need GenControl alternative for Windows 7

aaronearles

[H]ard|Gawd
Joined
Aug 31, 2006
Messages
2,016
Maybe this was corrected in an update, as I've been running 1.4.0 for some time. But we discovered today that this tool has been occasionally leaving tvnserver running on remote PCs with no authentication. An nmap of our ~400 hosts reported 31 PCs running VNC that do not have the full service installed, just running wreckage from a previous remote assistance session that didn't clean up properly.

Like I said, maybe this has been fixed since, but it wouldn't be as big of a deal of it was using some sort of randomly generated VNC password in the background, but these instances were running with no authentication.

Just a heads up!

Thanks
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
Maybe this was corrected in an update, as I've been running 1.4.0 for some time. But we discovered today that this tool has been occasionally leaving tvnserver running on remote PCs with no authentication. An nmap of our ~400 hosts reported 31 PCs running VNC that do not have the full service installed, just running wreckage from a previous remote assistance session that didn't clean up properly.

Like I said, maybe this has been fixed since, but it wouldn't be as big of a deal of it was using some sort of randomly generated VNC password in the background, but these instances were running with no authentication.

Just a heads up!

Thanks
Yes we identified this back awhile ago (version 1.6.4) as a security issue and has been fixed. I would definitely recommend upgrading to the latest version (were now at 1.7.8 Pre-release).
 

wanye

n00b
Joined
Nov 22, 2013
Messages
9
Ok report back when you get a chance. I don't think I will have time to test that part myself anytime soon so you will probably beat me to it.
OK, tried it with UAC disabled, and it's still not working.

screengrabs of what i did (for clarification)

secpol BEFORE disabling UAC:



disable:

secpol AFTER disabling it:


i also tried connecting after changing the following secpol options:

detect application installations *disabled*
only elevate UIAccess applications *disabled*

neither of which resolved the issue.

I've got this server for a couple of days before it goes live, so can try any other suggestions. right now, though, it is back to the default UAC settings
(i'll have another server next week to play with too)

cheers.
w.

*edit*
incidentally, one of our guys recommended "chriscontrol" to me - https://code.google.com/p/chriscontrol/

this works on these 2008 servers (however is buggy for various other reasons, and hasnt been updated in three years, so much prefer your version for most tasks!)
 
Last edited:

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
Ok I need to look into why this is happening.. Hopefully I can fix this asap.

If it comes down to it, can we do some troubleshooting together remotely via a webex or similar?

Thanks again for the information.
 

wanye

n00b
Joined
Nov 22, 2013
Messages
9
Ok I need to look into why this is happening.. Hopefully I can fix this asap.

If it comes down to it, can we do some troubleshooting together remotely via a webex or similar?

Thanks again for the information.
cheers. im sure we could sort something out... although i've just put the two servers live today, and now theres no change control allowed till the new year, so won't be building any more boxes till then (i'm decommissioning old win2003 blade servers, adding ram and then sticking win2008 on) as i cant take down any of the existing capacity now.

but yeah, if you cant work it out before then, im happy to help where i can (i'm UK based, and work 7am-4pm gmt. could do outside of that if i'm oncall though)

happy christmas! :)
 

aaronearles

[H]ard|Gawd
Joined
Aug 31, 2006
Messages
2,016
Yes we identified this back awhile ago (version 1.6.4) as a security issue and has been fixed. I would definitely recommend upgrading to the latest version (were now at 1.7.8 Pre-release).
I did some testing with the new version, it's definitely an improvement, but I'd recommend enabling authentication in the server registry settings.

As it stands now, if the admin PC terminates the application abruptly, the session remains out there for anyone to connect to. In addition, anyone can connect to a legitimate session and monitor or take control.

I'm no programmer, but if I were to do it in a batch script, I would echo the %RANDOM% variable into the server password reg key, and pass it to the client to connect with. That way a legitimate session can't be piggy-backed by an unauthenticated VNC client, and if the client session is terminated without a proper cleanup, it doesn't leave the server session available until a reboot clears it (since the service is set to manual).
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
I did some testing with the new version, it's definitely an improvement, but I'd recommend enabling authentication in the server registry settings.

As it stands now, if the admin PC terminates the application abruptly, the session remains out there for anyone to connect to. In addition, anyone can connect to a legitimate session and monitor or take control.

