UltraVNC Server

If you run ultravnc server for the first time, the settings "ultravnc.ini file" does not exist and firewall need to allow winvnc. When no password has been set, ultravnc prompt you to set one. When you are running on XP and winvnc was installed as service you first get the "runas" box, DON'T FORGET TO UNCHECK else you tell runas that winvnc can't make changes to a file. First connection (loopback) Now that the server is running, we can make a fast test connection in loopbackmode.(loopback mode= server+ viewer on same PC) 1* Tell server to allow loopback 2* Tell viewer to connect to the server Start the viewer vncviewer.exe When all is ok you should see the viewer showing himself like watching 2 mirrors( not usufull to do anything, but it tell server and viewer can connect) First connection (local network) Install viewer  on second PC ( the pc you gonna use the control the server) * Use the installer and select viewer only. * Or, copy vncviewer.exe on a usb stick and plug this in your viewer PC. * Or, use a shared/mapped folder and copy. The server ip address can be found by hovering the mouse over the vnc server tray icon. Instead of "localhost" you need to enter this ip address Internet Connection We only handle 2 cases A. Server has a official ip address B. Server has a local ip and use a Nat router to connect to the internet.  The router has the official ip address. The way you connect is independed of the viewer ip address ( local, official) A. Server has a official ip address When the server has an official ip address there is no difference between a LAN or internet connection.  You need to enter the server ip in the viewer connection box.  ( see last part "First Run") B. Server has a private ip and use a Nat router to connect to the internet.  The router has the official ip address. The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks): 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 If your server has an ip address that's in one of the above ranges you are using some nat router to connect to the internet and the viewer can not make a direct connection to the server. The solution is tell the nat router that he need to send a port to your local pc , the viewer connect to the nat router ip address. Sample:

 

UltraVnc Server Installation Installation     Mirror driver only get downloaded, NOT installed.  This need to be done manual. For first time install you best don't register it as service, this can always be done later from the winvnc systray.  First test if it works, and then register as service when needed.   Automate Installation  If you need to install UltraVNC on a large number of computers, you might consider automating the installation. The following command line parameters can be passed to the setup: /dir="Dirname" Sets installation directory to Dirname. /no restart Suppresses a reboot at the end of the installation. Not required since the installation no longer requires are boot. /silent or /very silent Suppresses either pop-up of dialog boxes or any GUI at all. /loadinf="Filename" Loads the configuration file Filenamefor the installation. This configuration file can be generated by going through setup with UltraVNC-xxxx-Setup.exe /saveinf="Filename". Filename should be fully qualified. /log Writes a log file to the Temp directory. Could be used for debugging.   UltraVnc Server Configuration Admin Properties The "Admin Properties" menu item in the system tray UltraVNC icon menu refers to Default Local System Properties (service mode) or Current User Properties (application mode) and allows for customizing several areas: Configurations Incoming connections Accept Socket Connections Should be activated for normal operation. The display number and ports to use can be configured or set to Auto which defaults to Display 0, Port 5900and JavaViewer port 5800. The port is always Display No + 5900. Display Defaults to 0. Ports Defaults to 5900 and 5800 for HTTP. Enable JavaViewer (HTTP connect) Allows to view a remote computer by opening a browser and go to http://remote-machine:http-port/ Allow Loopback Connections Sometimes this could be helpful for tests. Normally it's not needed since the result is not very useful. Loopback Only Needed for tests. Connections from outside are not allowed. When last client disconnects In a helpdesk scenario, you normally "Do Nothing" when disconnecting. When administering servers via remote control, you might wish to either "Lock Workstation" or "Logoff Workstation" for security reasons. Query on incoming connection If enabled, every time someone tries to connect via UltraVNC, a pop-up dialog informs the user and asks the user to either accept or refuse the attempt. Configure the timeout for the dialog window and what action should be taken if the user clicked no button until timeout. Keyboard & Mouse Some situations (e.g. presentations) require that either the viewer or the remote computer don't input keyboard or mouse events. This can be configured by "Disable Viewer inputs" or "Disable Local