[thelist] remote administration utils

.jeff jeff at members.evolt.org
Tue Dec 10 02:09:01 CST 2002


> From: Joel Canfield
> --
> Different scenario for me; I tend to be in the
> installing and configuring biz as much as the ongoing
> use biz, and I druther have complete control at such
> times.

i don't see how ts would give you any less control than vnc.  in fact, the
server i got recently was built almost entirely via ts.  the only thing i
didn't do was the install of the actual os.  as soon as that was done, the
rest was taken care of via ts.  i think it's almost better than using a kvm
switch on a bunch of boxes.

> > my experience, is the quality of the connection. [...]
> True, in a Windows to Windows connection. Not possible
> in my Unix/Linux/Windows/Mac environment.

well sure, but do you really need a gui connection to a unix/linux box?
wouldn't some sort of cli over ssh be sufficient?  and would you really ever
remotely administer a mac box, let alone use one as a server?  personally,
the only reason i'd *ever* remotely connect to a mac would be to test
something in a mac browser (and that's only cause there's no such thing as
mac emulation on a pc).

> > from a security standpoint, ts is more secure than vnc
> > simply because vnc is not keyed into any user system
> > on the machine.  so, everyone with the vnc access
> > info has the same privileges.
> scuse me? Bob User VNCs to a machine; when he logs in,
> he authenticates to the network and gets (or doesn't)
> prvileges. VNC is just the connection, not the
> authentication.

ok, fair enough.  it's been so long since i used vnc that i forgot that it
can run as a service on some machines allowing you access without being
logged in with a user account.  that isn't true of all machines though --
win95, win98, and most macs don't allow this functionality -- though they
also don't support ts.

back when i was using vnc (a couple of years ago), we didn't have individual
user accounts on the machines.  instead, those who knew the vnc password
also knew the administrator password and just logged in as the
administrator.  yeah, not the best idea from a security standpoint --
especially since the vnc password and the password for the administrator
account were the same thing.  ;p

> You *do* keep all your servers logged off or locked
> unless they're in use, right?

yes, i do.

> Right. I got the impression somewhere along the line
> that the question was about remote control for *support*
> in which case, TS ain't gonna happen.  I can put VNC on
> any desktop I want, and pop into a shared session to
> watch the user, or even take over while I show them how
> to do whatever they're doing. Not possible with TS, is
> it?

true, you can't connect *to* anything other than xp or win2k, but there are
clients that work on any os in the windows family.

here's a link to an install for the remote desktop client:

and a link on how to use ts via ssh tunneling for nearly bulletproof gui
access to other machines.

> > if i had to make the choice again, i would pick ts
> > over vnc anyday.
> For sys admin in a homogenous environment (which is what
> it turns out the original query was mostly about), true.


> For HelpDesk support or mixed OS environment, nah.

support is a completely different can of worms for sure.


jeff at members.evolt.org

More information about the thelist mailing list