cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

VNC and UAC

ablyth
7-Bedrock

VNC and UAC

Hi All,

 

I am looking at an issue selecting a suitable tool for Remote Access to our "Things", historically we have used a re-packaged VNC application but have come up against these issues:

 

  • When run as a service, the remote user always connects to the console terminal, this is ok for physical machines, but for virtual machines that the customer manages via RDP, you do not connect to same terminal as them, so cannot "Screen-Share".

 

  • When run as an application to guarantee both users are sharing the same terminal, UAC protected windows (Server Manager, etc,) cause the VNC session to hang until the "local" user (connected via RDP) accepts the UAC prompt, then the user connected over VNC can continue working.

 

Does anyone have any advice/solution?

3 REPLIES 3
ckaminski
13-Aquamarine
(To:ablyth)

These links describe a solution to this issue, but poses it's own problems.  It's a modification of Local/Group Security Policy settings that eliminates the secure desktop for UAC prompts. 

https://technet.microsoft.com/en-us/magazine/ee851677.aspx

https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx

Your end users may not wish to disable this functionality - in which case there is no workaround to UAC.

For the first item, I do not currently have an answer. 

Regards,

-Chris Kaminski

Oh dear! Is there a prize of any kind for the first unanswerable question?

Thanks for looking at this Chris, it's useful to know that we haven't missed anything,

Alan

ckaminski
13-Aquamarine
(To:ablyth)

I don't know about a prize, but I'm not sure it's unanswerable.   Assuming you're talking about Windows Server products and the Terminal Services feature built-in, there's the Console session, and up to two remote users connecting over RDP to the server (unless you spring for the upgraded Terminal Services licensing).  I seem to remember there being a capability for a remote user to connect to the console in the TSADMIN utility.  If the user has Administrator rights on the machine, it should be able to "Connect to Console" and then share the desktop that VNC is running on.

I'm not sure if the reverse - connect to the remote users RDP session - is possible to do without disconnecting them.

References:

How to Connect to and Shadow the Console Session with Windows Server 2003 Terminal Services

Top Tags