UltraVNC ACL File Format
allow 0x3 domain\account
or
deny 0x3 domain\account
0x1
is ViewOnly, 0x3
is Interact and implies that you can also view the remote desktop.
domain
can be a computername or the name of a domain.
If domain is not specified (like deny 0x3 account
), Windows tries to match the account name to a local or a domain account.
It is not recommended to omit the domain part since this may lead to unexpected results.
account
can be groupname or username.
If the accountname contains spaces, the domain\account expression is to be enclosed in quotationmarks:
allow 0x3 "domain\account"
Even if the accountname doesn't contain spaces, quotationmarks won't hurt.
MSLogonACL has two abbreviations for special domains:
one dot to denote the computername and two dots to denote the computer's domain:
.\account
for a local account on the computer
or
..\account
for an account in the computer's domain.