How to configure UltraVNC NTLM logon permissions?
Posted by Yury Averkiev, Last modified by Yury Averkiev on 31 May 2012 01:32 AM
UltraVNC ACL File Format

allow 0x3 domain\account
deny 0x3 domain\account

0x1 is ViewOnly, 0x3 is Interact and implies that you can also view the remote desktop.

domain can be a computername or the name of a domain.
If domain is not specified (like deny 0x3 account), Windows tries to match the account name to a local or a domain account.
It is not recommended to omit the domain part since this may lead to unexpected results.

account can be groupname or username.

If the accountname contains spaces, the domain\account expression is to be enclosed in quotationmarks:
allow 0x3 "domain\account"
Even if the accountname doesn't contain spaces, quotationmarks won't hurt.

MSLogonACL has two abbreviations for special domains:
one dot to denote the computername and two dots to denote the computer's domain:
.\account for a local account on the computer
..\account for an account in the computer's domain.