I'm no programmer, but if I were to do it in a batch script, I would echo the %RANDOM% variable into the server password reg key, and pass it to the client to connect with. That way a legitimate session can't be piggy-backed by an unauthenticated VNC client, and if the client session is terminated without a proper cleanup, it doesn't leave the server session available until a reboot clears it (since the service is set to manual).
I agree and have been thinking a lot about this lately. I know is not its in an ideal spot right now, but I do have it on my radar to change an make better in the future.
 
Joined
Nov 21, 2013
Messages
19
One other suggestion would be to have a way to enter a username and password for connection to the remote PC. Right now I just use the RunAs to run with my domain admin credentials, but an option for this on the interface would be great.
 

Scotty562

n00b
Joined
Jan 20, 2006
Messages
3
What are the WMI requirements? I have a brand new Dell pc out of the box that says

"Sorry, but WMI doesnt appear to be working on x"

The firewall is disabled.

BTW you are the man for making this.
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
1.8.0 Release **SECURITY UPDATE** (Please update ASAP)

Here are the changes:

1.8.0

1.) Refined some code for creating the VNC Server registry keys. Also created debug dump for this if there is a problem and organized alphabetically in code.
2.) Created a new module for the VNC Password Encryption functions.
3.) Changed program to use a VNC password for the connection. This utilizes a new config file "conn.vnc" in the RCTEMP folder which the vncviewer uses for the connection. A new password is generated for each new connection and is Random. This password is also encrypted per the RFB protocol standard (Variant of DES). PITA to implement, but better for security.

1.7.9

1.) Updated VNCViewer to latest 5.1.0
2.) Fixed issue when deleting a single hostname out of the list, the description field would not be cleared.
3.) Added ability to select multiple hosts in list. This is only useful for deleting via right click or delete key.
4.) Added ability to delete hosts in list by pressing delete key.
5.) Added ability to delete multiple hosts in list by using right click after selecting the different hosts.
6.) Updated "How it Works" page with information about using the delete key and selecting multiple hosts.


VirusTotal:

Code:
https://www.virustotal.com/en/file/42b1c71cfe34d43f4091e42cad640a470e025b18be9a4b7e98a027cd5263ce61/analysis/1388454441/
Download Link:

Code:
http://wikisend.com/download/233486/RemoteControl.zip
or

Code:
http://netload.in/dateioZ0bBZlZW9/RemoteControl.zip.htm
As always please provide feedback!
Please also let me know if there are more items you feel need added to the ToDo section.

Thanks!
 

Scotty562

n00b
Joined
Jan 20, 2006
Messages
3
FYI if you need to run this program from a machine that isn't connected to the domain here's how you do it:

Make a batch file with the following then run the batch file instead of remotecontrol.exe. I can finally enjoy this program now.

runas /netonly /user:domain\user "C:\pathto\Remotecontrol.exe"

If this could be baked into the program itself, that'd be sweet.
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
1.8.1 Release

Here are the changes:

1.8.1

1.) Fixed potential issue for conn.vnc file where it would append the file instead of overwriting it.
2.) Fixed ToDo font so it matches the other tabbed texboxes.
3.) Fixed issue with RealVNC EULA prompt coming up because of new RealVNC version.
4.) New RealVNC version also caused viewer keys to stay behind. This is now also fixed.
5.) Fixed Typo for VNC Viewer Keys and also improved this function.

VirusTotal:

Code:
https://www.virustotal.com/en/file/2e6b97bb64d7941b58d60ce81b4922c61b1eef6a02167554465998ed52c13aa1/analysis/1389409159/
Download Link:

Code:
http://netload.in/dateiKWukFQ2aqM/RemoteControl.zip.htm
As always please provide feedback!
Please also let me know if there are more items you feel need added to the ToDo section.

Thanks!
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
I thought this might work as well at first but no dice.
This is because the non-domain joined workstation doesn't know anything about the domain credentials and how to validate them when doing a "run as different user". The difference between this and using /netonly with runas is that /netonly uses these credentials for the network activity versus actually running that program under that users context.

This would be quite an endeavor for me to implement as part of the program and could potentially add issues to the program as a whole. I would prefer to leave it as a domain tool and since you have a workaround that works for you for your special case that's great.
Not everyone's situation is as unique as yours for sure. Having a non-domain joined workstation on the same network \ vlan \ subnet as domain joined computers hopefully isn't a violation of policy at your workplace.
 