inputs". Multi viewer connections Here you can configure the behavior if multiple viewers attempt to connect to the same UltraVNC server. "Disconnect all existing connections" implies that only one viewer can be connected at a time and the last one wins. "Keep existing connections" allows for several viewers simultaneously. "Refuse the new connection" implies that only one viewer can be connected at a time and the first one wins. "Refuse all new connections" ?? Authentication "VNC Password" is a per-machine password and is required. Require MS Logon Activates MS-Logon I. Works on Windows 9x as well as Windows NT4/2000/XP. Requires computer and user to be in the same domain. New MS Logon Activates MS-Logon II. Allows for cross-domain authentication, i.e. computer is in domain A, user in domain B with a trust between A and B (typically in Active Directory). Works only on Windows NT4/2000/XP. Configure MS Logon Groups Opens the configuration dialog for MS-Logon authorization. For MS-Logon I there is a dialog allowing to configure 3 groups. For MS-Logon II there is the standard Windows Security property page. DSM Plugin If there are any DSM (Data Stream Modification) Plugins available, their usage can be configured here. Currently there are several encryption plugins available. Miscellaneous Remove Wallpaper for Viewers To reduce network traffic the wallpaper on the remote computer's desktop can be removed during the connection.  Enable Blank Monitor on Viewer Request Allow viewers to disable the monitor if they request so. Enable File Transfer Enable the UltraVNC File Transfer. Log debug info to the WinVNC.log file Enable logging. The log file is in C:\WinNT\system32 if winvnc runs as service. The logging level can be configured in the registry. Disable Tray icon The icon in the system tray can be disabled to disallow users to change any settings. Forbid the user to close down WinVNC Disallow users to close down WinVNC. Disable clients options in tray icon menu Disable the "Properties" menu item in the system tray icon menu. Capture Alpha-Blending Capture also semi transparent screens Enable Alpha-Blending Screen Blanking Enable another method to disable the monitor. Default Server Screen Scale The server screen can be scaled down here. Properties The "Properties" menu item in the system tray UltraVNC icon menu refers to per user settings. System Hook Dll Provides DDI hooking, especially on Windows 9x. Video Hook Driver The video hook driver provides high speed and low CPU load on Windows 2000/XP/2003. Check the Video Hook Driver Here you can test the video hook driver, see it's version and whether it's currently active. Low Accuracy Get higher speed with reduced accuracy. Share only the Server Window Named Do not share the whole desktop but only the window with the specified name.   ultravnc.ini [Permissions] [admin] accept_reject_mesg= Custom accept/reject messageBox text. to change the messageBox logo add logo.bmp in the ultravnc folder service_commandline= This is used to instruct the service to start winvnc (in service mode) with a specific command line. This is the same syntax as the commandline except you don't put -run at the end. sample: service_commandline=-autoreconnect -connect 192.168.1.30 This tell the service to make an invers connection to 192.168.1.30 and retry when it fail. FileTransferEnabled=1 Enable Filtransfer FTUserImpersonation=1 When doing a file transfer, act as desktop user. When you don't put 1 the filetransfer is done as user "system". User system don't have access to mapped drives and pose a security issue... a normal user can FT as admin. BlankMonitorEnabled=1 This allow the viewer to blank the screen CaptureAlphaBlending=1 Capture alphaBlending is needed for semi transparent windows ( xp, vista...) but use more cpu. BlackAlphaBlending=0 Instead of using the powermanager to blank the monitor we put a layered window on top and capture the windows below. Using this option you also can define a custom blank by placing a file "background.bmp" in the ultravnc folder. DefaultScale=1 Set scale UseDSMPlugin=0 Use the defined encryption plugin DSMPlugin= Name of the plugin primary=1 secondary=0 When using multi-monitors ( driver required) you can define the default behaviour. Show only primary/Secunday or both SocketConnect=1 Need to be one, else no socket is listening for a connection PortNumber=0 Manual set listening port ( default 5900) HTTPConnect=1 Start a sond port, this act as webserver for java viewer HTTPPortNumber=0 manual set port for http (default 5800) XDMCPConnect=0 no longer used AutoPortSelect=1 The port is 5900, but when port 5900 is already in use the auto mode take one higher until he find a free one. InputsEnabled=1 Allow the viewer to control the server LocalInputsDisabled=0 Block the server input, only remote access is possible IdleTimeout=0 Disconnect after a idle period ( 0 = default, no idle time out , seconds) EnableJapInput=0 This can be used for Japanese and other non standard keyboards. The key processing is different and sometimes solve issue's with special keys. AuthHosts= + =allow - = deny = query syntax: -:+10.0.60.141:?10.0.31.169:-10.0.20.240: instead of 10.0.60.141 you can use 10.0.60, then it is valid for the full range of ip addresses. QuerySetting=2 Define on how to react on the (-,?,+) from the Authhosts. 