Hi all,
I'm crossposting this from the general help forum, since there's no reaction, but mybe this is a better place..
We're evaluating a migration scenario from a more 'commercial' version of VNC to uVNC.
One of the problems I'm facing is following: Our VNC viewers use a mix of domain accounts or domain groups and machine local groups to determine access to the viewer.
Since a local group is always defined as <machine name>/name-of-local-group how can I create an automated deployment that deals with the changing machine names in the access list? The local group name is always the same BTW..
Tim.
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2026-04-01: After 1.7.x, 1.8.x release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38158
2026-03-11: CVE-2026-3787 and CVE-2026-4962 - Clarification: https://forum.uvnc.com/viewtopic.php?t=38155
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Help is very needed for:
Windows ARM/ARM64 support: https://forum.uvnc.com/viewtopic.php?t=38163 / https://github.com/ultravnc/UltraVNC/issues/346
macOS support: https://forum.uvnc.com/viewtopic.php?t=38164 / https://github.com/ultravnc/UltraVNC/issues/347
Linux support: https://forum.uvnc.com/viewtopic.php?t=38165 / https://github.com/ultravnc/UltraVNC/issues/348
*BSD support: https://forum.uvnc.com/viewtopic.php?t=38166 / https://github.com/ultravnc/UltraVNC/issues/349
*Solaris support: https://forum.uvnc.com/viewtopic.php?t=38167 / https://github.com/ultravnc/UltraVNC/issues/350
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2026-04-01: After 1.7.x, 1.8.x release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38158
2026-03-11: CVE-2026-3787 and CVE-2026-4962 - Clarification: https://forum.uvnc.com/viewtopic.php?t=38155
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Help is very needed for:
Windows ARM/ARM64 support: https://forum.uvnc.com/viewtopic.php?t=38163 / https://github.com/ultravnc/UltraVNC/issues/346
macOS support: https://forum.uvnc.com/viewtopic.php?t=38164 / https://github.com/ultravnc/UltraVNC/issues/347
Linux support: https://forum.uvnc.com/viewtopic.php?t=38165 / https://github.com/ultravnc/UltraVNC/issues/348
*BSD support: https://forum.uvnc.com/viewtopic.php?t=38166 / https://github.com/ultravnc/UltraVNC/issues/349
*Solaris support: https://forum.uvnc.com/viewtopic.php?t=38167 / https://github.com/ultravnc/UltraVNC/issues/350
Mix local and domain groups with automated deployment
Re: Mix local and domain groups with automated deployment
The mslogon II access is based on the standard MS file access.
Permission can be exported and imported using MSlogonACL.exe
The vnc access is like setting a file permission, but also limited to what you can set as permission.
Permission can be exported and imported using MSlogonACL.exe
The vnc access is like setting a file permission, but also limited to what you can set as permission.
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
Re: Mix local and domain groups with automated deployment
I understand the security mechanism for windows, so no problem there.
My question is related to automated deploy.
When creating access rules with domain accounts or groups there's no problem: these SID's are all equal across the entire domain.
But the commercial VNC we're using right now also has the possibility to define an access user as <local>\username-or-group. On computer TEST1 this would then be translated as TEST1\username-or-group, on computer TEST2 this becomes TEST2\username-or-group etc... This makes an automated deployment on different computers very easy...
We're using a local group on every PC to define who has VNC access to that specific machine..
My question is related to automated deploy.
When creating access rules with domain accounts or groups there's no problem: these SID's are all equal across the entire domain.
But the commercial VNC we're using right now also has the possibility to define an access user as <local>\username-or-group. On computer TEST1 this would then be translated as TEST1\username-or-group, on computer TEST2 this becomes TEST2\username-or-group etc... This makes an automated deployment on different computers very easy...
We're using a local group on every PC to define who has VNC access to that specific machine..
Re: Mix local and domain groups with automated deployment
TEST1\rudi
TEST1\rudigroup
Is exported like this.
MSLogonACL /e
== Entering GetACL
== RegQueryValueEx passed dwValueLength = 80
allow 0x00000003 .\rudi
allow 0x00000003 .\rudigroup
If you import it on TEST2 you give acces to
TEST2\rudi
...
export/import strip the hostname
TEST1\rudigroup
Is exported like this.
MSLogonACL /e
== Entering GetACL
== RegQueryValueEx passed dwValueLength = 80
allow 0x00000003 .\rudi
allow 0x00000003 .\rudigroup
If you import it on TEST2 you give acces to
TEST2\rudi
...
export/import strip the hostname
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/