Difference between revisions of "TightVNC"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
(WPKG Package: changed method of v1 removal to cleaner command + added to upgrade as well.)
m (WPKG Package: changed revision number to match previous xml)
Line 21: Line 21:
 
id="tightvnc"  
 
id="tightvnc"  
 
name="TightVNC server"  
 
name="TightVNC server"  
revision="202"  
+
revision="2.0.2"  
 
priority="50"  
 
priority="50"  
 
reboot="false">
 
reboot="false">

Revision as of 11:03, 21 July 2010

TightVNC is one example of a VNC Server and Client, a standard means of remote access.

Running VNC server software on Windows allows you to connect to the Windows graphical environment using VNC client software on a remote computer. There are various VNC client and server softwares, such as TightVNC and UltraVNC. There are VNC clients for probably every operating system, so you don't need to be running Windows to connect to and use Windows. VNC uses the RFB protocol, a defined standard method for remote access, so generally speaking any VNC client will connect to any VNC server, however occasionally some VNC implementations have added non-standard features that other clients may not support, examples of this are UltraVNC's remote login and file transfer features.

VNC clients connect into the session currently running on Windows, so the remote user and the person who might be sat at the computer see the same thing; the client doesn't get a separate login prompt, if someone is already logged into the computer then you see that, otherwise you get to login.

For remote administration or remote staff working, for security reasons you are strongly advised not to enable remote access to desktop computers directly over the Internet, instead you should have a firewall in place (for example pfSense), running a VPN server, which clients are required to securely VPN into before they have unfettered access to connect to VNC on desktop computers running Windows (or other operating systems).

Version 2.0.x

TightVNC version 2 is a complete rewrite over version 1; it doesn't need the Mirage driver; the registry settings are in a different location; the command-line switches are different.

Preconfiguration Steps

  • download the new software and place it in your WPKG software folder.
  • on a PC install TightVNC and configure it with your password settings, etc.
  • using regedit export HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server and save it as settings.reg in your wpkg software folder. WARNING: as others can read this file it is possible that they could decrypt the VNC passwords!

WPKG Package

<package 
	id="tightvnc" 
	name="TightVNC server" 
	revision="2.0.2" 
	priority="50" 
	reboot="false">
		
	<check type="uninstall" condition="exists" path="TightVNC 2.0.2" />

	<!-- Uninstall TightVNC 1.x first --> 
	<install cmd='"%ProgramFiles%\TightVNC\WinVNC.exe" -remove' >
		<exit code="any" />
	</install>

	<install cmd='"%SOFTWARE%\Tools\RemoteControl\Tight.VNC.2.0.2\tightvnc-2.0.2-setup.exe" /S' />
	<install cmd='"%ProgramFiles%\TightVNC\tvnserver" -install -silent' >
		<exit code="1" />
		<exit code="0" />			
	</install>
	<install cmd='"%ProgramFiles%\TightVNC\tvnserver" -stop -silent' />
	<install cmd='regedit /s "%SOFTWARE%\Tools\RemoteControl\Tight.VNC.2.0.2\settings.reg"' />
	<install cmd='"%ProgramFiles%\TightVNC\tvnserver" -start -silent' />

	<!-- Uninstall TightVNC 1.x first --> 
	<upgrade cmd='"%ProgramFiles%\TightVNC\WinVNC.exe" -remove' >
		<exit code="any" />
	</upgrade>
	<upgrade cmd='"%SOFTWARE%\Tools\RemoteControl\Tight.VNC.2.0.2\tightvnc-2.0.2-setup.exe" /S' />
	<upgrade cmd='"%ProgramFiles%\TightVNC\tvnserver" -reinstall -silent' />
	<upgrade cmd='"%ProgramFiles%\TightVNC\tvnserver" -stop -silent' />
	<upgrade cmd='regedit /s "%SOFTWARE%\Tools\RemoteControl\Tight.VNC.2.0.2\settings.reg"' />
	<upgrade cmd='"%ProgramFiles%\TightVNC\tvnserver" -start -silent' />

	<remove cmd='"%ProgramFiles%\TightVNC\uninstall.exe" /sp- /silent /norestart' />
</package>

Version 1.3.x

See also silent installation for DFMirage hook display driver.