0="+:Accept, ?:Accept, -:Query" 1="+:Accept, ?:Accept, -:Reject" 2="+:Accept, ?:Query, -:Reject [Default]" 3="+:Query, ?:Query, -:Reject" 4="+:Query, ?:Reject, -:Reject" It is used to specify a set of IP address templates which incoming connections must match in order to be accepted. By default, the template is empty and connections from all AuthHosts_Tip5="hosts are accepted. The template is of the form: +[ip-address-template] [ip-address-template] -[ip-address-template] In the above, [ip-address-template] represents the leftmost bytes of the desired stringified IP-address. For example, +158.97 would match both 158.97.12.10 and 158.97.14.2. Multiple match terms may be specified, delimited by the ":" character. Terms appearing later in the template take precedence over earlier ones. e.g. -:+158.97: would filter out all incoming connections except those beginning with 158.97. Terms beginning with the "?" character are treated by default as indicating hosts from whom connections must be accepted at the server side via a dialog box. The QuerySetting option determines the precise behaviour of the three AuthHosts options. QueryTimeout=10 QueryTimeout is the time the messagebox is shown. QueryAccept=0   ( 0=refuse 1=accept  2=refuse) This popup a timed messagebox to allow the user (server site) to allow/reject an incoming connect. QueryIfNoLogon=0 Disable/enable query settings when no user is logged. If the user is logged on, but has his screensaver on you normal can't get access as "QueryIfNoLogon" find a logged user. to overwrite this set QueryAccept=2 and QueryIfNoLogon=0 -> no messagebox when screen is locked. LockSetting=0 0="none" 1="lock workstation on disconnect(NA)" 2="logoff on disconnect" MaxCpu=xxx MaxCpu=100 (winvnc can use full 100% cpu) MaxCpu=40 (winvnc can use max 40% cpu) RemoveWallpaper=1 A image as background takes more cpu and bigger bandwidth then a solid color. Disable on viewer connect, reenable on exit. RemoveAero=1 Remove Aero on viewer connect and reset on exit. Makes Vista win7 Faster Avilog=0 Currently not used path=d:\ultravnc_src\ultravnc\winvnc\debug Define the directory in which to save the winvnc.log file. Make sure this directory is writable by system ( no mapped folder) DebugLevel=0 DebugLevel indicates how much debug information to present. Any positive integer is valid. Zero indicates that no debugging information should be produced and is the default. A value of around 10-12 will cause full debugging output to be produced DebugMode=0 Run-time logging of all internal debug messages is now supported. Log data may be output to a file or a console window or the MSVC debugger if the program was compiled with debugging active.) AllowLoopback=0 0 = Disable connection from localhost (Default) 1 = Enable connection from localhost By default, WinVNC servers disallow any vnc viewer connections from the same machine. For testing purposes, or, potentially, when using multiple instances of WinVNC on Windows Terminal Server, this behaviour is undesirable. LoopbackOnly=0 By default, WinVNC servers accept incoming connections on an network adapter address, since this is the easiest way of coping with multihomed machines. In some cases, it is preferable to only for connections originating from the local machine and aimed at the "localhost" adapter - a particular example is the use of VNC over SSH to provide secure VNC. Setting this will cause WinVNC to only accept local connections - this overrides the AllowLoopback and AuthHosts settings. AllowShutdown=1 Allows Shutdown tray menu option to be visible (1) or not (0) AllowProperties=1 0 = Disable "Properties" option in uvnc server tray menu 1 = Enable "Properties" option in uvnc server tray menu AllowEditClients=1 0 = Disable "Edit Clients" options in uvnc server tray menu 1 = Enable "Edit Clients" options in uvnc server tray menu FileTransferTimeout=30 KeepAliveInterval=5 Timings for Filetransfer and keepalive message (seconds) DisableTrayIcon=0 Don't show the winvnc tray icon. Without the tray icon you can't make realtime changes. You need to edit the ultravnc.ini manual or use the uvnc_settings.exe to modify the file. Settings take efect after winvnc restart. MSLogonRequired=0 Use MS password instead of the vncpasswd NewMSLogon=0 Use ACL instead of a group list ConnectPriority=0 ConnectPriority indicates what WinVNC should do when a" non-shared connection is received By default, all WinVNC servers will disconnect any existing connections when an incoming, non-shared connection is authenticated. This behaviour is undesirable when the server machine is being used as a shared workstation by several users or when remoting a single display to multiple clients for viewing, as in a classroom situation. UseRegistry=0 0= use ultravnc.ini 