Solved

Group Policy to allow VNC server on all workstations

Posted on 2007-11-15
9
2,479 Views
Last Modified: 2010-04-21
After migrating our XP machines to a SBS2003 domain, the Firewall on each XP machine now prevents me from accessing the VNC server software for support purposes. Is it possible to use a Group Policy on the SBS2003 server to add the VNC software (or port 5900 if better) in the exception list of each XP Firewall, and if so, how ?
Thanks
0
Comment
Question by:ndidomenico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 20291845
Just turn off the firewall in the domain profile.
Enable it in the Standard profile.

You'll find this in Group Policy.

Behind the SBS server, there is likely no need to firewall the clients.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20291852
You do know that RDP is available on XP as is Remote Assistance?

0
 

Author Comment

by:ndidomenico
ID: 20291957
I use RDP if I need to "work" on the remote pc (better display quality if feel). For user assistance, I had tried Remote Assistance quite a while ago and I found it long and complex to get the session started, compared to vnc. Has it got better ?
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20292004
Make sure it's enabled on the workstation.
Set it up in Group Policy and add Administrators (the group) manually to the Helpers group it asks for.

Copy this into a shortcut on your desktop.

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/unsolicitedrcui.htm

Open this shortcut while using an account that has Admin rights locally on the user's workstation.  Bang in the computer name and press connect.

It's fairly simply.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20292054
Something else you should know about VNC. It is also considered a security vulnerability by some antivirus software. I think McAfee picks it up as a bug and will remove it. As a result, some AV software will not allow you to install VNC.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20293723
McAfee doesnt give too hoots about it :) I run McAfee and the only time i have seen anything detect VNC as a bug is things like windows defender scans.....the free VNC vers 4.1.11 had a flaw in it that let a dirty trojan through....4.1.12 fixed that flaw
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20298380
Hey again Jay Jay:

You're right, I was using an older version of VNC calle Tight VNC. I have changed to remote desktop since. This was a couple years ago. It was definately McAfee 4.5.xx that didn't like Tight VNC and wouldn't allow me to install VNC. It wasn't the Trojan associated with VNC.

I also saw Windows Defender not like Tight VNC, as you described. If I remember right, Defender would allow the install, but try to delete Tight VNC upon every scan.

There's no denying, things have changed and my experience with VNC is outdated.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20303038
**grin** Tight VNC is much more secure than any of the real VNC versions, so you were certainly using the better options...i think McAfee must have update their deffs as i have no issue with it, though, i dont use the McAfee Security suite, just the AV module...i dont think anyone likes VNC :)
0
 

Author Closing Comment

by:ndidomenico
ID: 31409406
Thanks for the shortcut Netman66. I will try to use this method now instead of Vnc.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question