Deploying UltraVNC with MS Authentication

Overview     VNC Authentication is pretty weak and there are utilities out there to crack it.  For this reason, it is recommended that you deploy UltraVNC with the Microsoft authentication enabled.  VNCScan allows you to deploy UltraVNC in this manner very easily.     You don't need a Windows domain to be able to use this form of authentication.  It will work just fine on stand alone Windows 2000 and greater computers.  Most of the magic is done with the mslogonauth utility written by the guys at UltraVNC. Click here to watch a flash webcast that shows how to push UltraVNC with the MS Authentication enabled. How it's done Right-click a computer inside VNCScan and choose to deploy VNC   If you don't already have a profile set up to deploy VNC in this manner, choose to create a new profile and choose Ultra as the flavor. Notice: You will still need to set a dummy VNC password even if you plan to use MS Auth.  If you don't the server may reject all connections.   Work your way through the wizard until you see the following screen:   Check the box to use the Windows Logon. See information below for the format of the ACL text box.  A default is already supplied for you.  It allows all administrators full VNC access to the computer   Complete the wizard and deploy as you do any other version of VNC.  Tip: You may want to make sure that you're using the correct version of VNCViewer for this version of UltraVNC.  You can change the viewer location in the VNCScan settings.  The typical path to the latest UltraVNC viewer is "C:\fastpush\vnc7\ultra\vncviewer.exe". (From the UltraVNC Website) Format of the ACL allow 0x3 domain\account or deny 0x3 domain\account 0x1 is ViewOnly, 0x3 is Interact and implies that you can also view the remote desktop. domain can be a computername or the name of a domain. If domain is not specified (like deny 0x3 account), Windows tries to match the account name to a local or a domain account. It is not recommended to omit the domain part since this may lead to unexpected results. account can be groupname or username. If the accountname contains spaces, the domain\account expression is to be enclosed in quotationmarks: allow 0x3 "domain\account" Even if the accountname doesn't contain spaces, quotationmarks won't hurt. MSLogonACL has two abbreviations for special domains: one dot to denote the computername and two dots to denote the computer's domain: .\account for a local account on the computer or ..\account for an account in the computer's domain.