1= use registry the same way as in v102 AuthRequired=1 By default, all WinVNC servers will not accept incoming connections unless the server has had its password field set to a non-null value. This restriction was placed to ensure that misconfigured servers would not open security loopholes without the user realising. If a server is only to be used on a secure LAN, however, it may be desirable to forego such checking and allow machines to have a null password. sendbuffer=xxxx variable available starting uvnc 1.0.8.0 sendbuffer=1500 (wifi or value less) sendbuffer=4096 (lan 100Mbit) sendbuffer=8192 (lan 1GBit, aka jumbo packet) [ultravnc] passwd=AAA967DDDDD692AE9C passwd2=D00590A01299C90079 password lenght 8 byte alphadigit + 1 byte alphadigit checksum by uvnc but ignored you can use vnc pwd generator and then manually add 2 caracters alphadigit passwd = full control read/write passwd2= watch (read only) <-- available since uvnc 1.0.8.0 never use both same password ! otherwise, only watch, read only [poll] TurboMode=1 Fast scan screen, some small changes can be missed PollUnderCursor=0 Poll the window below the cursor PollForeground=0 Poll the foreground window PollFullScreen=1 Poll the full screen ( default) OnlyPollConsole=0 Don't use OnlyPollOnEvent=1 Bad updates, only poll screen when mouse/keyboard is used. Minimize bandwidt EnableDriver=0 Use mirror driver when installed EnableHook=1 Use hookdll when installed EnableVirtual=0 SingleWindow=0 SingleWindowName= Current not used [admin_auth] group1= group2= group3= locdom1=0 locdom2=0 locdom3=0 Used by MSlogon ( not new mslogon)   UltraVNC Server Commandline Parameters winvnc [-sc_promt] [-sc_exit]  [-id:????] [-autoreconnect[ ID:????]] [-connect host[:port]] [-connect host[::port]] [-run] Parameters are order dependent !! -connect host[:port] -connect host <--- would connect to port 5500 if port < 1024 +5900 is added Sample: host:1 -> port=5901,host:21 -> port=5921 -connect host[::port]   ( 2 X : ) host::21 -> port=21 Special case: host[::port] =???   ==  request host and port -autoreconnect Is used in conjunction with the -connect switch when having a server "Reverse-connect" to a listening viewer. You can use it in a batch file for your clients that are behind a firewall that is not under your control. The batch file looks something like this: "c:\program files\ultravnc\winvnc" -autoreconnect -connect 12.34.56.78 On the local computer run the viewer in "listening" mode, and have someone on the server end run the batch file. The -autoreconnect will make the server end attempt to reconnect to the listening viewer if the connection drops or is closed. It will immediately reconnect to the listening viewer if the session is closed. Close the listening viewer altogether in order to stop the server end from "autoreconnecting" to your computer. The server attempts to "autoreconnect" for only a few seconds. Note that this "autoreconnect" param must be before the "connect" one on the command line! -autoreconnect[ ID:????] -id:???? The id is used when using a repeater. In that case the id identify the server to the repeater. When id is used, the host in "-connect host..." is the repeater. example: winvnc -sc_prompt -sc_exit -id:1234 -connect repeaterhost -run -kill Close winvnc running as service or started as application -run Need to be the last parameter, tell winvnc that no more parameters are left -sc_prompt This option modify some behavioiur for Single Click usage. *Pass server info to viewer and request viewer accept (This use an unofficial rfb protocol, require ultravnc viewer) -sc_exit *Server quit when viewer disconnect *Don't exit when desktop switch to UAC/winlogon -settings Internal used to be able to save to ultravnc.ini. On >= Vista, the program folder is a protected folder and require elevated permission. ultravnc.ini is first saved in a temp folder, then this file is red and data is copied to the real ultravnc.ini in program files. -securityeditor Start the acl editor for mslogon II SERVICE -service Internal switch used by uvnc_service to tell winvnc is started by a service -service_run Internal used for the special service_commandline option in ultravnc.ini. -stopservice Stop winvnc service -startservice Stop winvnc as application and restart winvnc as service -install Install the service, require admin (<=xp) or elevated access ( >=Vista) -uninstall Uninstall the service, require admin (<=xp) or elevated access ( >=Vista) -uninstallhelper -installhelper -startservicehelper -stopservicehelper -securityeditorhelper -settingshelper Internal used by winvnc. The helpers are needed to simulate the current console user ( Service run as system). The start winvnc with the corresponding command line without "helper" with the "runas" option. Sample winvnc (press install service) -->create process as current user winvnc -installhelper winvnc -installhelper -> start winvnc -install with (shellexec "runas" option) -multi :  don't check if winvnc is already running

More Articles...

• UltraVNC Server MS-Logon Authentication