Yea, TightVNC is excellent, I use it and the standard VNC everyday to manage over 2000 PC's over a WAN that spans most of the eastern seaboard.
I additionally use Citrix (rather costly but it has it's advantages!) to gain acces to my firewalled network, and then VNC to hop onto any of the machines on my WAN. Even over a dialup (AOL or MSN) it works remarkably well. I've used PCA and Timbuktu and found them to be a pain to manage, so VNC appeals to me for it's ease of use and as it's free as in beer! I also use Terminal Services on NT/2k servers as I have lots of users on old legacy machines (win95 etc) who use Office 2k and our own custom apps for our business, which on our racks of servers makes for quick reports etc...
VNC can be setup to have some additional protections (I know of the only password, but pick something that is wierd!). These details were taken from the VNC documentation on their site.
http://www.uk.research.att.com/vnc/winvnc.html.
AuthHosts
The AuthHosts setting is, unlike the other settings, a REG_SZ string. It is used to specify a set of IP address templates which incoming connections must match in order to be accepted. By default, the template is empty and connections from all hosts are accepted. The template is of the form:
+[ip-address-template]
?[ip-address-template]
-[ip-address-template]
In the above, [ip-address-template] represents the leftmost bytes of the desired stringified IP-address.
For example, +158.97 would match both 158.97.12.10 and 158.97.14.2. Multiple match terms may be specified, delimited by the ":" character. Terms appearing later in the template take precedence over earlier ones. e.g. -:+158.97: would filter out all incoming connections except those beginning with 158.97.
Terms beginning with the "?" character are treated by default as indicating hosts from whom connections must be accepted at the server side via a dialog box. The QuerySetting option determines the precise behaviour of the three AuthHosts options. Local machine-specific setting.