VNC Fastpush
VNC is an application that allows one computer to act as a terminal, viewing
and optionally controlling another computer. It is a useful tool for Computing
& Information Services’ support specialists, as it often allows them to solve a
problem quickly over the phone without an office visit. It can also allow you
to view and control your office computer from your home computer or from a
classroom podium computer.
VNC, which stands for Virtual Network Computing, includes two pieces of software.
One runs on the computer being viewed or controlled, while the other, the viewer,
runs on the controlling computer. The viewer is not even essential, because the
VNC program running on the computer to be viewed includes a small web server and
therefore allows access through a web browser.
VNC Variants
Tridia -
a variant of VNC which includes a number of modifications
from numerous sources. At the time of writing, the suite includes a few new
compression methods and other enhancements to boost performance.
TightVNC -
Although Tridia includes this form of compression, this was
the source. TightVNC was written by Const Kaplinsky to provide better
performance over dial-up connections. His improvements include optional JPEG
compression (so you can make the display quicker, but more lossy) amongst
other things. There's versions for both UNIX and Windows. Either version of the
program will work with the other version’s viewer, although the benefits of
tightVNC are realized only when using it on both ends of the connection.
zVnc -
VNC's security is satisfactory for LAN use, but over public
networks it's better to safe rather than sorry. zVnc is a development by Dave
Dyer and it includes zebedee compress/encryption. Those of you with a UNIX
background will probably have heard of this, but for the newbies amongst us
it's a more secure way of connecting to another zVnc server. Dave's zVNC page
can be found in the links section.
File Installation:
Copy winvnc.exe, vncviewer.exe and vnchooks.dll into destination folder.
If you're running Windows 9x, you need to copy omnithread_rd.dll into
your Windows\System folder. If you're using NT/2000/XP then copy that
into winnt\system32.
Install as service:
C:\Program Files\ORL\VNC> winvnc -install
Windows NT : The WinVNC service is installed and set up to run whenever
the machine is booted into Windows NT but IS NOT YET RUNNING! It will
run when the machine next reboots. If you want to start it immediately:
net start winvnc
The service should now be running, but won't know that you are logged in
until you log out and back in again. It won't yet appear on the taskbar.
Now type winvnc -servicehelper and this starts the helper program. This
is used to display an icon in the taskbar, as well as work out who logged
on the local box. This is important if you want to use individual user
settings.
Now run "winvnc -defaultsettings" (without the quotes) and this will
display a dialog box for the default user settings.
Remove:
When you wish to install a new version of WinVNC or simply wish to remove
WinVNC from your machine, you must first remove the service from the
system, using the WinVNC Administrative Tools or the -remove command-line
option. A message about failure to remove the service usually indicates
that it was not installed in the first place!
Ports:
A VNC server listens on two ports. The exact port numbers depend on the VNC
display number, because a single machine may run multiple servers. The most
important one is 59xx, where xx is the display number. The VNC protocol
itself runs over this port. So for most PC servers, the port will be 5900,
because they use display 0 by default.
To run on a different port, you need to tell the viewer the right display
number. Normally, display numbers come between 0 and 99. If you specify any
number smaller than 99, the viewers add 5900 to get the port number. If you
specify a larger number, the viewers take it as a port number directly. So
how do you use port numbers lower than 99? You have to specify a negative
display number! For example, to connect to a server running on port 80 on
machine 'snoopy':
vncviewer snoopy:-5820 (because -5820 + 5900 = 80)
5500 (Viewer in listening mode)
5900 (VNCServer)
5800 (VNCServer Java: http://192.168.1.100:5800)
VNC Command-line Options
-run
Causes WinVNC to run normally & ignore rest of command-line.
-install
Installs the WinVNC service and continues reading the command-line.
-remove
Removes the WinVNC service and continues reading the command-line.
-settings
Tells a running copy of WinVNC to show the User Properties box.
-defaultsettings
Tells a running copy of WinVNC to show the Default Properties box.
-connect host
Tells a running copy of WinVNC to initiate an outgoing connection
to a listening viewer running on the specified machine. This is the
equivalent of the 'Add New Client' menu option. You can put multiple
-connect options on one command line to connect to multiple viewers
at once.
-kill
Kills a running copy of WinVNC.
-about
Tells a running copy of WinVNC to show its About box.
If no options are given then WinVNC runs normally. Multiple options may
be given, so, for example, to upgrade a currently running WinVNC service
to a new version, you could use:
WinVNC_new -remove -install
which will stop & remove the old copy & install the new one as a service
WinVNC_new -kill -run
which will stop the running copy & run the new version as an application
WinVNC - Advanced Settings
Extra options have been added to WinVNC for use primarily by system
administrators, to tailor the server's behaviour to meet their particular
needs. The options are DWORD values which can be set in the system registry,
and tools such as the Windows Policy Editor can be used to apply these settings
across a large number of machines.