Joined
Jan 20, 2014
Messages
1
I'm having a problem similar to wanye's on a small business network I just inherited. I'm getting "connect: Connection timed out (10060)" and I'm noticing that it isn't adding all of the registry entries. It adds the TightVNC key, but no values, just like wanye. So I am assuming the client is defaulting to port 5900 and the server is trying 5993, thus the timeout. I don't see a log file under %appdata%\remotecontrol, just the tmp file. I thought maybe it was an issue with permissions in the registry, but changing permissions had no effect. I can open remote registry just fine for the test client.

Did you guys ever find the problem? Any ideas?

Works great on my other networks. Awesome tool.
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
I'm having a problem similar to wanye's on a small business network I just inherited. I'm getting "connect: Connection timed out (10060)" and I'm noticing that it isn't adding all of the registry entries. It adds the TightVNC key, but no values, just like wanye. So I am assuming the client is defaulting to port 5900 and the server is trying 5993, thus the timeout. I don't see a log file under %appdata%\remotecontrol, just the tmp file. I thought maybe it was an issue with permissions in the registry, but changing permissions had no effect. I can open remote registry just fine for the test client.

Did you guys ever find the problem? Any ideas?

Works great on my other networks. Awesome tool.
So there is not a log file in the %APPDATA%\RemoteControl folder? Only the tmp file? I did build in some logic to report an error if it couldn't write the files... so I would really expect it to be there.

Are the servers you are connecting to also Windows Server 2008 R2? Are these x64 or x86?

I am making this issue my top priority.
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
I happened to remember that I do have a Server 2008 R2 x64 system I can test on and I was able to reproduce the problem once.

Looking in the Application event log, I found the following error:

Code:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
This log was right when tvnserver was also recording information in the same event log.

I am still testing, but can you guys see If you see something similar?

Thanks
 

Muad'Dib

Weaksauce
Joined
Nov 9, 2011
Messages
106
I was only able to reproduce the problem once on that server and it hasnt come back. I was having issues with the server itself because the Remote Desktop Services role was installed. I am not sure if that contributed to the initial problem.. but its worth noting.

Still doing more testing on my end unless you all have more feedback for me.
 

wanye

n00b
Joined
Nov 22, 2013
Messages
9
I happened to remember that I do have a Server 2008 R2 x64 system I can test on and I was able to reproduce the problem once.

Looking in the Application event log, I found the following error:

Code:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
This log was right when tvnserver was also recording information in the same event log.

I am still testing, but can you guys see If you see something similar?

Thanks
sorry, been off on training the last couple of weeks so only just got round to seeing this.

i dont see that error, i just get a service started one in the application log:

Code:
Log Name:      Application
Source:        tvnserver
Date:          29-Jan-2014 10:28:57
Event ID:      257
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      MYSERVER.DOMAIN
Description:
Service has been started successfully
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="tvnserver" />
    <EventID Qualifiers="2">257</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T10:28:57.000000000Z" />
    <EventRecordID>2509</EventRecordID>
    <Channel>Application</Channel>
    <Computer>MYSERVER</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Service has been started successfully</Data>
  </EventData>
</Event>
and a bunch of (successful) logins in the security audit log, and the following ones in system:


Code:
Log Name:      System
Source:        Service Control Manager
Date:          29-Jan-2014 10:28:56
Event ID:      7045
Task Category: None
Level:         Information
Keywords:      Classic
User:          MYUSER
Computer:      MYSERVER.DOMAIN
Description:
A service was installed in the system.

