Thursday, February 8, 2007

VNC vs Vista

In the good old days of insecure computing, a wonderful tool emerged from AT&T labs: VNC (Virtual Network Computing). On the Windows platform, it provided remote control of the active console session.

The WinVNC server that has been a long-time friend of system admins is no longer usable in the "run as service" mode under Vista—at least, not until it's rewritten to take into account the new model for interactive sessions on Vista (It has been suggested that language in the XP and Vista EULAs restricting remote control of those operating systems to the Remote Desktop function will keep any updates from being done for Vista support).

It appears that Microsoft leveraged their experience with Terminal Services to help create the new separation between the so-called "Secure Desktop" and the interactive user sessions.

Under Vista, the secure desktop runs as "Session 0", while the first interactive user to logon will run under session 1. If a second user is logged-in using fast-user-switch (which is now possible even in a domain-attached system), he/she runs in Session 2. If yet another user logs in using fast-user-switch, he/she gets Session 3 (and so on.).

The problem with the "run as service" mode for VNC is that it attaches itself to Session 0. This creates problems for Vista, as Session 0 is reserved for the Secure Desktop, and no interactive users can do anything on that session (or so it seems).

The apparent work-around (although I've never used it) is to run VNC as a user-mode program (e.g., from the startup group) instead of as a service. I don't think it's much of a work-around, so I'm waiting for the folks who maintain VNC to come up with a solution.

The flip-side of the problem—using the VNC Viewer in "listen mode" to other people can initiate the remote control session from their end—seems to work fine; this will permit admins running Vista to use VNC to control non-Vista machines.

1 comment: