Home
Customers Speak
Downloads
Support
FAQ
Forums
Pricing
VNC Links
Bozteck Blog
Contact Info
 
We've built a new website!

Please come visit us at out new home located: HERE

Live chat by Boldchat
Live chat by Boldchat

 

UltraVNC Encryption using the DSM Plug-In

  


Overview

   It has never been this easy to deploy VNC with encryption enabled.  The guys at UltraVNC have done the hard work of enabling encryption though a DSM plug-in and we have done the other half by making it easy to deploy and use!

Click here to watch a flash webcast that shows how to push UltraVNC with the MS Authentication enabled.

How it's done

  • Start by creating a new deployment profile featuring UltraVNC.  You can do this in a number of ways but for this tutorial, we'll right-click a series of computers in the Local Network tab and choose to deploy VNC to them.
     

  • Once the wizard starts, choose to create a new profile and give it a name.  Be sure to set a VNC password even if you are going to use the Microsoft Authentication later in the wizard.  Select Ultra as the vnc version to deploy because this is a feature only supported by UltraVNC
     

  • Click through the wizard until you come to the screen with the UltraVNC features.  You will see a checkbox to enable UltraVNC encryption on the server.  Check that box and then continue with the wizard.
     

  • At the end of the wizard, deploy VNC to the list by clicking the Finish button.  Be sure to include your Windows authentication if needed before doing this.
     

  • The computers will be added to the group that you selected in the drop-down list.  Go to that group once the deployment has finished and double-click on one of them to connect.
     

  • Once you have authenticated, you will notice that it is using the DSM plug-in by the title bar display.  This means that the data between you and the server are encrypted. 

How The Plug-in Works

  There is a file in the c:\fastpush\vnc7\ultra folder called msrc4plugin_noreg.dsm and a file named rc4.key.  Both of these files are required for the encryption to work.

  The msrc4plugin_noreg.dsm file is there to plug into the VNC viewer and server to make the encryption happen.  The rc4.key file is a private key generated by VNCScan that is deployed with all of the UltraVNC servers.  A copy is kept in the folder with the vncviewer.exe file to complete the two way encryption.

FAQ

Why do I get a DSM error after changing the location of my VNC Viewer?

The msrc4plugin_noreg.dsm and rc4.key file must be in the same folder as the vncviewer.exe that you are changing to.  To correct the problem, copy those two files from the c:\fastpush\vnc7\ultra to the folder that contains your UltraVNC vncviewer.

I have my own rc4.key file already.  Can I use it instead of the one that comes with VNCScan?

Yes you can!  Simply overwrite the one in c:\fastpush\vnc7\ultra with your own rc4.key and yours will be used instead.  Make sure that it is also in the same folder as the VNC viewer that you plan to use and that a copy of the rc4.key is also in the same folder as the VNC viewer that you are using.

I'd like to generate a new rc4.key and distribute it.  How do I?

The easiest way to do this is to open a command prompt and change to c:\fastpush\vnc7\ultra\plugin folder and then issue the command:

crypto -k c:\fastpush\vnc7\ultra\rc4.key. 

From then on, your new key will be deployed with all of the UltraVNC servers that you push out.  There is no need to generate any new profiles because the rc4.key file is not aware of VNCScan deployment profiles.

Can I set a whole group to use the DSM Encryption instead of selecting it in all of the computer properties?

Yes you can.  It's in the group properties under the VNC Settings tab.  When the box is checked, VNCScan will use the DSM and rc4.key files that are in the same folder as the vncviewer.exe that is selected for that group on any computer that is in that group.

At the end of the VNC deployment, I get an error about an object not being created and the DSM isn't working right.  What gives?

The most likely problem here is authentication.  Make sure that at the end of the deployment wizard, you check the box to use alternate credentials and choose a username/password that is administrator level on the remote computer.

Another thing that can help is to download psexec and extract it into the c:\fastpush\vnc7\tools folder.  You may also want to extract a copy into your VNCScan program folder to make other functions go smoother, also. 

Psexec is a freeware tool written by Sysinternals to remotely execute commands on a network.  It is not distributed with VNCScan for licensing reasons, however, VNCScan makes full use of it if it is in those two locations.  You can get more information about psexec here.

We have a few administrators that use VNCScan.  How do I make sure they all use the same rc4.key file?

The easiest way to do this is to create a network share to hold the following files:

vncviewer.exe
msrc4plugin_noreg.dsm
rc4.key

Have each of your administrators set that as their vncviewer inside VNCScan and they will all be using the same key.

Another option is to send all of them the files via email or some other means with instructions to place them in the same folder as their vncviewer.exe file.

 

 


 

 

 

 

 
Copyright 2007 Bozteck Software