Solved

Group Policy to allow VNC server on all workstations

Posted on 2007-11-15
9
2,462 Views
Last Modified: 2010-04-21
After migrating our XP machines to a SBS2003 domain, the Firewall on each XP machine now prevents me from accessing the VNC server software for support purposes. Is it possible to use a Group Policy on the SBS2003 server to add the VNC software (or port 5900 if better) in the exception list of each XP Firewall, and if so, how ?
Thanks
0
Comment
Question by:ndidomenico
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 20291845
Just turn off the firewall in the domain profile.
Enable it in the Standard profile.

You'll find this in Group Policy.

Behind the SBS server, there is likely no need to firewall the clients.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20291852
You do know that RDP is available on XP as is Remote Assistance?

0
 

Author Comment

by:ndidomenico
ID: 20291957
I use RDP if I need to "work" on the remote pc (better display quality if feel). For user assistance, I had tried Remote Assistance quite a while ago and I found it long and complex to get the session started, compared to vnc. Has it got better ?
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20292004
Make sure it's enabled on the workstation.
Set it up in Group Policy and add Administrators (the group) manually to the Helpers group it asks for.

Copy this into a shortcut on your desktop.

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/unsolicitedrcui.htm

Open this shortcut while using an account that has Admin rights locally on the user's workstation.  Bang in the computer name and press connect.

It's fairly simply.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20292054
Something else you should know about VNC. It is also considered a security vulnerability by some antivirus software. I think McAfee picks it up as a bug and will remove it. As a result, some AV software will not allow you to install VNC.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20293723
McAfee doesnt give too hoots about it :) I run McAfee and the only time i have seen anything detect VNC as a bug is things like windows defender scans.....the free VNC vers 4.1.11 had a flaw in it that let a dirty trojan through....4.1.12 fixed that flaw
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20298380
Hey again Jay Jay:

You're right, I was using an older version of VNC calle Tight VNC. I have changed to remote desktop since. This was a couple years ago. It was definately McAfee 4.5.xx that didn't like Tight VNC and wouldn't allow me to install VNC. It wasn't the Trojan associated with VNC.

I also saw Windows Defender not like Tight VNC, as you described. If I remember right, Defender would allow the install, but try to delete Tight VNC upon every scan.

There's no denying, things have changed and my experience with VNC is outdated.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20303038
**grin** Tight VNC is much more secure than any of the real VNC versions, so you were certainly using the better options...i think McAfee must have update their deffs as i have no issue with it, though, i dont use the McAfee Security suite, just the AV module...i dont think anyone likes VNC :)
0
 

Author Closing Comment

by:ndidomenico
ID: 31409406
Thanks for the shortcut Netman66. I will try to use this method now instead of Vnc.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question