Glossary | Favorites

Search the Knowledge Base

Please search using keywords as opposed to full questions e.g. "firewall"

Browse by Category



Does VNC log connections to the network domain controller?

The VNC Server for Windows *always* attempts the extra logging to a Domain Controller if the user is being authenticated natively to Windows, rather than via VNC Password or equivalent. There are three ways this might happen:

1. SSPI Single Sign-On or username/password fall-back
2. SSO Single Sign-On (NOT username/password fall-back)
3. NtLogon username/password

Since (3) is used as the fallback for (2) by default on Windows, the effect is equivalent to (1), except where Guest Mode is enabled.

If the Domain Controller can't be logged to then the server falls back to logging to the host computer. By default, modern Domain Controllers will NOT allow event logging by normal domain users, only Administrators. Attempts to logon to accounts local to the server host computer are logged to the host computer's log, since it is, in effect, the Domain.

The only difference between the native and Java viewers re authentication is that the native viewer supports SSPI & SSO, and will prefer to use them if offered, by default.

The necessary change to get VNC logging Windows Password and Single Sign-On logon/logoff to a Domain Controller is to change the Application Event Log permissions according to the documentation at:

http://support.microsoft.com/default.aspx?kbid=323076

It's necessary to add write permissions to the Application Event Log, by adding something like "(A;;0x2;;;AU)" to the end of the CustomSD setting for the log.  This example would Allow (A) Authenticated Users (AU) to Write (0x2) to the log.

Making this change causes the Application Event Log on the domain controller to become writable by any Domain User, which poses a risk that a user can potentially flood the machine with event log messages. It's therefore worth noting that both Windows Password and Single Sign-On authentication should cause Windows to log audit events to the Security Event Log of the domain controller as a side-effect of the authentication process.  Those events may be more appropriate for VNC audit logging.  Finally, if the requirement is simply to log connections such that the logs can be centrally managed, then setting the Log parameter to include an entry such as "Connections:file:100" may be suitable.

Related Articles

No related articles were found.

Attachments

No attachments were found.

Visitor Comments

Article Details

Last Updated
4th of February, 2011

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF


User Opinions



How would you rate this answer?



Thank you for rating this answer.

Continue

© RealVNC Limited