Overview

Bozteck VENM Console includes a powerful remote screen capturing feature. This feature does not require that VNC or any other remote screen sharing software be installed in order to work. There are a few system requirements on the remote computer end, however.

Those requirements are as follows:

• UnFirewalled ports 443 (TCP) and 139 (UDP, TCP)
• Remote Registry service running
• Administrative priviledges on the remote computer
• Windows 2000, XP, Vista, or Windows 7

Because of these requirements, it is “best practice” to use this feature on computers that are on your LAN or within reach of your VPN. For security reasons, it is not advisable to use this feature over the open Internet.

You can supply the Administrator level access required to make this feature work in either the main VNCScan preferences, the group properties, or the computer properties. The choice depends upon the scope that you wish to apply.

Feature Set

• Resizable – You can resize the thumbnail by adjusting the slider in the toolbar
• Adjustable Interval – You can adjust the interval using a dropdown box of predefined timings or type in your own number. The intervals are measured in minutes. You can enter a decimal number to take snapshots in times less than one minute. If you manually enter a timing, it is applied when you press .
• Archive Screen Captures – You can archive your screen captures for later viewing. The location of these archives can be changed by clicking on the “Folders” button on the toolbar.
• Connect to VNC – You can connect to VNC right from the thumbnail. The connection options are taken from the computer entry settings in VNCScan.

What To Look Out For

• The “Please Wait Screen” – This screen is the start image for a new screen capture session. It is normal for it to still be visible even after the progress bar has cycled a couple of times. If it is still the only image being displayed for a computer even after the progress bar has cycled more than three times, you may want to check the permissions settings for the computer.

  You can test this out by attempting to access the c$ share of the remote computer. You can do this by clicking on your Start button and choosing “Run”. In the textbox, type \\\c$ (where is the name or IP address of the remote computer).

• Black Screen Capture – This is shown if the remote computer is sitting at the login screen and nobody is logged into the computer.

Video Example

Download video

Twitter This

UserName: Password:

Overview

New in 2009, Bozteck includes background service scanning and alerting to it’s powerful Enterprise Network Manager. This paper is a brief explanation of how it works and how to best take advantage of this new feature.

Usage and Benefits

Background scanning allows you to see an accurate view of what computers are running the VNC and RDP services as well as what computers are currently pingable on your network. You set the amount of time between scans in the main program preferences and then let VENM fo the rest!

The powerful alerting features keep you up to date on what is happening even when you’re away from your desk. Each of these actions can be set in the group properties and overridden by the computer properties. Below is an overview of available alerting and actions.

• When a computer goes offline
  • Send an email to a designated address
  • Run a local custom command such as “PING -t %HOST%” or any other command that you have created using the Custom Commands feature in VENM.
• When a computer comes back online
  • Send an email to a designated address
  • Auto-connect to VNC once the VNC service has been detected
  • Run a script remotely on the computer once Windows has been fully loaded. This is a powerful way to schedule a script if the computer is currently not online.

How It Works

There is a decision tree method being employed for determining if a computer should be probed in the background. This decision tree is explained in the following bullet points.

• Scanning is enabled in the program preferences
  • Scanning is enabled in the group settings
    • Computer is inheriting settings from the group
      • Scan the computer according to group settings
    • Computer is overriding group settings
      • Services are selected in the computer settings
        • Scan the selected services
      • Services are NOT selected in the computer settings
        • Skip this computer in the group scan
  • Scanning is NOT enabled in the group settings
    • Skip the entire group from background scanning
• Scanning is disabled in the program preferences
  • Do no background scans at all

Conclusion

We’re excited about these new features in the VENM Console and will continue to build upon them. We would love to hear your feedback about this! Let us know what you think at feedback@vncscan.com

Twitter This

UserName: Password:

I’ve had a lot of requests for a way to disable XP firewalls on the network or at least open up the required ports to remotely manage the computers. If your workstations are protected by a NAT translating router with a decent firewall built into it, there is typically little need for the XP desktop firewall to be running on them.

If you have the XP firewall enabled, there’s very little that you can do in the way of remote management for these PC’s. Fortunately, there are was to automate the configuration of the XP firewalls on your network depending on what type of a network you are using.

Login Script Method

The easiest way to do this is with a login script. If your company is using a directory services such as Novel or Active Directory, you can create a script that runs each time that a user logs in. You can use this script to open the required firewall ports.

We run into a problem, however, if the user that is logging in does not have local administrative rights on his PC. This is required to modify the settings. For this, we can employ a nice piece of freeware called CPAU. Using this tool, you can do a run-as style command to make it go. Alternatively, you can use a tool such as Admin Script Editor to compile your script into an executable that runs under a specific security account. There are other tools that can do this and feel free to add them in the comments section if you would.

