Administrator access in Windows 7

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Administrator access in Windows 7

Thomas Okken
I occasionally help my mom with problems with her computer (PC running Windows), and since we live on opposite sides of the Atlantic, VNC is a godsend for this. She has a document with detailed instructions how to start a VNC server when the need arises, and how to determine her Internet-visible IP address, so that I can connect; I have configured her router so that incoming VNC connections get forwarded to her PC.

So far, so good, but when Windows XP went off support, we installed Windows 7, and then RealVNC server (free edition) no longer worked. I installed TightVNC server instead, which did. Problem solved, or so I thought.

Today, however, I connected to her PC once again, using Chicken (formerly Of The VNC) on my Mac. Everything went fine, until I tried to run the Registry Editor on her PC. Regedit caused a UAC warning to pop up, which I didn't see; on my end, everything just froze. Once mom accepted the UAC confirmation, I could see what was happening on her screen again, but I still couldn't *do* anything; my mouse clicks and keystrokes were ignored. Once she closed regedit, I could type and use the mouse once again, but when I tried running a Command Prompt as Administrator, the same thing happened: I couldn't see the UAC prompt, and I was unable to control the desktop until the elevated-privilege application was closed.

I guess I understand the security concerns behind all this, but it does make TightVNC a lot less useful for this kind of remote tech support. RDP is less nice because the local and remote users can't both see and control the desktop at the same time, so you can't walk people through scenarios or look over their shoulder to find out what they're doing wrong.

Is it possible to use TightVNC server in such a way that it will allow the remote user to run things with Administrator rights?

Many thanks,

Thomas
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Administrator access in Windows 7

buercky
Turn off uac and you won't have the issue.   It's a known issue.

There is ammyy free remote also teamviewer free

Sent from my Telly fon

> On May 22, 2016, at 10:04 PM, Thomas Okken <[hidden email]> wrote:
>
> I occasionally help my mom with problems with her computer (PC running Windows), and since we live on opposite sides of the Atlantic, VNC is a godsend for this. She has a document with detailed instructions how to start a VNC server when the need arises, and how to determine her Internet-visible IP address, so that I can connect; I have configured her router so that incoming VNC connections get forwarded to her PC.
>
> So far, so good, but when Windows XP went off support, we installed Windows 7, and then RealVNC server (free edition) no longer worked. I installed TightVNC server instead, which did. Problem solved, or so I thought.
>
> Today, however, I connected to her PC once again, using Chicken (formerly Of The VNC) on my Mac. Everything went fine, until I tried to run the Registry Editor on her PC. Regedit caused a UAC warning to pop up, which I didn't see; on my end, everything just froze. Once mom accepted the UAC confirmation, I could see what was happening on her screen again, but I still couldn't *do* anything; my mouse clicks and keystrokes were ignored. Once she closed regedit, I could type and use the mouse once again, but when I tried running a Command Prompt as Administrator, the same thing happened: I couldn't see the UAC prompt, and I was unable to control the desktop until the elevated-privilege application was closed.
>
> I guess I understand the security concerns behind all this, but it does make TightVNC a lot less useful for this kind of remote tech support. RDP is less nice because the local and remote users can't both see and control the desktop at the same time, so you can't walk people through scenarios or look over their shoulder to find out what they're doing wrong.
>
> Is it possible to use TightVNC server in such a way that it will allow the remote user to run things with Administrator rights?
>
> Many thanks,
>
> Thomas
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Administrator access in Windows 7

John Serink
In reply to this post by Thomas Okken
This is interesting...
I winder if a recent windows security patch is responsible?

Sent from my BlackBerry 10 smartphone.
  Original Message  
From: Thomas Okken
Sent: Monday, 23 May 2016 11:05
To: [hidden email]
Subject: Administrator access in Windows 7

I occasionally help my mom with problems with her computer (PC running Windows), and since we live on opposite sides of the Atlantic, VNC is a godsend for this. She has a document with detailed instructions how to start a VNC server when the need arises, and how to determine her Internet-visible IP address, so that I can connect; I have configured her router so that incoming VNC connections get forwarded to her PC.

So far, so good, but when Windows XP went off support, we installed Windows 7, and then RealVNC server (free edition) no longer worked. I installed TightVNC server instead, which did. Problem solved, or so I thought.

Today, however, I connected to her PC once again, using Chicken (formerly Of The VNC) on my Mac. Everything went fine, until I tried to run the Registry Editor on her PC. Regedit caused a UAC warning to pop up, which I didn't see; on my end, everything just froze. Once mom accepted the UAC confirmation, I could see what was happening on her screen again, but I still couldn't *do* anything; my mouse clicks and keystrokes were ignored. Once she closed regedit, I could type and use the mouse once again, but when I tried running a Command Prompt as Administrator, the same thing happened: I couldn't see the UAC prompt, and I was unable to control the desktop until the elevated-privilege application was closed.

I guess I understand the security concerns behind all this, but it does make TightVNC a lot less useful for this kind of remote tech support. RDP is less nice because the local and remote users can't both see and control the desktop at the same time, so you can't walk people through scenarios or look over their shoulder to find out what they're doing wrong.

Is it possible to use TightVNC server in such a way that it will allow the remote user to run things with Administrator rights?

Many thanks,

Thomas
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

RE: Administrator access in Windows 7

Brian Schroeder-2
TightVNC must be running as a service for this to work.  If it is just run as a program you get the result described.

> Date: Mon, 23 May 2016 11:29:26 +0800

> Subject: Re: Administrator access in Windows 7
> From: [hidden email]
> To: [hidden email]; [hidden email]
>
> This is interesting...
> I winder if a recent windows security patch is responsible?
>
> Sent from my BlackBerry 10 smartphone.
>   Original Message  
> From: Thomas Okken
> Sent: Monday, 23 May 2016 11:05
> To: [hidden email]
> Subject: Administrator access in Windows 7
>
> I occasionally help my mom with problems with her computer (PC running Windows), and since we live on opposite sides of the Atlantic, VNC is a godsend for this. She has a document with detailed instructions how to start a VNC server when the need arises, and how to determine her Internet-visible IP address, so that I can connect; I have configured her router so that incoming VNC connections get forwarded to her PC.
>
> So far, so good, but when Windows XP went off support, we installed Windows 7, and then RealVNC server (free edition) no longer worked. I installed TightVNC server instead, which did. Problem solved, or so I thought.
>
> Today, however, I connected to her PC once again, using Chicken (formerly Of The VNC) on my Mac. Everything went fine, until I tried to run the Registry Editor on her PC. Regedit caused a UAC warning to pop up, which I didn't see; on my end, everything just froze. Once mom accepted the UAC confirmation, I could see what was happening on her screen again, but I still couldn't *do* anything; my mouse clicks and keystrokes were ignored. Once she closed regedit, I could type and use the mouse once again, but when I tried running a Command Prompt as Administrator, the same thing happened: I couldn't see the UAC prompt, and I was unable to control the desktop until the elevated-privilege application was closed.
>
> I guess I understand the security concerns behind all this, but it does make TightVNC a lot less useful for this kind of remote tech support. RDP is less nice because the local and remote users can't both see and control the desktop at the same time, so you can't walk people through scenarios or look over their shoulder to find out what they're doing wrong.
>
> Is it possible to use TightVNC server in such a way that it will allow the remote user to run things with Administrator rights?
>
> Many thanks,
>
> Thomas
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list