Deploying SecureVNC Encryption for UltraVNC

Spread the news
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

The latest release of VNCScan (2011.3.27) has started the move from the old UltraVNC msrc4plugin_noreg.dsm encryption plugin to the newer and more supported SecureVNCPlugin.dsm.

The main reason for this move was the lack of 64 bit support in the old plugin as well as its requirement for a manually generated RC4 encryption key to be shared at both ends of the connection.

VNCScan has historically done a pretty good job at making this seamless for our users but it’s a lot of extra work around code that can finally see it’s sunset.

What this means for you

If you are currently using VNCScan to deploy UltraVNC with encryption enabled, chances are you’re using the old msrc4 type of encryption.  To take advantage of the new higher security, you will need to edit the deployment profile that you used when deploying it the first time or create a new one from scratch.  You will, then, need to deploy that new profile to the computers who you want to secure.

Here, I will walk you through creating a brand new profile and deploying it to a computer.

Step 1 – Create the profile

1. Launch the profile editor

deploy1

2. Create a new profile

deploy2

3. Give the profile a name and a password.  Make sure that UltraVNC is selected

Deploy3

4. Choose the SecureVNC encryption plugin.  Make sure that the checkbox is set for Encryption

Deploy4

5. Save the profile then close out of the profile selector

Deploy5

6. Select the computers that you want to deploy this profile to, then choose “Deploy to selected” from the dropdown menu

Deploy6

7. Make sure that your new profile is selected in the deployment window and that you have supplied an Administrator level username and password on the remote systems.  Press Go to complete the deployment

Deploy7

 

Once the deployment has completed, you should be able to connect to the remote computers and see the following in the title bar of the viewer:

Deploy8

 

Troubleshooting

It is worth pointing out how VNCScan tells the vncviewer.exe to use the encryption plugin while connecting because that is typically the thing that trips people up from time to time.

When the deployment tool is completed, it locates the computer in VNCScan and sets some properties for it that can be viewed by right-clicking the computer (in VNCScan) and choosing “Computer Properties”.

The most important settings for this to work right are shown below.

Deploy9

As you can see, these must match the settings for the deployment profile that you used when deploying.  Eventually the MSRC4 plugin will completely go away so you will want to do this to all of your computers soon.

Please leave comments and suggestions for these changes below.

  • Matt

    Anyway to apply the step under troubleshooting to mass computers at the same time? Some of my computers are reflecting the change after the new install, some are not. It’s painful having to do it one computer at a time. Thanks

  • Sbostedor

    Which step are you referring to?

  • Matt

    The step in which the screenshot (deploy9) refers to under troubleshooting. nnThanks

  • Llee2

    If you run your vnc vncviewer.exe from a network share, make sure you also copy the plugin files (SecureVNCPlugin.dsm, SecureVNCPlugin64.dsm) to that same network share location.