Active Directory Startup Script Method

You can also run the script using Active Directory’s group policy for the machine account. This script runs under the context of the machine’s system account and does not need to be elevated by tools such as CPAU. You can do this in the Group Policy Editor under “Windows Settings => Scripts => Startup”.

The following is a script that will open the required ports on the XP firewall:

netsh firewall set portopening udp 445 WindowsNetworking enable all
netsh firewall set portopening tcp 139 WindowsNetworking enable all
netsh firewall set portopening udp 137 WindowsNetworking enable all
netsh firewall set portopening udp 138 WindowsNetworking enable all
netsh firewall set portopening tcp 5900 VNC enable all
netsh firewall set portopening tcp 5800 VNC-HTTP enable all

Group Policy Method

You can set these options using Active Directory’s Group Policy, also. You can access this in the Group Policy Editor by navigating to “Computer Configuration => Administrative Templates => Network => Network Connections => Windows Firewall”.

Extra Notes

As a side note, if you choose to use a scripting tool such as Admin Script Editor to compile your script, you can also choose to distribute it directly to the end users so that they can execute it themselves.

Make sure that you also disable Simple File Sharing on the remote computers. That can be just as much of a barrier to remote administration as the firewall. I’ll make a post about that one soon.

Twitter This

UserName: Password:

How VENM Stores Data

Most data in VNCScan centers around the groups.xml file. This means that most other data resides in the same folder as this file. When you change the location of the groups.xml file in the main VNCScan preferences, much of the other data follows suit.

The default location for VNCScan data is under your “My Documents” folder inside a subfolder of “VNCScan\data”. If you browse that folder with Windows Explorer, you will see a lot of XML files.

There are a few key files that have special meaning. Here they are with their functions:

· Settings.xml – This file holds all of the initial settings for the console. It contains any customized file locations such as an alternate location for the groups.xml along with anything else that is global to the application.

· Groups.xml – This holds all of your group names along with their settings. You will find XML files in the same folder named after the group names, also. These files hold the computers and their settings.

For instance, if you have a group named “Default”, it would be listed in the groups.xml as well as have its own file named default.xml to hold it’s computers. It is separated out like this to improve performance.

· ConnectionLogs.xml – This holds the connection logs for each computer. It resides in the same folder as the groups.xml and moves with it.

· Computername_maint.xml – The Computername is any computer name with a maintenance log. These files store the maintenance logs for the computers.

Note: There is also a file called settings.xml located in the VNCScan program folder. That file should be backed up and restored with the rest of your data.

Other folders worth noting under ‘My Documents\VNCScan’ are:

· Jobs – Stores all of the remote scripts and their settings

· Profiles – Stores all of your VNC deployment profiles and their settings

Backing Up Your Data

These are the default folder locations that you should be backing up regularly:

· ‘My documents\VNCScan’

· ‘C:\Program Files\Bozteck\VNCScan Console .NET’

· ‘C:\fastpush’

Restoring Your Data

1. Close the VNCScan console and any open VNC sessions

2. Restore the data from your backup into the proper locations

3. Launch VNCScan Console.

Twitter This

UserName: Password:

It’s long been a feature in the VENM console. When you scan your network, the scanner would send a broadcast packet to obtain the MAC address of the detected computers on your LAN. The key concept in that sentence is “broadcast packet”.

Most of our customers are Network Administrators or Engineers so I probably don’t need to bore you with the reasons that using broadcast packets just does not work over a WAN connection such as VPN. If you’ve scanned over a VPN, you’re probably aware that the VENM console just fills the MAC address field with a bunch of 0′s.

We’ve been writing code into the latest scanning engine that will use other methods to attempt to detect the MAC address if the broadcast packet fails over a WAN or VPN. Right now, we have it working in the ‘Computer Properties’ window and we’re working to get it working in the scan.

The catch is that you need to have Administrative rights on the remote computers and the port required must not be blocked. This is typically TCP port 135.

This is just one of the many things that we’re working on for your next release.

Twitter This

UserName: Password:

As you probably know, VENM allows you to push and execute many types of scripts remotely on PC’s that are connected to your network (and that you have administrative access to). We’ve been getting a ton of requests for the ability to share these amongst administrators on your network.

By default, the scripts are in your “My Documents” folder under vncscan\jobs” You could share them manually by copying that folder to the same location on another computer but that’s not very elegant.

Right now, you can share your groups and deployment profile data but the scripts data is like the ‘black sheep’ that has been forgotten in all of this spirit of sharing.

Hey, it’s the season for sharing so this is getting moved to the top of the feature request pile. Hopefully, there will be a version release that has this feature before the end of 2007.

Twitter This

UserName: Password: