VNC session with locked screen

6

2

Is there a way to run a VNC session while the screen is "locked" on windows?

I want to start a VNC server on a windows box, lock the screen (so that no one locally can access it), and then later connect to that box with VNC.

I'd prefer the native windows locking, but any password protected lock is good.

zzz

Posted 2012-04-01T20:50:55.120

Reputation: 279

Wouldn't a user password accomplish this? When you connect to it remotely and use the password, it won't unlock the local machine. – Raystafarian – 2012-04-02T10:32:38.580

Answers

3

Unfortunately, there's a conceptual problem here. VNC works by rendering your desktop on the local machine, and then effectively taking pictures of the desktop and sending them across the network. This means that what VNC sends must be rendered on the serving computer.

While Windows has the capability of hosting multiple interactive sessions at once, it is disabled in non-server editions and seldom used anyway. This means that in practice a VNC server must send what is being rendered by the interactive session at the local console - so what you see in your VNC session must also be what's sent to the display.

There are two potential workarounds:

  1. A display driver shim that sits between Windows and your graphics card and replaces the video data with something else, like a blank screen. This is the method that LogMeIn uses if you enable Display Blanking - while a LogMeIn session is active, it uses a display driver it installs to effectively disconnect the monitor.
  2. Use RDP, since RDP sessions are a native interface to Windows, and not just a 'remote desktop' protocol - there is a significant conceptual difference between RDP and VNC. (in fact, since non-server Windows editions only permit one session at a time, logging in to a computer by RDP will forcibly lock the console session if someone is logged in there).

As for option 1, I'm not aware of any VNC servers that implement this feature, but I suspect they must exist. If nothing else, LMI does implement it as I mentioned.

As for option 2, I'd say there's a high chance that this is what you really should be doing. In most cases RDP is a superior option performance, security, and feature-wise. The exception would be if you have a Home edition of windows, since only Professional and above allow you to enable the RDP server (although it is installed in Home editions, just disabled).

jcrawfordor

Posted 2012-04-01T20:50:55.120

Reputation: 15 203

Although technically, the lock screen is displayed on a different "Desktop" object than the user programs, so VNC should be able to access it... Also, the multi-session capability of Windows is always on, and is called "Fast User Switch" starting with XP. It only limits to one active session, though (not counting unofficial patches). – user1686 – 2012-04-01T21:35:57.487

I was considering as I wrote the answer whether or not any VNC server might exploit this, but my understanding of Windows is that at least WPF programs will stop drawing when they're not attached to the monitor or an RDP session. I'm not sure of this, though, so maybe there's some VNC server out there that pulls a clever session trick. – jcrawfordor – 2012-04-01T21:42:31.943

They probably would; it's a sensible optimization. – user1686 – 2012-04-01T21:45:46.633

@grawity: input (e.g., the SendInput function) and window messages also stop working as expected when the desktop isn't visible. I'm not sure why. – Harry Johnston – 2012-04-02T00:06:39.400

1

This depend of the Windows version, the way you install VNC, and VNC version.

First, you have to install VNC as a service.

Then for Windows Vista and 7, you have to disables UAC to let VNC unlock the screen. You can't forget it because is you don't, a window is dislpayed explaing the problem.
Windows XP, 2003 and 2008 are without tuning.

Some commercial versions are ok with UAC enabled. Maybe some GPL versions work too but I don't know one.

Gregory MOUSSAT

Posted 2012-04-01T20:50:55.120

Reputation: 1 031

1

I managed to do this by accident... I'm VNC'd in and can see the current session, but the actual computer shows the lock screen.

I believe this happened because I started an RDP session previously, which locks the screen, then VNC is re-using that RDP session.

KERR

Posted 2012-04-01T20:50:55.120

Reputation: 329

0

UltraVNC is capable of this (logging into a locked screen, unlocking it but leaving the monitor in sleep mode, and locking again at disconnect).

See https://forum.ultravnc.net/viewtopic.php?t=12319

Ben Voigt

Posted 2012-04-01T20:50:55.120

Reputation: 6 052