I think many of us have heard about VNC. This is a product that allows you to remote access a machine that has installed the server part of this app, as if you are in front of this machine display. It is freeware and works in Win9x/NT and 2000 without a problem.
I am an IT help-desk in a big company and accessing any computer from my office reduced very much my daily trip inside the company.
If you install the server part of VNC on a PC, that doesn't mean that when this computer is open you can access it. This is happening because the connection client-server is granted by a password, which the user can change without any problem, and also he can close the WinVNC server.
I'll try to tell you how to have an always connect capacity to any PC that has WinVNC installed.
First of all. after installing WinVNC, in NT/WIN2000 by going in the Programs/VNC/Administrative Tools/ you can chose "Install WinVNC Service." This option will install WinVNC as a service.
After that. without restarting the computer, go to Control Panel and open Services (in Win2000 Computer Management and Services).
Look for VNC Server and press the button START (in Win2000 right click with the mouse on the item and select start). If it's the first time WinVNC is started you will be asked to configure it. Leave all the options with defaults, but SPECIFY a password.
Now the computer is accessible from anywhere in the network by using the VNC
The interesting part begins now.
Run regedit and follow this path KEY_LOCAL_MACHINESOFTWAREORLWinVNC3Default. Here you will find the default key for WinVNC to work. You will have to add manually 2 keys.
To do that right click with the mouse and select NEW/DWORD VALUE.
A new key will appear letting you change the name. Write "AllowProperties" and leave the value as it is (0). Repeat this step but instead off "AllowProperties" write "AllowShutDown." These two keys will prevent any user to change properties of WinVNC without accessing the registry.
Now, the next step is to prevent access to registry. Start "regedt32" and follow the next steps. Go to HKEY_LOCAL_MACHINESOFTWAREORL and select WinVNC3. After that go to Security in regedt32 menu and select "Permissions." Here you can change permissions as you normally do in NT/Win2000 to let only a few persons to modify the keys in "Win VNC3" and fewer to change those permissions.
It's all done. Now the user can see when somebody is connected to his computer but cannot change the password or close the VNC server and the registry keys are unavailable for him.
You surely can access that computer without any problem whenever you want with the password that you know, and this will allow you to do the necessary interventions from anywhere in your network -- even from home if you have a dial-in permission in you network or via Internet.
This was first published in April 2001