cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Remote Control (VNC) - usage logging

NetworkTech
Engaged Sweeper
We’ve been using Remote Control (VNC) for remote support. Problem is there is no audit trail and there are concerns of misuse. How do I track who is using Remote Control (VNC) and which machines they’re attaching two?
7 REPLIES 7

NetworkTech
Engaged Sweeper
Salamine, your idea worked perfectly; logging to an SQL database no less. Brilliant.

wcb
Engaged Sweeper III
Which VNC are you using? We don't use it much but I do have some installs of UltraVNC on our computers. UltraVNC does make an entry in the windows event log (application log, source = UltraVnc) whenever someone connects. If you are using a different flavor of VNC that does not log, perhaps you should consider switching.

Salamine
Engaged Sweeper III
Perhaps I misread the original issue as I assumed it had to do with using the 'Remote Control' link via the actions bar.

That script logs who clicked the link, when they clicked it, and what PC it's trying to connect to.

It really doesn't matter what the action is really doing. As you can see in the WshShell.Run line you can put anything in there you want. If you choose to you can change the run command to anything that the actions do.

I'll edit it and put in comments to make it more clear.

-Sal

isit
Engaged Sweeper
With the script you have, you are able to log who uses VNC? Is that the VNC only through Lansweeper? Because if they have downloaded the VNC to there machine however, its attached to the same domain, would that still log or only if they access it through lansweeper?

*This is really awesome!!!

Salamine
Engaged Sweeper III
You could just script the action and log it each time. Problem is, if your people are smart they could go in and edit the logs, but if they were smart they wouldn't be abusing a remoting software. And if they do prove to be smart, instead of writing the information to a log you could code it to e-mail you each time they use it.

remotecontrol.vbs {computer}


If WScript.Arguments.Count = 1 Then
'Bring in target computer name
strRemoteComputer= WScript.Arguments(0)
'Grab the data and time of calling the script
strDate = Date()
strTime = Time()

strComputer = "."

Dim WshShell
Dim objFSO
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set WshShell = WScript.CreateObject ("WSCript.shell")
Set objFSO= CreateObject("Scripting.FileSystemObject")
Set objText = objFSO.OpenTextFile("\\LansweeperServer\LansweeperShare$\logs\lsremotelog.txt", 8, True)
Set colItems = objWMIService.ExecQuery("Select * From Win32_ComputerSystem")

'Find the username of the person clicking the link
For Each objItem in colItems
strUser = objItem.UserName
Next

'Write the log entry with Date, Time, User, and Target PC
objText.WriteLine(strDate & " " & strTime & " " & strUser & " " & strRemoteComputer)
objText.Close

'Run your command
WshShell.run("\\LansweeperServer\LansweeperShare$\lsremote.exe " & strRemoteComputer)

End If



-Sal

P.S. Change file paths to something that actually works, and note that the lansweeper share isn't writable so you may want to put the log folder somewhere else.

Lansweeper
Lansweeper Former Employee
Lansweeper Former Employee
NetworkTech wrote:
How do I track who is using Remote Control (VNC) and which machines they’re attaching two?

This is not currently possible. Only those with administrative privileges on the target machines can remote control them however.

Lansweeper wrote:
This is not currently possible. Only those with administrative privileges on the target machines can remote control them however.


Please correct me if I am mistaken, but you can’t use Remote Control (VNC) and push it without just that -- privileged access. That’s my problem. I have an entire support staff using that feature anonymously and I can’t audit them.