Versions 3.3.2 R5 and later use a more sophisticated organisation of these
options to allow more flexibility. It also makes it rather complex, so we're
thinking about alternative ways of doing this. WinVNC will currently look for
settings in the following places:
<![CDATA[
Local machine-specific settings. Options specified here are not overridable.
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\
Local default user settings.
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default
Local per-user settings. These override the local default user settings.
If there is no current user, the username SYSTEM will be used.
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\<username>
Global per-user settings. These are only read if AllowProperties has not
been set to zero (see below)
HKEY_CURRENT_USER\Software\ORL\WinVNC3
Most options can only be specified in a subset of these places, as specified
in each option's description below.
Advanced Options:
AuthRequired
By default, all WinVNC servers will not accept incoming connections
unless the server has had its password field set to a non-null value.
This restriction was placed to ensure that misconfigured servers would
not open security loopholes without the user realising. If a server is
only to be used on a secure LAN, however, it may be desirable to forego
such checking and allow machines to have a null password. Setting this
registry value to zero will disable null-password checking by WinVNC.
Local machine-specific setting.
AllowLoopback
By default, WinVNC servers disallow any vncviewer connections from the
same machine. For testing purposes, or, potentially, when using multiple
instances of WinVNC on Windows Terminal Server, this behaviour is
undesirable. Setting this registry entry to 1 will cause local-loopback
connections to be allowed. Setting it to zero will filter out such
connections.
Local machine-specific setting.
AllowProperties
If this is set to zero, the user is not allowed to view the properties
dialog and hence cannot change any settings, including the password.
Note that this stops all global per-user settings. A valid password must
therefore be in force before using this setting, generally in the local
default-user setting.
Local per-user setting.
AllowShutdown
If this is set to zero, the user is not allowed to close down WinVNC.
Local per-user setting.
AuthHosts
The AuthHosts setting is, unlike the other settings, a REG_SZ string.
It is used to specify a set of IP address templates which incoming
connections must match in order to be accepted. By default, the template
is empty and connections from all hosts are accepted. The template is of
the form:
+[ip-address-template]
?[ip-address-template]
-[ip-address-template]
In the above, [ip-address-template] represents the leftmost bytes of the
desired stringified IP-address. For example, +158.97 would match both
158.97.12.10 and 158.97.14.2. Multiple match terms may be specified,
delimited by the ":" character. Terms appearing later in the template take
precedence over earlier ones. e.g. -:+158.97: would filter out all
incoming connections except those beginning with 158.97. Terms beginning
with the "?" character are treated by default as indicating hosts from
whom connections must be accepted at the server side via a dialog box.
The QuerySetting option determines the precise behaviour of the three
AuthHosts options.
Local machine-specific setting.
QuerySetting
The QuerySetting allows individual users to tailor the degree of paranoia
expressed by the per-machine AuthHosts setting. It is a DWORD value ranging
from zero (maximum availability) to four (maximum security). The following
table indicates how the value affects the AuthHosts behaviour:
0 - +:Accept, ?:Accept, -:Query
1 - +:Accept, ?:Accept, -:Reject
2 - +:Accept, ?:Query, -:Reject [Default]
3 - +:Query, ?:Query, -:Reject
4 - +:Query, ?:Reject, -:Reject
By default, value 2 (Obey AuthHosts) will be assumed.
Local & global per-user setting.
QueryTimeout
The QueryTimeout setting indicates the number of seconds for which the
Accept Connection dialog (see AuthHosts and QuerySetting options) will
be displayed before rejecting the incoming connection automatically.
Local & global per-user setting.
AutoPortSelect
Causes WinVNC to select the first available display number automatically.
Corresponds to the 'Auto' checkbox in the Properties dialog.
Local or Global per-user setting
CORBAConnect
Only relevant in internal AT&T version. Local or Global per-user setting
DebugLevel
DebugMode
Run-time logging of all internal debug messages is now supported. Log
data may be output to a file or a console window (or the MSVC debugger
if the program was compiled with debugging active.) Two registry keys
are used: DebugMode indicates which logging methods to use,
[1 = MSVC debugger]
2 = Output to log file Winvnc.log in the WinVNC directory
4 = Output to a console window, displayed on-screen
Any combination of the above values may be used. e.g. DebugMode=6 will
cause output to be sent both to the WinVNC.log file and to the a console
window on the desktop. DebugLevel indicates how much debug information to
present. Any positive integer is valid. Zero indicates that no debugging
information should be produced and is the default. A value of around
10-12 will cause full debugging output to be produced.
Local machine-specific setting.
ConnectPriority
By default, all WinVNC servers will disconnect any existing connections
when an incoming, non-shared connection is authenticated. This behaviour
is undesirable when the server machine is being used as a shared
workstation by several users or when remoting a single display to multiple
clients for vewing, as in a classroom situation.
ConnectPriority indicates what WinVNC should do when a non-shared
connection is received:
0 = Disconnect all existing connections.
1 = Don't disconnect any existing connections.
2 = Refuse the new connection.
Local machine-specific setting.
