After I wrote that, it hit me that I should probably explain how it works to clarify what I'm talking about. ;)
When you set the service password in the VNCScan console, it creates a hash and stores that in a file. When you push the service out to the remote computer or if you install it using a login script, you place that key file in the same folder as the service executable. When the service starts, it opens the key file and generates it's key that it will use to decrypt any communication on TCP port 5566. If someone telnets into that port and attempts to send commands, the service will just ignore it. When the console sends commands or authentication to the service, it is first encrypted with the same hash of the private key then send to the service. The service decrypts it, then if everything checks out, it processes the script or command from the console. As you can see. this is far more secure than just allowing RPC over the Internet or WAN. There's no way that I'd allow remote registry editing over the Internet from my workstation! ;) -----Original Message----- From: Steve Bostedor Sent: Tuesday, February 01, 2005 11:16 AM To: 'James Weatherall'; '0067881-0005'; 'Jerry Westrick'; vnc-list@realvnc.com Subject: RE: Can VNC Do This? No, the VNCScan service uses TCP port 5566 and doesn't even listen to authentication requests unless it's encrypted with the private key on the console. The private key is configured on the remote computers at the time of install by the password that you set at the console. Psexec will do this but it requires the same unsecured ports to be open as it would to just do it with the registry editor. -----Original Message----- From: James Weatherall [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 01, 2005 11:13 AM To: Steve Bostedor; '0067881-0005'; 'Jerry Westrick'; vnc-list@realvnc.com Subject: RE: Can VNC Do This? Steve, Both the remote registry stuff and remote access to the Service Control Manager of a machine require that the machine be accessible via Microsoft RPC, which is all tied up with the file sharing protocols. So the port that you have to leave accessible for this remote script running service of yours to work is the same one you're claiming can't be used for secure registry access, surely? Doesn't the old psexec tool do exactly what you're describing? Cheers, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Bostedor > Sent: 01 February 2005 15:14 > To: 0067881-0005; Jerry Westrick; vnc-list@realvnc.com > Subject: RE: Can VNC Do This? > > Yes, I agree and on a LAN, that's a great administration tactic. It > becomes a problem over a WAN or across firewalls, though. It's very > insecure to allow remote registry outside of your firewall because the > communication is not encrypted and open to all sorts of attacks. > > The new service in VNCScan allows you to do administrative tasks like > this across firewalls in a much more secure fashion because only one > port needs to be opened and all traffic is encrypted. > Viewing remotely > installed programs will definitely make it's way into the list of > things that you can do out of the box, soon ... :) > > - Steve Bostedor > http://www.vncscan.com > > -----Original Message----- > From: 0067881-0005 [mailto:[EMAIL PROTECTED] > Sent: Saturday, January 29, 2005 5:22 PM > To: Steve Bostedor; Jerry Westrick; vnc-list@realvnc.com > Subject: Re: Can VNC Do This? > > Steve, > You can use Remote Registry service (available in Windows NT, 2000 and > XP for sure, maybe others) and connect to the remote computer's > registry, then drill down to > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall > to see the list of installed programs, similar to those listed in > Add/Remove Programs to gain the information you need. The Remote > Registry service needs to be started on both client and server to make > this connection to the registry. The logged in user will not see what > you are seeing when you connect this way. This won't get you anything > else you may have been looking for though. Hope this helps! > > Kent > ----- Original Message ----- > From: "Steve Bostedor" <[EMAIL PROTECTED]> > To: "Jerry Westrick" <[EMAIL PROTECTED]>; <vnc-list@realvnc.com> > Sent: Thursday, January 27, 2005 12:56 PM > Subject: RE: Can VNC Do This? > > > > Something like this is one of the new features that where > written into > > the new version of VNCScan. It would be tuff to open the add/remove > > programs on the remote computer, but it wouldn't be very hard to get > the > > list of installed programs on that computer and present you with a > list. > > > > > > The feature that makes things like this possible is the new VNCScan > > Service that you can push out to the remote desktops and perform > > Administrative functions with. Communications are secured with a > > private key and reasonable encryption. Some of the things > that you'll > > be able to do with the first version of the service include > executing > a > > command script on the remote computer, finding who is logged into a > > computer, rebooting it, and setting the various settings of > the remote > > VNC server. (much more, too) > > > > If you're good at writing your own WSH scripts or if you have 3rd > party > > programs that accept command line parameters, you'll be able to add > > custom commands to the right-click menu and those menu items will > launch > > whatever program or script you specify and pass it the selected > computer > > address by replacing the %host% variable. > > > > For example, if you have a program named wakeup.exe that > will wake up > a > > computer on the LAN if you issue a command: WAKEUP.EXE > > /COMPUTER:SLEEPINGCOMPUTER.DOMAIN.COM, you can make the new menu > command > > in VNCScan say, 'C:\WAKEUP.EXE /COMPUTER:%HOST% and VNCScan will > replace > > the %HOST% with the name of the selected computer and launch the > > command. Is this cool or what?! Thank you to Eric Chapuis for the > > suggestion on this. > > > > All of this functionality is already completed and in beta testing. > If > > you'd like to beta test this new version, just email me and let me > know. > > Please give me a rudimentary description of your environment, too. > > Nothing too specific; just the OS versions and how many computer and > > such. > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On > > Behalf Of Jerry Westrick > > Sent: Thursday, January 27, 2005 1:04 PM > > To: vnc-list@realvnc.com > > Subject: Re: Can VNC Do This? > > > > On Thursday 27 January 2005 17:47, ANDREW WRIGHT wrote: > > > I want to use VNC for some remote administration at work. But I > don't > > > want to connect to the desktop. I want to just open the GUI for a > > > specific application from a remote computer on my computer. For > > > example, suppose I have a computer named remote1. I want > to open the > > > Add/Remove Programs GUI from remote1 on my desktop. That way I can > see > > > > > what programs remote1 has installed. I don't want to > connect to the > > > desktop. If I could only open the GUI to a program, it wouldn't > bother > > the user and they could keep working. > > > > > Nope, only the GUI would be running on the Screen of the user... > > > > > > > > > Can VNC do this? If not, does anyone know of something that will? > > > > > > > VNC can, but windows cannot. > > > > > Thanks! > > > > No Prbm Jerry > > > _______________________________________________ > > > VNC-List mailing list > > > VNC-List@realvnc.com > > > To remove yourself from the list visit: > > > http://www.realvnc.com/mailman/listinfo/vnc-list > > _______________________________________________ > > VNC-List mailing list > > VNC-List@realvnc.com > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > > _______________________________________________ > > VNC-List mailing list > > VNC-List@realvnc.com > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > VNC-List@realvnc.com > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
