TightVNC

TightVNC is a VNC client and server, available from http://www.tightvnc.com.

Running a VNC (virtual network computing) server software on Windows allows you to connect to the Windows graphical environment using VNC client software on a remote computer. There are various VNC client and server softwares, such as TightVNC and UltraVNC. There are VNC clients for probably every operating system, so you don't need to be running Windows to connect to and use Windows. VNC uses the RFB protocol, a defined standard method for remote access, so generally speaking any VNC client will connect to any VNC server, however occasionally some VNC implementations have added non-standard features that other clients may not support, examples of this are UltraVNC's remote login and file transfer features.

VNC clients connect into the session currently running on Windows, so the remote user and the person who might be sat at the computer see the same thing; the client doesn't get a separate login prompt, if someone is already logged into the computer then you see that, otherwise you get to login.

For remote administration or remote staff working, for security reasons you are strongly advised not to enable remote access to desktop computers directly over the Internet, instead you should have a firewall in place (for example pfSense), running a VPN server, which clients are required to securely VPN into before they have unfettered access to connect to VNC on desktop computers running Windows (or other operating systems).

Downloads can be done from here.

Version 2.5.x

TightVNC version 2.5 includes a new viewer, native 64-bit versions of all components, and an MSI installer. With the MSI installers, we can directly configure the options without the need of an extra Regedit file.

Read the pdf if you want more informations: http://www.tightvnc.com/doc/win/TightVNC_2.7_for_Windows_Installing_from_MSI_Packages.pdf

WPKG Package

<package id="Tightvnc" name="Tightvnc Server" revision="%version%" reboot="false" priority="70">

<variable name="version" value="2.7.10"/>


<!-- To switch between platforms -->
<variable name="plateform" value="32" architecture="x86"/>
<variable name="plateform" value="64" architecture="x64"/>

<!-- Those 2 commands will set password in the next MSI variables -->
<variable name="TVNCCONTROLPWD" value="password123" />
<variable name="TVNCACCESSPWD" value="password321" />

<!--
Variables from the MSI file. Please read the PDF for further details
http://www.tightvnc.com/doc/win/TightVNC_2.7_for_Windows_Installing_from_MSI_Packages.pdf
-->

<variable name="tvnc_options" value='ADDLOCAL="Server,Viewer" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=%TVNCACCESSPWD% SET_VIEWONLYPASSWORD=1 VALUE_OF_VIEWONLYPASSWORD=%TVNCACCESSPWD% SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=%TVNCCONTROLPWD%' />

<check type="uninstall" condition="versiongreaterorequal" path="TightVNC" value="%version%"/>
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\vnc\tightvnc-%version%-setup-%plateform%bit.msi" %tvnc_options%' />

<upgrade cmd='"%ProgramFiles%\TightVNC\tvnserver" -stop -silent'><exit code="any"/></upgrade>
<upgrade include="remove"/>
<upgrade include="install"/>

<remove cmd='msiexec /qn /x "%SOFTWARE%\vnc\tightvnc-%version%-setup-%plateform%bit.msi" ' />
</package>

Version 2.0.x

TightVNC version 2 is a complete rewrite over version 1; it doesn't need the Mirage driver; the registry settings are in a different location; the command-line switches are different.

Preconfiguration Steps

  • Download TightVNC and place it in your WPKG software folder.
  • On a test computer, install TightVNC and configure it with your password settings, etc.
  • Use regedit to export HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server (or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TightVNC\Server if running 32-bit TightVNC on 64-bit Windows) and save it as settings.reg in your WPKG software folder. WARNING: as others can read this file it is possible that they could decrypt the VNC passwords!

WPKG Package

<package 
	id="tightvnc" 
	name="TightVNC Server" 
	revision="2" 
	priority="30" 
	reboot="false">
 
	<check type="uninstall" condition="exists" path="TightVNC 2.0.4" />
 
	<!-- Install TightVNC -->
	<install cmd='"%SOFTWARE%\tightvnc\tightvnc-2.0.4-setup.exe" /S' />

	<!-- Install the TightVNC Server as a service -->
	<install cmd='"%PROGRAMFILES%\TightVNC\tvnserver" -install -silent' >
		<exit code="1" />
		<exit code="0" />			
	</install>

	<!-- Stop the TightVNC Server whilst we import settings -->
	<install cmd='"%PROGRAMFILES%\TightVNC\tvnserver" -stop -silent' >
		<exit code="1" />
		<exit code="0" />			
	</install>

	<!-- Import settings -->
	<install cmd='regedit /s "%SOFTWARE%\tightvnc\tightvnc-settings.reg"' />

	<!-- Restart the TightVNC Server -->
	<install cmd='"%PROGRAMFILES%\TightVNC\tvnserver" -start -silent' />

	<upgrade cmd='"%SOFTWARE%\tightvnc\tightvnc-2.0.4-setup.exe" /S' />

	<upgrade cmd='"%PROGRAMFILES%\TightVNC\tvnserver" -reinstall -silent' />

	<upgrade cmd='"%PROGRAMFILES%\TightVNC\tvnserver" -stop -silent' >
		<exit code="1" />
		<exit code="0" />			
	</upgrade>

	<upgrade cmd='regedit /s "%SOFTWARE%\tightvnc\tightvnc-settings.reg"' />

	<upgrade cmd='"%PROGRAMFILES%\TightVNC\tvnserver" -start -silent' />

	<remove cmd='"%PROGRAMFILES%\TightVNC\uninstall.exe" /S' />
</package>

Version 1.3.x

See also silent installation for DFMirage hook display driver.