Service Name:  TightVNC Server
Service File Name:  "C:\RCTEMP\tvnserver.exe" -service
Service Type:  user mode service
Service Start Type:  auto start
Service Account:  LocalSystem
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7045</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T10:28:56.222235100Z" />
    <EventRecordID>9585</EventRecordID>
    <Correlation />
    <Execution ProcessID="500" ThreadID="2412" />
    <Channel>System</Channel>
    <Computer>MYSERVER.DOMAIN</Computer>
    <Security UserID="S-1-5-21-541152760-1046681150-1672763807-16352" />
  </System>
  <EventData>
    <Data Name="ServiceName">TightVNC Server</Data>
    <Data Name="ImagePath">"C:\RCTEMP\tvnserver.exe" -service</Data>
    <Data Name="ServiceType">user mode service</Data>
    <Data Name="StartType">auto start</Data>
    <Data Name="AccountName">LocalSystem</Data>
  </EventData>
</Event>
Code:
Log Name:      System
Source:        Service Control Manager
Date:          29-Jan-2014 10:28:56
Event ID:      7040
Task Category: None
Level:         Information
Keywords:      Classic
User:          MYUSER
Computer:      MYSERVER.DOMAIN
Description:
The start type of the TightVNC Server service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7040</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T10:28:56.769110100Z" />
    <EventRecordID>9586</EventRecordID>
    <Correlation />
    <Execution ProcessID="500" ThreadID="2412" />
    <Channel>System</Channel>
    <Computer>MYSERVER.DOMAIN</Computer>
    <Security UserID="S-1-5-21-541152760-1046681150-1672763807-16352" />
  </System>
  <EventData>
    <Data Name="param1">TightVNC Server</Data>
    <Data Name="param2">auto start</Data>
    <Data Name="param3">demand start</Data>
    <Data Name="param4">tvnserver</Data>
  </EventData>
</Event>
Code:
Log Name:      System
Source:        Service Control Manager
Date:          29-Jan-2014 10:28:57
Event ID:      7036
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      MYSERVER.DOMAIN
Description:
The Application Experience service entered the running state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7036</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T10:28:57.253485100Z" />
    <EventRecordID>9587</EventRecordID>
    <Correlation />
    <Execution ProcessID="500" ThreadID="2412" />
    <Channel>System</Channel>
    <Computer>MYSERVER.DOMAIN</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Application Experience</Data>
    <Data Name="param2">running</Data>
    <Binary>410065004C006F006F006B00750070005300760063002F0034000000</Binary>
  </EventData>
</Event>
Code:
Log Name:      System
Source:        Service Control Manager
Date:          29-Jan-2014 10:28:57
Event ID:      7036
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      MYSERVER.MYDOMAIN
Description:
The TightVNC Server service entered the running state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7036</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T10:28:57.425360100Z" />
    <EventRecordID>9588</EventRecordID>
    <Correlation />
    <Execution ProcessID="500" ThreadID="2412" />
    <Channel>System</Channel>
    <Computer>MYSERVER.DOMAIN</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">TightVNC Server</Data>
    <Data Name="param2">running</Data>
    <Binary>740076006E007300650072007600650072002F0034000000</Binary>
  </EventData>
</Event>
still waiting on RAM to be ordered by our procurement people (its only been 8 weeks ffs!) so i havent been able to build any new servers yet to test anything else further...
 

ITN1nja

n00b
Joined
Feb 3, 2014
Messages
6
Please don't lock this. I just found it and it is a thread with active software development. Muad'Dib has buit a great replacement for GanControl.
 
Joined
Nov 30, 2012
Messages
32
Greetings Muad'Dib,

Many thanks for your continued work on RemoteControl!

Question though... is it possible to migrate the list of computers from one user account/computer to another? I've searched the registry and can't find where RemoteControl stores its data...

Thx!
 
Joined
Nov 21, 2013
Messages
19
Greetings Muad'Dib,

Many thanks for your continued work on RemoteControl!

Question though... is it possible to migrate the list of computers from one user account/computer to another? I've searched the registry and can't find where RemoteControl stores its data...

Thx!
It stores it's data in a file called remotecontrol.tmp that's located in C:\users\"userid"\appdata\roaming\remotecontrol\ at least on Win Vista and Up...not sure on XP
 

Minkus

n00b
Joined
May 17, 2012
Messages
35
Hi Muad'Dib,

Is it possible to have the 'Recent Hosts' list sorted in 'most recent first' order (i.e. add new ones to the top, rather than the bottom)?

Just makes it a bit easier to connect to the 'most frequently used hosts' first without scrolling...
 
Joined
Nov 30, 2012
Messages
32
I would die and go to heaven if I could simply sort the list by Description, either by clicking on it, or with a script.

I figured out how to sort it with a batch file every time I launch it, but it sorts on the first field, which is the host name, which is not what I go by when I need to connect to someones computer.

I have over 50 hosts, and connect on demand when someone calls me, but I have to try to find their name in the unsorted list, and it is really painfully slow and frustrating - sometimes I have to go through the list more than once because I missed their name.
 
