Skip to main content
A
ablyth10-Marble
10-Marble
April 9, 2015
Question

VNC and UAC

  • April 9, 2015
  • 1 reply
  • 5244 views

Hi All,

 

I am looking at an issue selecting a suitable tool for Remote Access to our "Things", historically we have used a re-packaged VNC application but have come up against these issues:

 

  • When run as a service, the remote user always connects to the console terminal, this is ok for physical machines, but for virtual machines that the customer manages via RDP, you do not connect to same terminal as them, so cannot "Screen-Share".

 

  • When run as an application to guarantee both users are sharing the same terminal, UAC protected windows (Server Manager, etc,) cause the VNC session to hang until the "local" user (connected via RDP) accepts the UAC prompt, then the user connected over VNC can continue working.

 

Does anyone have any advice/solution?

    1 reply

    C
    ckaminski5-Regular Member
    5-Regular Member
    April 20, 2015

    These links describe a solution to this issue, but poses it's own problems.  It's a modification of Local/Group Security Policy settings that eliminates the secure desktop for UAC prompts. 

    https://technet.microsoft.com/en-us/magazine/ee851677.aspx

    https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx

    Your end users may not wish to disable this functionality - in which case there is no workaround to UAC.

    For the first item, I do not currently have an answer. 

    Regards,

    -Chris Kaminski

    A
    ablyth10-MarbleAuthor
    10-Marble
    April 21, 2015

    Oh dear! Is there a prize of any kind for the first unanswerable question?

    Thanks for looking at this Chris, it's useful to know that we haven't missed anything,

    Alan

    C
    ckaminski5-Regular Member
    5-Regular Member
    April 21, 2015

    I don't know about a prize, but I'm not sure it's unanswerable.   Assuming you're talking about Windows Server products and the Terminal Services feature built-in, there's the Console session, and up to two remote users connecting over RDP to the server (unless you spring for the upgraded Terminal Services licensing).  I seem to remember there being a capability for a remote user to connect to the console in the TSADMIN utility.  If the user has Administrator rights on the machine, it should be able to "Connect to Console" and then share the desktop that VNC is running on.

    I'm not sure if the reverse - connect to the remote users RDP session - is possible to do without disconnecting them.

    References:

    How to Connect to and Shadow the Console Session with Windows Server 2003 Terminal Services

    Terms & ConditionsAccessibility statement