I install and manage TightVNC with the following XML package description:

<package id="tightvnc" name="TightVNC server" revision="130" priority="50" reboot="false">
 <check type="uninstall" condition="exists" path="TightVNC 1.3.10" />

 <install cmd="%SOFTWARE%\tightvnc\tightvnc-1.3.10-setup.exe /sp- /verysilent" />
 <install cmd="%ProgramFiles%\TightVNC\WinVNC.exe -reinstall" />
 <install cmd="%ProgramFiles%\TightVNC\WinVNC.exe -servicehelper" />
 <install cmd='cmd /c netsh firewall add allowedprogram program = %ProgramFiles%\TightVNC\WinVNC.exe name = "Launch TightVNC Server"' />

 <upgrade cmd='%SOFTWARE%\tightvnc\tightvnc-1.3.10-setup.exe /sp- /verysilent' ><exit code="0" reboot="true" /></upgrade>
 <upgrade cmd="%ProgramFiles%\TightVNC\WinVNC.exe -reinstall" />
 <upgrade cmd="%ProgramFiles%\TightVNC\WinVNC.exe -servicehelper" />
 <upgrade cmd='cmd /c netsh firewall add allowedprogram program = %ProgramFiles%\TightVNC\WinVNC.exe name = "Launch TightVNC Server"' />

 <remove cmd='"%ProgramFiles%\TightVNC\WinVNC.exe" -remove' />
 <remove cmd='"%ProgramFiles%\TightVNC\unins000.exe" /silent' />
</package>
 
<package id="tightvnc-settings" name="TightVNC server settings" revision="3" priority="5" reboot="false" execute="once">
 <depends package-id="tightvnc"/>
 <install cmd='cmd /c "%SOFTWARE%\tightvnc\tightvnc.bat"' />
 <upgrade cmd='cmd /c "%SOFTWARE%\tightvnc\tightvnc.bat"' />
 <remove cmd='echo "nothing"' />
</package>

tightvnc.bat is a simple batch script to setup TightVNC server and restart it:

:: start, restart or apply settings to tightvnc
::
net stop "VNC Server"
regedit /s %SOFTWARE%\tightvnc\tightvnc.reg
net start "VNC Server"

:: For some unknown reason the servicehelper does not restart.
::
%ProgramFiles%\TightVNC\WinVNC.exe -servicehelper
:: we ignore errors...
::
exit 0

tightvnc.reg contains the VNC server setup, most notably the access password:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL]

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3]
"MSLogonRequired"=dword:00000001
"NewMSLogon"=dword:00000001
"ACL"=hex:02,00,08,00,00,00,00,00
"ConnectPriority"=dword:00000002
"LoopbackOnly"=dword:00000000
"EnableHTTPDaemon"=dword:00000001
"EnableURLParams"=dword:00000000
"AllowLoopback"=dword:00000000
"AuthRequired"=dword:00000001
"DebugMode"=dword:00000000
"DebugLevel"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default]
"SocketConnect"=dword:00000001
"AutoPortSelect"=dword:00000001
"InputsEnabled"=dword:00000001
"LocalInputsDisabled"=dword:00000000
"IdleTimeout"=dword:00000000
"LocalInputsPriorityTime"=dword:00000003
"QuerySetting"=dword:00000002
"QueryTimeout"=dword:0000001e
"QueryAccept"=dword:00000000
"QueryAllowNoPass"=dword:00000000
"LockSetting"=dword:00000000
"RemoveWallpaper"=dword:00000001
"BlankScreen"=dword:00000000
"EnableFileTransfers"=dword:00000001
"PollUnderCursor"=dword:00000000
"PollForeground"=dword:00000001
"PollFullScreen"=dword:00000000
"OnlyPollConsole"=dword:00000001
"OnlyPollOnEvent"=dword:00000000
"PollingCycle"=dword:0000012c
"DontSetHooks"=dword:00000000
"DontUseDriver"=dword:00000000
"DriverDirectAccess"=dword:00000001
"LocalInputsPriority"=dword:00000000
"Password"=hex:e6,ee,26,ee,00,e2,e6,5b
"PasswordViewOnly"=hex:38,9a,aa,ee,ef,63,ef,e5

NOTE that passwords are encrypted, but this is not considered secure as someone can easily have access to the registry patch and decrypt the password.