Several years ago I started working in a help desk doing phone support 2 days a week. At the time we did not have remote control capability to workstations. Words cannot describe the frustration there is trying to solve something you cannot see. What I call an icon and what the user calls could be (and usually is) two different things. “Now open My Computer” says the tech and “IT IS OPEN” yells the user. Don’t laugh, it happens far too often. Eventually, the help desk did get a buggy version of workstation remote control software with Novell Zenworks 3. However, this little beast was based on IPX communications which are older and much more unreliable then TCP/IP communications. We also had problems with video acceleration crashing the remote control agent on the user’s machine, so I had to figure out a way of disabling the acceleration. We finally got Microsoft SMS 2003 for inventory management and remote control and let me tell you that is one sweet product.
Of course you probably don’t have money for SMS 2003 and that’s where VNC comes in. VNC stands for Virtual Network Computing and was originally developed by AT&T. Those nice guys at AT&T released the source code for VNC into the public domain (or more specifically: GNU…I know GNU’s not public domain, but you get the point). VNC lets you connect to a client workstation from your own workstation for…..FREE. Free? Yes, free. Everyone likes the word free including me!
So how does it work? You basically put a remote VNC host on the workstation (a mini server) and then you connect to that workstation using a VNC viewer. This is done using the standard TCP/IP protocol. It will even do it by host name (which resolves to an IP address). At my new company we didn’t have any remote control software, so I decided to use VNC on our workstations (with management approval of course). There different “flavors” of VNC: RealVNC, TightVNC, UltraVNC, etc. You can lock down VNC by using a password to keep out the bad guys. UltraVNC will do Windows authentication, RealVNC will not (unless you pony up money for the enterprise version).
In the course of using VNC you’ll notice one really annoying thing: no computer list. There’s really no way of knowing what computers have VNC and which ones don’t. That’s where VNCScan comes in. VNCScan will scan your network based on the IP parameters you give it and will search your entire network for VNC and RDP clients. How cool is that? Now this program is $39 per administrator, but there is a trial copy at the web site that is good for 30 days so you can completely test drive the program before buying (that’s PER administrator, NOT per computer!). After downloading and installing the program you make a group (or multiple groups). You then specify the starting and ending IP address. Now you can right-click on the group and pick Scan. Again, make sure you have permission from your management team to do this as this will do a port scan of your whole network. Some network administrators may get a bit upset at you if you don’t ask first.
If you are are running Windows XP SP2 like I am you’ll notice that VNCScan won’t recognize computers that are truly running VNC nor find them. What gives? Well, according to VNCScan you need a patch to boost your concurrent TCP/IP connections. That brings us to this site which claims “Since XP SP2 there are only 10 concurrent TCP connection attempts possible, while in SP1 it has not been limited.” Well, thank you Mr. Gates! I’m sure this is all part of the M$ security initiative: if you cannot run port scanners you cannot be a bad boy with Windows XP SP2. I ran the patch and sure enough, VNCScan worked like a charm. The makers of VNCScan claim you should boost the default number from 10 to 10,000, but I just did 100 and it seemed to work fine.
The amazing part did not stop there. The company I currently work for now is setup in one big Microsoft work group. There is no way of pushing programs out to users workstations (no free way at least). When I saw the option in VNCScan to right-click on a computer object and “Deploy VNC here”, I was expecting it to fail. To my surprise it actually worked! I spent countless hours trying to get programs to push out to a PC and here was VNCScan doing it like it was nothing. Now, there a few caveats to this. You need local administrator rights on the box you are trying to push VNC out to. You’ll also need Windows Script Hosting (WSH) on the target box, so this will only work with 2000, XP and beyond. Finally, I’m guessing you’ll need File And Print Sharing, Remote Registry and the Server services enabled on the target workstation (and the Windows Firewall turned OFF). I’ll going to try to decode the script they use, because it seems to work quite well. There is one bug I found in the program. The list shows computers that have VNC on them and those that don’t. If you pick “Deploy VNC Here”, VNCScan shows that computer has VNC on it after the script runs on it even if the script fails to install VNC on the computer! They need a cleaner way of determining if the installation was successful or not.
If you read up on UltraVNC you’ll also notice a program called UltraVNC SC. What can you do with this program? Well, lets say you have Joe User on the West Coast having problem with his laptop. Joe User is behind a router with a private IP address. How in the world are you going to connect to Joe User? That problem is solved with UltraVNC SC. This PDF was shamelessly pulled from a sticky in the UltraVNC forum. Simply stated: you start a VNC lister on your end opening up port 5900. You’ll need an external name or IP address which you can simply get for free from www.dyndns.org. You then configure UltraVNC SC per the instructions and then throw it up on a web site. Have Joe User download the program and then run it, and bingo, he connects right into you. No fuss, no muss. Now if you don’t think that is impressive, check out Webex which offers a commercial version of this technology that goes for $149/month for one seat. Just imagine the possibilities: if you have a computer store you can configure your store logo into UltraVNC and then offer that as part of warranty service. Maybe we can dream, like those spam messages that always say, “work from home and make thousands”. Hey, maybe this is not such a bad idea after all.
Now, your security team (if you have one) will need to do a risk assessment and evaluation of VNC. I believe the authentication piece is encrypted, but the rest of the communication is not. I also noticed the administrator password I used to connect to workstations was in plaintext in the file C :Program FilesTGCSVNCScan Console .NETauth.cmd. If I should decide to register this program I believe that this issue needs to be addressed.