RealVNC Security

[Adam Kane <kane () linkitsoftware com>]

My software company currently uses two specific machines (both running
Windows 2000 Pro) as "VNC" machines.  The purpose for these machines are
to display two of our software products, and allow remote login to the
computers for potential clients (very few ask) to test out the program,
rather than us creating a 30-day trail type of setup.

The problem I'm running into is correctly securing these machines.  I've
set it up (realvnc) so it's using encryption, and created very strong
passwords, along with running on a different port specified by me,
rather than the default port, but it always seems to fail, as I come in
sometimes and find stuff wrong with them, like ad ware, or a message box
pop up from netsend, etc.

I have also gone as far as editing the registry for the specific user
that we set up to run the RealVNC Server - the user is called Client.  
We made changes to the explorer policies so that the desktop would not
show, along with disabling Internet explorer, and a few other things I
found from a registry hack website.. but that hasn't seemed to help
either.

The problem is that we need these VNC machines in order to show clients
our software, but we don't want to have to keep re-formatting every week
to ensure they are clean.

Any suggestions on how to keep these machines secure and accessible to
our potential clients, and keeping these machines away from any other
networked computers is appreciated.  Thanks.

Attachment: signature.asc
Description: OpenPGP digital signature