Forum / NoMachine for Windows / User whitelist/blacklist on Windows machine
- This topic has 1 reply, 2 voices, and was last updated 5 months, 1 week ago by Britgirl.
-
AuthorPosts
-
July 17, 2024 at 22:11 #48844bsammonParticipant
Is it possible to control which users can log in to my Windows machine via NoMachine? The computer has a number of user accounts, but I only want a subset of those users to have remote(-via-NoMachine) access.
In my searches, I’ve found an article that seems to suggest that this can be controlled via Active Directory settings (which wouldn’t be applicable in my case) and some references to a “users DB”.
This seems like it would be a FAQ, but I haven’t found much — is there a document I’ve missed?
I’m running NoMachine v7 — would this be easier/better with NoMachine 8?
Does the answer depend a lot on which version of Windows I’m running?
July 19, 2024 at 18:09 #48865BritgirlKeymasterYes, it’s possible, in version 8, and version 7, by using the “EnableUserDB 1” key in the server.cfg file of the host you are connecting to. Before I explain how to do it, I want to mention first what is coming with NoMachine 9 which you might be interested in. NoMachine Network, which will remove the need to know the remote computer’s IP address and simplify connecting over the Internet (so no port-forwarding required), will allow you to configure which users can access the remote host, so what you call a “whitelist”. It’s a very straightforward way for users to limit access to specific users who connect using NoMachine Network.
Connecting to a remote host using its IP, the following method of enabling and restricting access remains as explained below.
All commands and edits to the server.cfg file must be executed with administrator privileges. Ensure you open your Command Prompt or PowerShell as an administrator when performing these actions.
1. Enable User Database
On the remote Windows where NoMachine is installed, edit server.cfg and set the following parameter:
EnableUserDB 12. Add Users to the “whitelist”
To enable access for specific users, use the following command:
%ALLUSERSPROFILE%\NoMachine\nxserver\nxserver.exe --useradd
3. Verify Allowed Users
To check the list of users who have been granted access, run the following command:
%ALLUSERSPROFILE%\NoMachine\nxserver\nxserver.exe --userlist
4. Disable Access for a User
To disable access for an existing user, execute the following command:
%ALLUSERSPROFILE%\NoMachine\nxserver\nxserver.exe --userdisable
We will improve our KB with an appropriate FAQ which targets free edition users. For the moment you can read more about this in any of the Enterprise guides: https://kb.nomachine.com/DT10R00171.
-
AuthorPosts
This topic was marked as solved, you can't post.