as i have no issue with it, though, i dont use the McAfee Security suite, just the AV module...i dont think anyone likes VNC :)
0
 

Author Closing Comment

by:ndidomenico
ID: 31409406
Thanks for the shortcut Netman66. I will try to use this method now instead of Vnc.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now