User profile for user: Community User
Community User Author

restricting vnc to one user

I enabled Apple remote desktop in preferences on my iMac using Tiger. in the accessibilty screen i set up a password and designated only a specific no-admin user to have access. i left the computer logged in to my main user account (has admin privileges) and went to work.

From my work computer (linux) i launched tightVNC and found myself looking at my main user desktop with full privileges to do what i wanted. i had to enter the vnc password to get there but i did not have to enter a user name or an account password.

can i restrict vnc access to just one user?

Posted on Oct 31, 2007 9:31 AM

Reply
3 replies
User profile for user: j.v.
j.v.
User level: Level 5
4,155 points

Oct 31, 2007 10:23 PM in response to Community User

You could force remote clients to tunnel their inbound VNC connection through ssh, in order to restrict access. I've got a couple of posts in one or more of these forums that explain how I set up my computer to do that.

Additionally, in Sys Prefs | Sharing | Services, when you check ARD checkbox then click on Access Privileges, you can restrict what individual user accounts (on computer that is acting as local VNC server) can do, by highlighting user account, then clicking the appropriate privileges checkboxes. Would that give you enough control over other users?

Plus, don't leave the VNC server computer in a logged-in state. You can login once you've made the VNC connection.

On the Mac, the freeware client CotVNC has a checkbox on the connection page that allows a user a choice as to whether to permit simultaneous connection to an active session by another user, or to be exclusive user of a session. Hopefully, tightVNC does, too.

So, limit other accounts' VNC privileges in Sys Prefs | Sharing | Services | ARD | Access Privs, tunnel connections through ssh, be exclusive user in an active session, and then login to your account on the VNC server computer's login window. That might be enough protection to meet your needs.
Reply
User profile for user: Community User
Community User Author

Nov 1, 2007 7:16 PM in response to j.v.

j.v. said : "You could force remote clients to tunnel their inbound VNC connection through ssh, in order to restrict access. I've got a couple of posts in one or more of these forums that explain how I set up my computer to do that."

i saw those posts and they were really helpful. i can restrict to one user on ssh and use Vine for the server app to restrict VNC acceess to ssh tunnels only.

thanx to both of you again for taking the time to respond.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

restricting vnc to one user

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up