I wrote a script that prompts for a machine name, starts the service, runs
the viewer and connects, and then stops the service when the viewer is
closed. It uses the currently logged in user to start and stop the service,
so the security is all microsoft security. Thier are no open ports to scan,
and the password for the vncserver is not a issue anymore and can be set to
a blank password with a reg tweak. If you want to block the ports, the port
for the web viewer is 5800 and the vncviewer I believe is 5900 - 5905. Here
is the code from my vbs script. Just change the path to vnc and save as a
vbs file.
'------------------------------------------------------------------------
'This script will start the VNC service on a NT/2k/XP machine
'and then connect to it. It then stops the service after
'it has closed the session.
on error resume next
const NotInstalled = -2147022676, MachineOff = -2147024843
dim computername, WshShell, pathtovnc
'Edit this!
pathtovnc = "h:\vnc"
Set WshShell = WScript.CreateObject("WScript.Shell")
computername = InputBox("Enter the computername:", "Computername")
Set VNCServiceObj = GetObject("WinNT://" & computername & "/winvnc")
If err = NotInstalled then
wscript.echo "The machine doesn't have VNC installed."
wscript.quit
ElseIf err = MachineOff then
wscript.echo "The machine isn't on."
wscript.quit
End if
VNCServiceObj.start
wscript.sleep 2000
wshshell.run pathtovnc & "\vncviewer " & computername, 1, true
VNCServiceObj.stop
Set VNCServiceObj = Nothing
wscript.echo "Session closed."
'---------------------------------------------------------------------------
--
-----Original Message-----
From: David Florea [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 08, 2002 5:58 PM
To: NT 2000 Discussions
Subject: RE: VNC
How do you feel about setting up VNC just on the inside of your LAN? In my
case all NAT addresses - if the VNC ports are all blocked at the external
firewall, seems like that wouldn't present too much of a hole.
-----Original Message-----
From: Winburn, Landon M. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 08, 2002 12:41 PM
To: NT 2000 Discussions
Subject: RE: VNC
You can setup vnc as a service and set it to start manually. Instead of
using a password, connect and start the service. Then make your connection.
This is also better, because port 5800 is not open all the time letting
people know that you are running vnc.
Landon.
-----Original Message-----
From: Ed Esgro [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 08, 2002 2:16 PM
To: NT 2000 Discussions
Subject: VNC
Want to get some feedback from experience.
I was asked to put VNC on one of my servers on the DMZ and allow remote
access. Why I was asked to do this is beyond me but I just do as I am told.
What I want to know is how secure is VNC and what can I say to persuade this
bad idea? Thank you all.
Ed
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to %%email.unsub%%
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to %%email.unsub%%
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to %%email.unsub%%
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