IdleTimeout
This setting tells WinVNC how many seconds a connected VNC client may
remain idle for (no input events or update requests) before being
disconnected. If this setting is not specified or is set to zero then
no timeout is enforced.
Local or Global per-user setting
InputsEnabled
Corresponds (inversely) to the 'Disable Remote keyboard and pointer'
option in the Properties dialog box.
Local or Global per-user setting
LockSetting
WinVNC can be made to take actions when a viewer disconnectsby setting
this value as follows:
0 - none
1 - lock workstation on disconnect (not currently implemented)
2 - logoff on disconnect
Local or Global per-user setting
LoopbackOnly
By default, WinVNC servers accept incoming connections on any network
adapter address, since this is the easiest way of coping with multihomed
machines. In some cases, it is preferable to listen only for connections
originating from the local machine and aimed at the "localhost" adapter
- a particular example is the use of VNC over SSH to provide secure VNC.
Setting this registry entry to 1 will cause WinVNC to only accept local
connections - this overrides the AllowLoopback and AuthHosts settings.
Setting this entry to zero causes WinVNC to accept connections on any
adapter and is the default setting.
Local machine-specific setting.
Password
Local or Global per-user setting
PollUnderCursor
PollForeground
PollFullScreen
OnlyPollConsole
OnlyPollOnEvent
These correspond to the options in the Properties dialog box.
Local or Global per-user settings
PortNumber
specifies the port number to be used for VNC. You will need to disable
AutoPortSelect to use this.
Local or Global per-user setting
RemoveWallpaper
Indicates whether or not WinVNC should remove the user's background
wallpaper when an incoming connection is made. It is necessary to
reconnect in order for this setting to take effect.
Local or Global per-user setting
SocketConnect
This corresponds to the 'Accept Socket Connections' option in the
properties dialog box.
Local or Global per-user setting.
]]>
VNCHooks - Advanced Settings
WinVNC uses a special library, VNCHooks, to hook into the other running
applications and retrieve notifications of areas of the screen being changed.
The VNCHooks library uses the messages sent to visible Windows to decide which
areas need considering for update. Not all applications use the same method of
updating the screen, so you can tweak the method used by WinVNC for particular
applications by editing the registry. All the entries listed can be found under
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs
use_GetUpdateRect
When a window recieves a message, (WM_PAINT), indicating that
it should repaint itself, it is possible to find out precisely
which regions have changed, so that WinVNC need only scan those
for potential updates,increasing efficiency. However, this can
cause graphical glitches occasionally, particularly when an
application scrolls the contents of its window, in which case
only the revealed section of the window is marked as needing to
be updated. If these glitches prove to be a problem then edit the
\use_GetUpdateRect entry in the registry. A value of one
indicates that this optimisation will be used, while a value of
zero indicates that it will not.
use_Timer
A number of Windows applications, most notably the Clock program,
use WM_TIMER events to trigger updates to their displays, rather
than WM_PAINT messages. By default, timer messages are not used
to notify WinVNC of potential updates, since many programs use
timer events for purposes other than updating the screen. As a
result, the clock and a few other applications don't normally
update correctly under WinVNC. The fix to this is to edit the
\use_Timer entry in the registry. A value of one indicates
that WM_TIMER messages will trigger WinVNC updates, while a value
of zero indicates that they will not.
use_KeyPress
Some Windows applications write characters directly to the screen
when a user types into a window, rather than using WM_PAINT messages
to cause the text to be redrawn. To fix this, WinVNC can scan the
window every time a key is pressed, in order to catch the change.
To set this value for a problem application, edit the
\use_KeyPress entry in the registry. A value of one indicates
that key presses will cause updates, while a value of zero indicates
that they will not.
use_LButtonUp
use_MButtonUp
use_RButtonUp
Some Windows applications update the display directly in response
to mouse clicks, without using intermediate WM_PAINT messages, for
example. In order to catch such updates, it is necessary to trigger
WinVNC to update the relevant window whenever the left mouse button
is released. To set this value for a problem application, edit the
\use_LButtonUp entry in the registry. A value of one
indicates that left-button clicks will cause updates, while a value
of zero indicates that they will not. The same rules apply to the
middle and right buttons using the appropriate value name.
use_Deferral
The VNCHooks library catches messages sent to windows before they
are dealt with by the window. As a result, sending an update message
to WinVNC to indicate the potential change can result in WinVNC sending
the updated area to the client before it has actually been redrawn by
the application! This is a common problem, especially on multiprocessor
versions of NT, so deferred updates are used by default. Deferred
updates are handled by posting a custom message back into the window's
own message queue rather than posting to WinVNC directly. By the time
this custom message is seen again by the VNCHooks library, the message
that caused it will have been handled and the update can then be
forwarded to WinVNC without danger of being handled prematurely. A few
programs don't handle these extra messages in their queue very well,
so this optimisation is optional. It can be set by editing the
\use_Deferral entry in the registry. A value of one indicates
that deferred updates will be used, while a value of zero indicates that
they will not.