cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

VNC and UAC

ablyth
10-Marble

VNC and UAC

Hi All,

 

I am looking at an issue selecting a suitable tool for Remote Access to our "Things", historically we have used a re-packaged VNC application but have come up against these issues:

 

  • When run as a service, the remote user always connects to the console terminal, this is ok for physical machines, but for virtual machines that the customer manages via RDP, you do not connect to same terminal as them, so cannot "Screen-Share".

 

  • When run as an application to guarantee both users are sharing the same terminal, UAC protected windows (Server Manager, etc,) cause the VNC session to hang until the "local" user (connected via RDP) accepts the UAC prompt, then the user connected over VNC can continue working.

 

Does anyone have any advice/solution?

3 REPLIES 3
ckaminski
14-Alexandrite
(To:ablyth)

These links describe a solution to this issue, but poses it's own problems.  It's a modification of Local/Group Security Policy settings that eliminates the secure desktop for UAC prompts. 

https://technet.microsoft.com/en-us/magazine/ee851677.aspx

https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx

Your end users may not wish to disable this functionality - in which case there is no workaround to UAC.

For the first item, I do not currently have an answer. 

Regards,

-Chris Kaminski

Oh dear! Is there a prize of any kind for the first unanswerable question?

Thanks for looking at this Chris, it's useful to know that we haven't missed anything,

Alan

ckaminski
14-Alexandrite
(To:ablyth)

I don't know about a prize, but I'm not sure it's unanswerable.   Assuming you're talking about Windows Server products and the Terminal Services feature built-in, there's the Console session, and up to two remote users connecting over RDP to the server (unless you spring for the upgraded Terminal Services licensing).  I seem to remember there being a capability for a remote user to connect to the console in the TSADMIN utility.  If the user has Administrator rights on the machine, it should be able to "Connect to Console" and then share the desktop that VNC is running on.

I'm not sure if the reverse - connect to the remote users RDP session - is possible to do without disconnecting them.

References:

How to Connect to and Shadow the Console Session with Windows Server 2003 Terminal Services

Announcements


Top Tags