WPKG Package

<package id="tightvnc" name="TightVNC server" revision="130" priority="50" reboot="false">
 <check type="uninstall" condition="exists" path="TightVNC 1.3.10" />

 <install cmd="%SOFTWARE%\tightvnc\tightvnc-1.3.10-setup.exe /sp- /verysilent" />
 <install cmd="%ProgramFiles%\TightVNC\WinVNC.exe -reinstall" />
 <install cmd="%ProgramFiles%\TightVNC\WinVNC.exe -servicehelper" />
 <install cmd='cmd /c netsh firewall add allowedprogram program = %ProgramFiles%\TightVNC\WinVNC.exe name = "Launch TightVNC Server"' />

 <upgrade cmd='%SOFTWARE%\tightvnc\tightvnc-1.3.10-setup.exe /sp- /verysilent' ><exit code="0" reboot="true" /></upgrade>
 <upgrade cmd="%ProgramFiles%\TightVNC\WinVNC.exe -reinstall" />
 <upgrade cmd="%ProgramFiles%\TightVNC\WinVNC.exe -servicehelper" />
 <upgrade cmd='cmd /c netsh firewall add allowedprogram program = %ProgramFiles%\TightVNC\WinVNC.exe name = "Launch TightVNC Server"' />

 <remove cmd='"%ProgramFiles%\TightVNC\WinVNC.exe" -remove' />
 <remove cmd='"%ProgramFiles%\TightVNC\unins000.exe" /silent' />
</package>
 
<package id="tightvnc-settings" name="TightVNC server settings" revision="3" priority="5" reboot="false" execute="once">
 <depends package-id="tightvnc"/>
 <install cmd='cmd /c "%SOFTWARE%\tightvnc\tightvnc.bat"' />
 <upgrade cmd='cmd /c "%SOFTWARE%\tightvnc\tightvnc.bat"' />
 <remove cmd='echo "nothing"' />
</package>

tightvnc.bat

tightvnc.bat is a simple batch script to setup TightVNC server and restart it:

:: start, restart or apply settings to tightvnc
::
net stop "VNC Server"
regedit /s %SOFTWARE%\tightvnc\tightvnc.reg
net start "VNC Server"

:: For some unknown reason the servicehelper does not restart.
::
%ProgramFiles%\TightVNC\WinVNC.exe -servicehelper
:: we ignore errors...
::
exit 0

tightvnc.reg

tightvnc.reg contains the VNC server setup, most notably the access password:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL]

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3]
"MSLogonRequired"=dword:00000001
"NewMSLogon"=dword:00000001
"ACL"=hex:02,00,08,00,00,00,00,00
"ConnectPriority"=dword:00000002
"LoopbackOnly"=dword:00000000
"EnableHTTPDaemon"=dword:00000001
"EnableURLParams"=dword:00000000
"AllowLoopback"=dword:00000000
"AuthRequired"=dword:00000001
"DebugMode"=dword:00000000
"DebugLevel"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default]
"SocketConnect"=dword:00000001
"AutoPortSelect"=dword:00000001
"InputsEnabled"=dword:00000001
"LocalInputsDisabled"=dword:00000000
"IdleTimeout"=dword:00000000
"LocalInputsPriorityTime"=dword:00000003
"QuerySetting"=dword:00000002
"QueryTimeout"=dword:0000001e
"QueryAccept"=dword:00000000
"QueryAllowNoPass"=dword:00000000
"LockSetting"=dword:00000000
"RemoveWallpaper"=dword:00000001
"BlankScreen"=dword:00000000
"EnableFileTransfers"=dword:00000001
"PollUnderCursor"=dword:00000000
"PollForeground"=dword:00000001
"PollFullScreen"=dword:00000000
"OnlyPollConsole"=dword:00000001
"OnlyPollOnEvent"=dword:00000000
"PollingCycle"=dword:0000012c
"DontSetHooks"=dword:00000000
"DontUseDriver"=dword:00000000
"DriverDirectAccess"=dword:00000001
"LocalInputsPriority"=dword:00000000
"Password"=hex:e6,ee,26,ee,00,e2,e6,5b
"PasswordViewOnly"=hex:38,9a,aa,ee,ef,63,ef,e5

NOTE that passwords are encrypted, but this is not considered secure as someone can easily have access to the registry patch and decrypt the password.

External Links