Joined
Nov 30, 2012
Messages
32
It stores it's data in a file called remotecontrol.tmp that's located in C:\users\"userid"\appdata\roaming\remotecontrol\ at least on Win Vista and Up...not sure on XP
Thanks!! I actually saw that file when looking, but the .tmp extension I guess just caused me to ignore it, so I didn't even peek inside.

I figured out how to sort this list every time I open Remotecontrol, but it sorts by host name, and I need it to sort by description.

Would appreciate some help if anyone has an idea on how to do the same thing, but sort on the second 'field' (ie, the data after the first space on each line).

Here is my batch file I created to sort the list (by workstation name) every time I launch it (use at your own risk):

Code:
::
:: This batch file assumes that you are using Windows 7
:: Obviously you must modify the path to the RemoteControl.exe executable before
:: it will work proerly
::
:: This batch file sorts the Computers list that RemoteControl.exe uses to keep
:: track of all of the workstations it has successfully connected to

:: Change to my AppData\RemoteControl folder
c:
cd %appdata%\RemoteControl

:: Rename the file before sorting
ren remotecontrol.tmp remotecontrol.txt

:: Sort the Workstations, and rename the sorted output to the correct filename
sort remotecontrol.txt >remotecontrol.tmp

::Delete the .txt file
del remotecontrol.txt

:: Launch the RemoteControl App
start "" P:\RemoteControl\RemoteControl.exe
Now, if only I could modify this to sort on the Description field (the text after the soace on each line)...

Anyone know how to do that?
 
Joined
Nov 30, 2012
Messages
32
Another small thing:

When you disconnect from a end user, after the session closes & it goes through and removes VNC from the PC, it needs to clear the Host Name & Description boxes if possible.
I really much prefer the old behavior... is there any way to get the old behavior back (so it does NOT clear the last connection details)?

Also how about an option to save the windows position when it's closed?
Love this idea!
 
Joined
Nov 30, 2012
Messages
32
Hi Muad'Dib,

Speaking of UAC - is it possible for Remote Control to include an embedded manifest to force it to prompt for Admin credentials when run under UAC?
I understand the argument, but all this does (for me) is slow down the launching of Remotecontrol considerably, and - again, for me - provides absolutely no benefits.

Is there a way (command-line option maybe?) to disable the UAC prompt?

I've downgraded to an earlier version because of this, and the new feature of clearing the last used connection...

Thanks
 

Minkus

n00b
Joined
May 17, 2012
Messages
35
I understand the argument, but all this does (for me) is slow down the launching of Remotecontrol considerably, and - again, for me - provides absolutely no benefits.

Is there a way (command-line option maybe?) to disable the UAC prompt?
If this is the case, it means that your (standard) user token has Administrator rights over all of the computers in your network. You might as well disable UAC in this case - it's protecting your own computer, but not any of the other computers that you control...
 
Joined
Nov 30, 2012
Messages
32
If this is the case, it means that your (standard) user token has Administrator rights over all of the computers in your network. You might as well disable UAC in this case - it's protecting your own computer, but not any of the other computers that you control...
Not sure what you mean by 'this' (If 'this' is the case...), but...

I am the Domain Admin.

I provide support for all of our users, who are Standard users and do not have Admin privileges on their workstations.

When I launch RemoteControl on my computer, while logged on with Domain Admin credentials, I don't want to see a UAC prompt. There is no reason for it.

This is how 1.7.3 works, and that is all I want, to go back to how 1.7.3 works - dbl-click the .exe, RemoteControl app just opens in about 1 second, as opposed to waiting 8+ seconds before giving me a UAC prompt.
 
Joined
Nov 30, 2012
Messages
32
You might as well disable UAC in this case - it's protecting your own computer, but not any of the other computers that you control...
No idea what you mean by this either.

UAC only protects the local computer. How would you expect UAC running on my computer to protect other computers on the network?
 

Minkus

n00b
Joined
May 17, 2012
Messages
35
Not sure. On our domain, Remote Control won't connect to another computer unless it's run elevated. I don't know why this is, but I always thought it was because UAC doesn't just remove the 'Administrators' token, it also removes 'Domain Admins' and 'Enterprise Admins' - hence in order to connect to other computers, you need to be elevated.

This is definitely the experience we've had here (and others too). Not sure why you're not having to do this.
 
Top