Hi all,
I'm crossposting this from the general help forum, since there's no reaction, but mybe this is a better place..
We're evaluating a migration scenario from a more 'commercial' version of VNC to uVNC.
One of the problems I'm facing is following: Our VNC viewers use a mix of domain accounts or domain groups and machine local groups to determine access to the viewer.
Since a local group is always defined as <machine name>/name-of-local-group how can I create an automated deployment that deals with the changing machine names in the access list? The local group name is always the same BTW..
Tim.
			
			
									
						
										
						After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
	A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Mix local and domain groups with automated deployment
- Rudi De Vos
- Admin & Developer 
- Posts: 6975
- Joined: 2004-04-23 10:21
- Contact:
Re: Mix local and domain groups with automated deployment
The mslogon II access is based on the standard MS file access.

Permission can be exported and imported using MSlogonACL.exe
The vnc access is like setting a file permission, but also limited to what you can set as permission.
			
			
									
						
							
Permission can be exported and imported using MSlogonACL.exe
The vnc access is like setting a file permission, but also limited to what you can set as permission.
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
			
						- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
Re: Mix local and domain groups with automated deployment
I understand the security mechanism for windows, so no problem there.
My question is related to automated deploy.
When creating access rules with domain accounts or groups there's no problem: these SID's are all equal across the entire domain.
But the commercial VNC we're using right now also has the possibility to define an access user as <local>\username-or-group. On computer TEST1 this would then be translated as TEST1\username-or-group, on computer TEST2 this becomes TEST2\username-or-group etc... This makes an automated deployment on different computers very easy...
We're using a local group on every PC to define who has VNC access to that specific machine..
			
			
									
						
										
						My question is related to automated deploy.
When creating access rules with domain accounts or groups there's no problem: these SID's are all equal across the entire domain.
But the commercial VNC we're using right now also has the possibility to define an access user as <local>\username-or-group. On computer TEST1 this would then be translated as TEST1\username-or-group, on computer TEST2 this becomes TEST2\username-or-group etc... This makes an automated deployment on different computers very easy...
We're using a local group on every PC to define who has VNC access to that specific machine..
- Rudi De Vos
- Admin & Developer 
- Posts: 6975
- Joined: 2004-04-23 10:21
- Contact:
Re: Mix local and domain groups with automated deployment
TEST1\rudi
TEST1\rudigroup
Is exported like this.
MSLogonACL /e
== Entering GetACL
== RegQueryValueEx passed dwValueLength = 80
allow 0x00000003 .\rudi
allow 0x00000003 .\rudigroup
If you import it on TEST2 you give acces to
TEST2\rudi
...
export/import strip the hostname
			
			
									
						
							TEST1\rudigroup
Is exported like this.
MSLogonACL /e
== Entering GetACL
== RegQueryValueEx passed dwValueLength = 80
allow 0x00000003 .\rudi
allow 0x00000003 .\rudigroup
If you import it on TEST2 you give acces to
TEST2\rudi
...
export/import strip the hostname
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
			
						- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
